Dobry den,
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01
Ran by AurumPC (administrator) on AURUM (18-04-2017 15:10:36)
Running from C:\Users\AurumPC\Desktop
Loaded Profiles: AurumPC & (Available Profiles: AurumPC)
Platform: Windows 8.1 Pro with Media Center (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
() C:\Windows\System32\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Innkeeper) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Innkeeper.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Gaijin Entertainment) C:\Users\AurumPC\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GitHub, Inc.) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(GitHub, Inc.) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(GitHub, Inc.) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(GitHub, Inc.) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer, Inc.) C:\Users\AurumPC\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5494\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8657\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8657\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8657\Battle.net Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2015-05-02] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2014-09-22] (ESET)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ASUS GX1000] => C:\Program Files (x86)\ASUS\ASUS ROG Gaming Mouse GX1000\Hid.exe [1854976 2012-10-25] (ASUS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-05-24] (Razer Inc.)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044816 2017-03-16] (Electronic Arts)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3334528 2015-11-11] (Echobit LLC)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Spotify] => C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe [7072880 2017-04-03] (Spotify Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [MyComGames] => C:\Users\AurumPC\AppData\Local\MyComGames\MyComGames.exe [4825968 2016-03-03] (MY.COM B.V.)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Spotify Web Helper] => C:\Users\AurumPC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-03] (Spotify Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [World of Tanks] => "D:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Innkeeper] => C:\Users\AurumPC\AppData\Local\Innkeeper\Update.exe --processStart Innkeeper.exe --process-start-args="-startup"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [World of Tanks (1)] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Gaijin.Net Agent] => C:\Users\AurumPC\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2012616 2017-04-08] (Gaijin Entertainment)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {01687777-3643-11e6-82ae-10bf4888f552} - "H:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {39adda07-450e-11e5-8275-10bf4888f552} - "G:\LaunchU3.exe" -a
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {5327a58a-aa30-11e5-828d-10bf4888f552} - "I:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {b9b45338-bb91-11e5-828f-10bf4888f552} - "J:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {d0e75dcf-86eb-11e5-8280-10bf4888f552} - "H:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {ec6642f8-f25e-11e4-8261-10bf4888f552} - "G:\SETUP.EXE"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044816 2017-03-16] (Electronic Arts)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3334528 2015-11-11] (Echobit LLC)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe [7072880 2017-04-03] (Spotify Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyComGames] => C:\Users\AurumPC\AppData\Local\MyComGames\MyComGames.exe [4825968 2016-03-03] (MY.COM B.V.)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\AurumPC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-03] (Spotify Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [World of Tanks] => "D:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Innkeeper] => C:\Users\AurumPC\AppData\Local\Innkeeper\Update.exe --processStart Innkeeper.exe --process-start-args="-startup"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [World of Tanks (1)] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Gaijin.Net Agent] => C:\Users\AurumPC\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2012616 2017-04-08] (Gaijin Entertainment)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {01687777-3643-11e6-82ae-10bf4888f552} - "H:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {39adda07-450e-11e5-8275-10bf4888f552} - "G:\LaunchU3.exe" -a
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5327a58a-aa30-11e5-828d-10bf4888f552} - "I:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b9b45338-bb91-11e5-828f-10bf4888f552} - "J:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d0e75dcf-86eb-11e5-8280-10bf4888f552} - "H:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ec6642f8-f25e-11e4-8261-10bf4888f552} - "G:\SETUP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk [2016-02-06]
ShortcutTarget: GamePark klient 2.lnk -> C:\Program Files\GamePark2\gpcl.exe (Allstar Group, s.r.o.)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 146.185.131.14 mf.svc.nhl.com
Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{0BDB15C5-C018-4A2F-874E-4FF49074B1CA}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{46C44E1A-A238-4263-88B2-FA1A3C363169}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{5F5A749D-7C2C-4DA3-B435-25F5391E38CF}: [DhcpNameServer] 62.129.50.20 85.135.32.100
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FireFox:
========
FF DefaultProfile: 4a2qt0lf.default
FF ProfilePath: C:\Users\AurumPC\AppData\Roaming\Mozilla\Firefox\Profiles\4a2qt0lf.default [2017-04-17]
FF Extension: (Cookies Export/import) - C:\Users\AurumPC\AppData\Roaming\Mozilla\Firefox\Profiles\4a2qt0lf.default\Extensions\CookiesIE@yahoo.com.xpi [2016-03-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2473894330-3763936804-1510646441-1001: @my.com/Games -> C:\Users\AurumPC\AppData\Local\MyComGames\NPMyComDetector.dll [2016-01-26] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @my.com/Games -> C:\Users\AurumPC\AppData\Local\MyComGames\NPMyComDetector.dll [2016-01-26] (MY.COM B.V.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default [2017-04-18]
CHR Extension: (Prezentace Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02]
CHR Extension: (BetterTTV) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-03-23]
CHR Extension: (Dokumenty Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02]
CHR Extension: (Disk Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tabulky Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-03-17] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-11-28] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1350112 2014-09-16] (ESET)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-08-01] (Echobit LLC)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-03-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-03-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-16] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-16] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-10-23] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-10-20] ()
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69784 2016-05-18] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-07] (Disc Soft Ltd)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [469264 2015-05-02] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET)
R3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2015-08-01] (Echobit, LLC)
S3 GX1000MS; C:\Windows\system32\drivers\GX1000MS.sys [25600 2012-06-27] ( )
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2017-04-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-03-17] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [47672 2017-03-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-03-17] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [59448 2017-03-17] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51224 2016-04-07] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [42760 2016-02-23] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-18 15:10 - 2017-04-18 15:10 - 02424832 _____ (Farbar) C:\Users\AurumPC\Desktop\FRST64.exe
2017-04-18 15:10 - 2017-04-18 15:10 - 00023964 _____ C:\Users\AurumPC\Desktop\FRST.txt
2017-04-18 15:10 - 2017-04-18 15:10 - 00000000 ____D C:\FRST
2017-04-17 10:44 - 2017-04-17 10:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-17 10:44 - 2017-04-17 10:44 - 00001128 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-04-17 10:44 - 2017-04-17 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-04-17 10:44 - 2017-04-17 10:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-04-17 10:44 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-17 10:44 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-04-17 10:44 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2017-04-17 10:40 - 2017-04-17 10:43 - 00003232 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
2017-04-17 10:39 - 2017-04-17 10:43 - 00000000 ____D C:\Program Files\GridinSoft Anti-Malware
2017-04-17 10:39 - 2017-04-17 10:39 - 00000000 ____D C:\ProgramData\GridinSoft
2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\rsit
2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\Program Files\trend micro
2017-04-12 16:32 - 2017-03-21 15:11 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-04-12 16:32 - 2017-03-21 15:11 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-04-12 16:32 - 2017-03-21 15:11 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-04-12 16:32 - 2017-03-21 15:11 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-04-12 16:31 - 2017-03-25 21:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 16:31 - 2017-03-25 21:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 16:31 - 2017-03-25 21:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 16:31 - 2017-03-25 20:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 16:31 - 2017-03-25 20:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 16:31 - 2017-03-25 20:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 16:31 - 2017-03-25 20:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 16:31 - 2017-03-25 20:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 16:31 - 2017-03-25 20:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 16:31 - 2017-03-25 20:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 16:31 - 2017-03-25 20:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 16:31 - 2017-03-25 20:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 16:31 - 2017-03-25 20:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-04-12 16:31 - 2017-03-25 20:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 16:31 - 2017-03-25 20:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 16:31 - 2017-03-25 20:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 16:31 - 2017-03-25 19:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 16:31 - 2017-03-25 19:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 16:31 - 2017-03-25 19:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 16:31 - 2017-03-25 19:12 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-04-12 16:31 - 2017-03-25 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 16:31 - 2017-03-25 19:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 16:31 - 2017-03-25 19:00 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 16:31 - 2017-03-25 18:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 16:31 - 2017-03-25 18:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 16:31 - 2017-03-25 18:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 16:31 - 2017-03-25 18:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 16:31 - 2017-03-25 18:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 16:31 - 2017-03-25 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 16:31 - 2017-03-25 06:43 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 16:31 - 2017-03-24 20:24 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 16:31 - 2017-03-14 21:06 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 16:31 - 2017-03-14 16:26 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 16:31 - 2017-03-14 16:09 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 16:31 - 2017-03-14 16:08 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 16:31 - 2017-03-14 16:06 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 16:31 - 2017-03-13 18:13 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 16:31 - 2017-03-13 18:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 16:31 - 2017-03-13 18:08 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-04-12 16:31 - 2017-03-13 18:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 16:31 - 2017-03-13 17:59 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 16:31 - 2017-03-13 17:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 16:31 - 2017-03-13 17:56 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 16:31 - 2017-03-12 17:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-04-12 16:31 - 2017-03-11 05:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-04-12 16:31 - 2017-03-11 05:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-04-12 16:31 - 2017-03-11 05:49 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 16:31 - 2017-03-11 05:49 - 00388440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 16:31 - 2017-03-11 05:44 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 16:31 - 2017-03-11 05:41 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 16:31 - 2017-03-09 23:13 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 16:31 - 2017-03-09 23:08 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 16:31 - 2017-03-09 21:29 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 16:31 - 2017-03-08 01:25 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 16:31 - 2017-03-08 01:21 - 01212760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 16:31 - 2017-03-04 21:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 16:31 - 2017-03-04 21:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 16:31 - 2017-03-04 20:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 16:31 - 2017-03-04 18:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 16:31 - 2017-03-03 17:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 16:31 - 2017-03-03 17:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 16:31 - 2017-03-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 16:31 - 2017-03-03 17:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 16:31 - 2017-02-11 20:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-04-12 16:31 - 2017-02-11 19:00 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 16:31 - 2017-02-11 18:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-04-12 16:31 - 2017-02-11 18:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-04-12 16:31 - 2017-02-10 21:06 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 16:31 - 2017-02-10 16:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2017-04-12 16:31 - 2017-02-04 19:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 16:31 - 2017-02-04 19:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 16:31 - 2017-02-04 19:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 16:31 - 2017-02-01 21:44 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 16:31 - 2017-02-01 21:42 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 16:31 - 2017-01-21 21:22 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2017-04-12 16:31 - 2017-01-19 04:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-04-12 16:31 - 2017-01-18 16:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 16:31 - 2017-01-18 16:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 16:31 - 2017-01-14 22:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-04-12 16:31 - 2017-01-14 21:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-04-12 16:31 - 2017-01-14 16:37 - 00447095 _____ C:\Windows\system32\ApnDatabase.xml
2017-04-12 16:31 - 2017-01-12 18:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2017-04-12 16:31 - 2017-01-12 18:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2017-04-12 16:31 - 2017-01-12 17:03 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2017-04-12 16:31 - 2017-01-12 17:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2017-04-12 16:31 - 2017-01-12 08:12 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-04-12 16:31 - 2017-01-11 21:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-04-12 16:31 - 2017-01-11 19:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-04-12 16:31 - 2017-01-11 17:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-04-12 16:31 - 2017-01-11 00:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-04-12 16:31 - 2017-01-10 23:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-04-12 16:31 - 2017-01-10 22:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-04-12 16:31 - 2017-01-10 21:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-04-12 16:31 - 2017-01-10 21:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-04-12 16:31 - 2017-01-06 19:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-04-12 16:31 - 2017-01-06 19:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-04-12 16:31 - 2016-12-25 03:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-04-12 16:31 - 2016-12-25 03:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-04-12 16:31 - 2016-12-25 02:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-04-12 16:31 - 2016-12-25 02:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-04-12 16:31 - 2016-12-25 01:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-04-12 16:31 - 2016-12-09 10:08 - 00379736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-04-08 12:46 - 2017-04-08 12:46 - 00000000 ____D C:\Users\AurumPC\ansel
2017-04-08 12:39 - 2017-04-08 12:39 - 00000000 ____D C:\Users\AurumPC\AppData\Local\Gaijin
2017-04-08 12:39 - 2017-04-08 12:39 - 00000000 ____D C:\ProgramData\Gaijin
2017-03-20 22:36 - 2017-03-20 22:36 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-20 22:36 - 2017-03-17 02:59 - 01882168 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-03-20 22:36 - 2017-03-17 02:59 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-03-20 22:36 - 2017-03-17 02:59 - 01470520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-03-20 22:36 - 2017-03-17 02:59 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-03-20 22:36 - 2017-03-17 02:59 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-03-20 22:35 - 2017-03-20 22:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-20 22:35 - 2017-03-17 02:59 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-20 22:35 - 2017-03-17 00:56 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-20 22:35 - 2017-01-26 02:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-20 22:35 - 2017-01-26 02:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-20 22:35 - 2017-01-26 02:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-03-20 22:35 - 2017-01-26 02:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-03-20 22:33 - 2017-03-17 02:59 - 40190400 _____ C:\Windows\system32\nvcompiler.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 34952760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 28223544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 17282648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 16400616 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 14674712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 14434360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 13378096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437892.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437892.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 01053240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00895456 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00492560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00425104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00158264 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00126008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00124352 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00059448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-03-20 22:33 - 2017-03-17 02:59 - 00000669 _____ C:\Windows\system32\nv-vk64.json
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-18 15:08 - 2015-09-27 18:54 - 00000000 ____D C:\Users\AurumPC\AppData\Local\Battle.net
2017-04-18 15:08 - 2015-09-27 18:54 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-18 15:08 - 2015-05-02 10:50 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-18 15:08 - 2015-05-02 10:49 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5A020439-81B6-4D4E-ABFC-DC44CDF9CF67}
2017-04-18 15:06 - 2015-05-02 10:46 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2017-04-18 15:05 - 2016-07-28 23:26 - 00000968 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e0126111381.job
2017-04-18 15:05 - 2015-05-17 20:34 - 00000968 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-18 15:05 - 2015-05-08 19:24 - 00000000 ____D C:\Users\AurumPC\AppData\Local\Spotify
2017-04-18 15:05 - 2015-05-08 19:23 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\Spotify
2017-04-18 15:05 - 2015-05-02 11:40 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-17 21:37 - 2016-05-11 20:32 - 00000972 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-17 20:09 - 2015-05-02 10:49 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2473894330-3763936804-1510646441-1001
2017-04-17 18:55 - 2017-03-13 17:32 - 00003348 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2017-04-17 13:36 - 2016-01-16 15:30 - 00000000 ____D C:\Users\AurumPC\AppData\Local\CrashDumps
2017-04-17 13:32 - 2016-10-31 16:36 - 00002454 _____ C:\Users\AurumPC\Desktop\Hearthstone Deck Tracker.lnk
2017-04-17 13:32 - 2016-10-31 16:36 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2017-04-17 13:32 - 2016-10-31 16:36 - 00000000 ____D C:\Users\AurumPC\AppData\Local\HearthstoneDeckTracker
2017-04-17 13:32 - 2016-04-26 15:39 - 00000000 ____D C:\Users\AurumPC\AppData\Local\SquirrelTemp
2017-04-17 10:51 - 2015-08-10 22:32 - 00000000 ____D C:\AdwCleaner
2017-04-17 10:38 - 2015-05-03 20:23 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\uTorrent
2017-04-16 23:31 - 2015-05-02 12:00 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\TS3Client
2017-04-15 16:36 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-04-13 15:23 - 2014-11-21 06:54 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-13 15:23 - 2014-11-21 06:10 - 00738682 _____ C:\Windows\system32\perfh005.dat
2017-04-13 15:23 - 2014-11-21 06:10 - 00151404 _____ C:\Windows\system32\perfc005.dat
2017-04-13 15:23 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-04-13 15:17 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-13 15:17 - 2013-08-22 16:44 - 00390176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 21:51 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-04-12 21:51 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-12 21:51 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-12 21:51 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-12 16:35 - 2015-05-02 11:36 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 16:33 - 2015-05-02 11:36 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 16:33 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-04-12 16:31 - 2016-07-28 23:26 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1e916c4dabb51
2017-04-12 16:31 - 2016-05-11 20:32 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1abb36884dd2e
2017-04-12 16:31 - 2015-05-17 11:56 - 00004424 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-12 16:31 - 2015-05-17 11:56 - 00004372 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-12 16:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-12 16:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-08 12:46 - 2015-07-12 12:28 - 00000000 ____D C:\Users\AurumPC\Documents\My Games
2017-04-08 12:46 - 2015-05-02 10:46 - 00000000 ____D C:\Users\AurumPC
2017-04-06 16:09 - 2015-05-02 11:26 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 16:09 - 2015-05-02 11:26 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-06 15:58 - 2016-11-08 16:18 - 00002210 _____ C:\Users\AurumPC\Desktop\Innkeeper.lnk
2017-04-06 15:58 - 2016-11-08 16:18 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Innkeeper
2017-04-06 15:58 - 2016-11-08 16:18 - 00000000 ____D C:\Users\AurumPC\AppData\Local\Innkeeper
2017-04-04 19:20 - 2015-09-27 18:56 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-04-01 03:12 - 2016-07-13 17:53 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-01 03:12 - 2016-07-13 17:53 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-24 16:30 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-03-24 16:22 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-21 18:40 - 2015-05-02 11:09 - 00000000 ____D C:\Users\AurumPC\AppData\Local\NVIDIA Corporation
2017-03-20 22:36 - 2016-03-29 11:36 - 00000000 ____D C:\Temp
2017-03-20 22:36 - 2015-05-02 10:59 - 00000000 ____D C:\Users\AurumPC\AppData\Local\NVIDIA
2017-03-20 22:36 - 2015-05-02 10:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-20 22:36 - 2015-05-02 10:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-20 22:36 - 2015-05-02 10:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
==================== Files in the root of some directories =======
2016-04-24 19:14 - 2016-04-25 20:52 - 0005571 _____ () C:\Users\AurumPC\AppData\Local\games.txt
2016-03-07 01:07 - 2016-03-07 01:07 - 0007607 _____ () C:\Users\AurumPC\AppData\Local\Resmon.ResmonCfg
2016-04-24 19:14 - 2016-04-25 20:18 - 0000039 _____ () C:\Users\AurumPC\AppData\Local\test.txt
2016-04-24 19:14 - 2016-04-25 20:18 - 0000008 _____ () C:\Users\AurumPC\AppData\Local\version.txt
Some files in TEMP:
====================
2016-10-10 18:38 - 2016-01-26 17:06 - 0344064 _____ (Electronic Arts Inc.) C:\Users\AurumPC\AppData\Local\Temp\eauninstall.exe
2016-02-20 15:46 - 2016-02-09 07:27 - 0720928 _____ (NVIDIA Corporation) C:\Users\AurumPC\AppData\Local\Temp\nvSCPAPI.dll
2016-02-20 15:46 - 2016-08-25 22:50 - 0860776 _____ (NVIDIA Corporation) C:\Users\AurumPC\AppData\Local\Temp\nvSCPAPI64.dll
2016-09-01 17:18 - 2016-08-25 22:49 - 0345024 _____ (NVIDIA Corporation) C:\Users\AurumPC\AppData\Local\Temp\nvStInst.exe
2011-11-03 16:13 - 2011-11-03 16:13 - 1786688 _____ () C:\Users\AurumPC\AppData\Local\Temp\sonarinst.exe
2016-10-10 18:38 - 2016-01-26 16:56 - 0073728 _____ (Electronic Arts Inc.) C:\Users\AurumPC\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
2016-10-10 18:38 - 2016-05-02 18:01 - 0305335 _____ () C:\Users\AurumPC\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-17 20:09
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Automaticky se zapne chrome s ruskou strankou
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Automaticky se zapne chrome s ruskou strankou
- Přílohy
-
- Addition.rar
- (15.75 KiB) Staženo 78 x
Re: Automaticky se zapne chrome s ruskou strankou
Krasny den Vam preju 
V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan (Skenovani), pote na Clean (Cisteni)
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Automaticky se zapne chrome s ruskou strankou
AdwCleaner nic nenasel ale i tak sem dal clean.
# AdwCleaner v6.045 - Logfile created 18/04/2017 at 21:04:33
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-18.1 [Server]
# Operating System : Windows 8.1 Pro with Media Center (X64)
# Username : AurumPC - AURUM
# Running from : C:\Users\AurumPC\Desktop\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1646 Bytes] - [27/06/2016 15:45:45]
C:\AdwCleaner\AdwCleaner[C2].txt - [1117 Bytes] - [25/11/2015 22:26:13]
C:\AdwCleaner\AdwCleaner[C3].txt - [1634 Bytes] - [29/11/2016 20:22:16]
C:\AdwCleaner\AdwCleaner[C4].txt - [988 Bytes] - [18/04/2017 21:04:33]
C:\AdwCleaner\AdwCleaner[R0].txt - [760 Bytes] - [10/08/2015 22:33:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [821 Bytes] - [10/08/2015 22:33:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [2512 Bytes] - [22/02/2016 16:39:56]
C:\AdwCleaner\AdwCleaner[S2].txt - [1000 Bytes] - [25/11/2015 22:25:21]
C:\AdwCleaner\AdwCleaner[S3].txt - [1585 Bytes] - [17/08/2016 18:24:27]
C:\AdwCleaner\AdwCleaner[S4].txt - [1691 Bytes] - [29/11/2016 20:20:50]
C:\AdwCleaner\AdwCleaner[S5].txt - [1799 Bytes] - [15/04/2017 16:22:45]
C:\AdwCleaner\AdwCleaner[S6].txt - [1876 Bytes] - [17/04/2017 10:51:08]
C:\AdwCleaner\AdwCleaner[S7].txt - [1962 Bytes] - [18/04/2017 21:04:27]
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1715 Bytes] ##########
# AdwCleaner v6.045 - Logfile created 18/04/2017 at 21:04:33
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-18.1 [Server]
# Operating System : Windows 8.1 Pro with Media Center (X64)
# Username : AurumPC - AURUM
# Running from : C:\Users\AurumPC\Desktop\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1646 Bytes] - [27/06/2016 15:45:45]
C:\AdwCleaner\AdwCleaner[C2].txt - [1117 Bytes] - [25/11/2015 22:26:13]
C:\AdwCleaner\AdwCleaner[C3].txt - [1634 Bytes] - [29/11/2016 20:22:16]
C:\AdwCleaner\AdwCleaner[C4].txt - [988 Bytes] - [18/04/2017 21:04:33]
C:\AdwCleaner\AdwCleaner[R0].txt - [760 Bytes] - [10/08/2015 22:33:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [821 Bytes] - [10/08/2015 22:33:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [2512 Bytes] - [22/02/2016 16:39:56]
C:\AdwCleaner\AdwCleaner[S2].txt - [1000 Bytes] - [25/11/2015 22:25:21]
C:\AdwCleaner\AdwCleaner[S3].txt - [1585 Bytes] - [17/08/2016 18:24:27]
C:\AdwCleaner\AdwCleaner[S4].txt - [1691 Bytes] - [29/11/2016 20:20:50]
C:\AdwCleaner\AdwCleaner[S5].txt - [1799 Bytes] - [15/04/2017 16:22:45]
C:\AdwCleaner\AdwCleaner[S6].txt - [1876 Bytes] - [17/04/2017 10:51:08]
C:\AdwCleaner\AdwCleaner[S7].txt - [1962 Bytes] - [18/04/2017 21:04:27]
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1715 Bytes] ##########
Re: Automaticky se zapne chrome s ruskou strankou
Pouzivate starou verzi ESETu - aktualni je produktova rada 10. Velice doporucuji jeho aktualizaci.- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
Kód: Vybrat vše
Start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] File: C:\Users\AurumPC\AppData\Local\Innkeeper\Update.exe HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {01687777-3643-11e6-82ae-10bf4888f552} - "H:\OnePlus_setup.exe" /s HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {39adda07-450e-11e5-8275-10bf4888f552} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {5327a58a-aa30-11e5-828d-10bf4888f552} - "I:\setup.exe" HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {b9b45338-bb91-11e5-828f-10bf4888f552} - "J:\setup.exe" HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {d0e75dcf-86eb-11e5-8280-10bf4888f552} - "H:\setup.exe" HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {ec6642f8-f25e-11e4-8261-10bf4888f552} - "G:\SETUP.EXE" HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {01687777-3643-11e6-82ae-10bf4888f552} - "H:\OnePlus_setup.exe" /s HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {39adda07-450e-11e5-8275-10bf4888f552} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5327a58a-aa30-11e5-828d-10bf4888f552} - "I:\setup.exe" HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b9b45338-bb91-11e5-828f-10bf4888f552} - "J:\setup.exe" HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d0e75dcf-86eb-11e5-8280-10bf4888f552} - "H:\setup.exe" HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ec6642f8-f25e-11e4-8261-10bf4888f552} - "G:\SETUP.EXE" GroupPolicy: Restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\rsit 2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\Program Files\trend micro Task: {073FD440-F9A8-4015-BFF8-F7AEE78DD9D4} - System32\Tasks\{6973C801-646B-45D4-8754-5DCA9729E296} => pcalua.exe -a H:\OnePlus_setup.exe -d H:\ -c /s Task: {14F67B75-025B-4C7E-970F-D270586D70CE} - System32\Tasks\AurumPC => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v AurumPC /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== ATTENTION Task: {D8543457-74F4-4DBB-8404-713EA02395B9} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-05-02] () C:\Windows\AutoKMS Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090d0288befdb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfe4e1e35f22.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2a25feb20a8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f2b5ab3ea1a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ea96aceabb1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e0126111381.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe CMD: ipconfig /flushdns CMD: REG delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v AurumPC /f Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Automaticky se zapne chrome s ruskou strankou
FRST pracoval asi hodinu a pul a furt se neukoncil, tak sem to musel vypnout sam. Log je ale problem porad zustal.
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by AurumPC (19-04-2017 15:28:02) Run:1
Running from C:\Users\AurumPC\Desktop
Loaded Profiles: AurumPC (Available Profiles: AurumPC)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
File: C:\Users\AurumPC\AppData\Local\Innkeeper\Update.exe
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {01687777-3643-11e6-82ae-10bf4888f552} - "H:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {39adda07-450e-11e5-8275-10bf4888f552} - "G:\LaunchU3.exe" -a
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {5327a58a-aa30-11e5-828d-10bf4888f552} - "I:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {b9b45338-bb91-11e5-828f-10bf4888f552} - "J:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {d0e75dcf-86eb-11e5-8280-10bf4888f552} - "H:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {ec6642f8-f25e-11e4-8261-10bf4888f552} - "G:\SETUP.EXE"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {01687777-3643-11e6-82ae-10bf4888f552} - "H:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {39adda07-450e-11e5-8275-10bf4888f552} - "G:\LaunchU3.exe" -a
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5327a58a-aa30-11e5-828d-10bf4888f552} - "I:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b9b45338-bb91-11e5-828f-10bf4888f552} - "J:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d0e75dcf-86eb-11e5-8280-10bf4888f552} - "H:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ec6642f8-f25e-11e4-8261-10bf4888f552} - "G:\SETUP.EXE"
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\rsit
2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\Program Files\trend micro
Task: {073FD440-F9A8-4015-BFF8-F7AEE78DD9D4} - System32\Tasks\{6973C801-646B-45D4-8754-5DCA9729E296} => pcalua.exe -a H:\OnePlus_setup.exe -d H:\ -c /s
Task: {14F67B75-025B-4C7E-970F-D270586D70CE} - System32\Tasks\AurumPC => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v AurumPC /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== ATTENTION
Task: {D8543457-74F4-4DBB-8404-713EA02395B9} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-05-02] ()
C:\Windows\AutoKMS
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090d0288befdb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfe4e1e35f22.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2a25feb20a8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f2b5ab3ea1a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ea96aceabb1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e0126111381.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
CMD: ipconfig /flushdns
CMD: REG delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v AurumPC /f
Hosts:
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
========================= File: C:\Users\AurumPC\AppData\Local\Innkeeper\Update.exe ========================
File is digitally signed
MD5: B5C4ACBDE04508B5FB5E3B04CEC04334
Creation and modification date: 2016-11-08 16:18 - 2016-07-12 14:20
Size: 1888136
Attributes: ----A
Company Name: Innkeeper
Internal Name: Update.exe
Original Name: Update.exe
Product: Innkeeper Update
Description: Update.exe
File Version: 1.0.4.0
Product Version: 1.0.4.0
Copyright: Copyright (c) 2009
====== End of File: ======
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AurumPC => value removed successfully
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01687777-3643-11e6-82ae-10bf4888f552} => key removed successfully
HKCR\CLSID\{01687777-3643-11e6-82ae-10bf4888f552} => key not found.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39adda07-450e-11e5-8275-10bf4888f552} => key removed successfully
HKCR\CLSID\{39adda07-450e-11e5-8275-10bf4888f552} => key not found.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5327a58a-aa30-11e5-828d-10bf4888f552} => key removed successfully
HKCR\CLSID\{5327a58a-aa30-11e5-828d-10bf4888f552} => key not found.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9b45338-bb91-11e5-828f-10bf4888f552} => key removed successfully
HKCR\CLSID\{b9b45338-bb91-11e5-828f-10bf4888f552} => key not found.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e75dcf-86eb-11e5-8280-10bf4888f552} => key removed successfully
HKCR\CLSID\{d0e75dcf-86eb-11e5-8280-10bf4888f552} => key not found.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec6642f8-f25e-11e4-8261-10bf4888f552} => key removed successfully
HKCR\CLSID\{ec6642f8-f25e-11e4-8261-10bf4888f552} => key not found.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {01687777-3643-11e6-82ae-10bf4888f552} - "H:\OnePlus_setup.exe" /s => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {39adda07-450e-11e5-8275-10bf4888f552} - "G:\LaunchU3.exe" -a => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5327a58a-aa30-11e5-828d-10bf4888f552} - "I:\setup.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b9b45338-bb91-11e5-828f-10bf4888f552} - "J:\setup.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d0e75dcf-86eb-11e5-8280-10bf4888f552} - "H:\setup.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ec6642f8-f25e-11e4-8261-10bf4888f552} - "G:\SETUP.EXE" => Error: No automatic fix found for this entry.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by AurumPC (19-04-2017 15:28:02) Run:1
Running from C:\Users\AurumPC\Desktop
Loaded Profiles: AurumPC (Available Profiles: AurumPC)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
File: C:\Users\AurumPC\AppData\Local\Innkeeper\Update.exe
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {01687777-3643-11e6-82ae-10bf4888f552} - "H:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {39adda07-450e-11e5-8275-10bf4888f552} - "G:\LaunchU3.exe" -a
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {5327a58a-aa30-11e5-828d-10bf4888f552} - "I:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {b9b45338-bb91-11e5-828f-10bf4888f552} - "J:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {d0e75dcf-86eb-11e5-8280-10bf4888f552} - "H:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\MountPoints2: {ec6642f8-f25e-11e4-8261-10bf4888f552} - "G:\SETUP.EXE"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {01687777-3643-11e6-82ae-10bf4888f552} - "H:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {39adda07-450e-11e5-8275-10bf4888f552} - "G:\LaunchU3.exe" -a
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5327a58a-aa30-11e5-828d-10bf4888f552} - "I:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b9b45338-bb91-11e5-828f-10bf4888f552} - "J:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d0e75dcf-86eb-11e5-8280-10bf4888f552} - "H:\setup.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ec6642f8-f25e-11e4-8261-10bf4888f552} - "G:\SETUP.EXE"
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\rsit
2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\Program Files\trend micro
Task: {073FD440-F9A8-4015-BFF8-F7AEE78DD9D4} - System32\Tasks\{6973C801-646B-45D4-8754-5DCA9729E296} => pcalua.exe -a H:\OnePlus_setup.exe -d H:\ -c /s
Task: {14F67B75-025B-4C7E-970F-D270586D70CE} - System32\Tasks\AurumPC => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v AurumPC /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== ATTENTION
Task: {D8543457-74F4-4DBB-8404-713EA02395B9} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-05-02] ()
C:\Windows\AutoKMS
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090d0288befdb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfe4e1e35f22.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2a25feb20a8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f2b5ab3ea1a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ea96aceabb1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e0126111381.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
CMD: ipconfig /flushdns
CMD: REG delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v AurumPC /f
Hosts:
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
========================= File: C:\Users\AurumPC\AppData\Local\Innkeeper\Update.exe ========================
File is digitally signed
MD5: B5C4ACBDE04508B5FB5E3B04CEC04334
Creation and modification date: 2016-11-08 16:18 - 2016-07-12 14:20
Size: 1888136
Attributes: ----A
Company Name: Innkeeper
Internal Name: Update.exe
Original Name: Update.exe
Product: Innkeeper Update
Description: Update.exe
File Version: 1.0.4.0
Product Version: 1.0.4.0
Copyright: Copyright (c) 2009
====== End of File: ======
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AurumPC => value removed successfully
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01687777-3643-11e6-82ae-10bf4888f552} => key removed successfully
HKCR\CLSID\{01687777-3643-11e6-82ae-10bf4888f552} => key not found.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39adda07-450e-11e5-8275-10bf4888f552} => key removed successfully
HKCR\CLSID\{39adda07-450e-11e5-8275-10bf4888f552} => key not found.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5327a58a-aa30-11e5-828d-10bf4888f552} => key removed successfully
HKCR\CLSID\{5327a58a-aa30-11e5-828d-10bf4888f552} => key not found.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9b45338-bb91-11e5-828f-10bf4888f552} => key removed successfully
HKCR\CLSID\{b9b45338-bb91-11e5-828f-10bf4888f552} => key not found.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e75dcf-86eb-11e5-8280-10bf4888f552} => key removed successfully
HKCR\CLSID\{d0e75dcf-86eb-11e5-8280-10bf4888f552} => key not found.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec6642f8-f25e-11e4-8261-10bf4888f552} => key removed successfully
HKCR\CLSID\{ec6642f8-f25e-11e4-8261-10bf4888f552} => key not found.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {01687777-3643-11e6-82ae-10bf4888f552} - "H:\OnePlus_setup.exe" /s => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {39adda07-450e-11e5-8275-10bf4888f552} - "G:\LaunchU3.exe" -a => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5327a58a-aa30-11e5-828d-10bf4888f552} - "I:\setup.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b9b45338-bb91-11e5-828f-10bf4888f552} - "J:\setup.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d0e75dcf-86eb-11e5-8280-10bf4888f552} - "H:\setup.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ec6642f8-f25e-11e4-8261-10bf4888f552} - "G:\SETUP.EXE" => Error: No automatic fix found for this entry.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Re: Automaticky se zapne chrome s ruskou strankou
Operace s fixlistem jsou obvykle v radu nejvyse nekolika minut. Stejny postup tentokrat s timto fixlistem:
Kód: Vybrat vše
Start
2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\rsit
2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\Program Files\trend micro
Task: {073FD440-F9A8-4015-BFF8-F7AEE78DD9D4} - System32\Tasks\{6973C801-646B-45D4-8754-5DCA9729E296} => pcalua.exe -a H:\OnePlus_setup.exe -d H:\ -c /s
Task: {14F67B75-025B-4C7E-970F-D270586D70CE} - System32\Tasks\AurumPC => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v AurumPC /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== ATTENTION
Task: {D8543457-74F4-4DBB-8404-713EA02395B9} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-05-02] ()
C:\Windows\AutoKMS
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090d0288befdb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfe4e1e35f22.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2a25feb20a8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f2b5ab3ea1a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ea96aceabb1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e0126111381.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
EndPokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Automaticky se zapne chrome s ruskou strankou
Ted uz se to dokoncilo, ale nepomohlo. Asi to preinstaluju cele a bude klid.
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by AurumPC (19-04-2017 17:26:33) Run:2
Running from C:\Users\AurumPC\Desktop
Loaded Profiles: AurumPC (Available Profiles: AurumPC)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\rsit
2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\Program Files\trend micro
Task: {073FD440-F9A8-4015-BFF8-F7AEE78DD9D4} - System32\Tasks\{6973C801-646B-45D4-8754-5DCA9729E296} => pcalua.exe -a H:\OnePlus_setup.exe -d H:\ -c /s
Task: {14F67B75-025B-4C7E-970F-D270586D70CE} - System32\Tasks\AurumPC => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v AurumPC /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== ATTENTION
Task: {D8543457-74F4-4DBB-8404-713EA02395B9} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-05-02] ()
C:\Windows\AutoKMS
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090d0288befdb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfe4e1e35f22.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2a25feb20a8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f2b5ab3ea1a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ea96aceabb1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e0126111381.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{073FD440-F9A8-4015-BFF8-F7AEE78DD9D4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{073FD440-F9A8-4015-BFF8-F7AEE78DD9D4} => key removed successfully
C:\Windows\System32\Tasks\{6973C801-646B-45D4-8754-5DCA9729E296} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6973C801-646B-45D4-8754-5DCA9729E296} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{14F67B75-025B-4C7E-970F-D270586D70CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14F67B75-025B-4C7E-970F-D270586D70CE} => key removed successfully
C:\Windows\System32\Tasks\AurumPC => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AurumPC => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D8543457-74F4-4DBB-8404-713EA02395B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8543457-74F4-4DBB-8404-713EA02395B9} => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
C:\Windows\AutoKMS => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090d0288befdb.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfe4e1e35f22.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2a25feb20a8.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f2b5ab3ea1a0.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ea96aceabb1.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e0126111381.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 51015760 B
Java, Flash, Steam htmlcache => 502713917 B
Windows/system/drivers => 46948148 B
Edge => 0 B
Chrome => 751553329 B
Firefox => 9587945 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 54216 B
NetworkService => 1818624 B
AurumPC => 398536531 B
RecycleBin => 84209 B
EmptyTemp: => 1.7 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:26:38 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by AurumPC (19-04-2017 17:26:33) Run:2
Running from C:\Users\AurumPC\Desktop
Loaded Profiles: AurumPC (Available Profiles: AurumPC)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\rsit
2017-04-17 10:06 - 2017-04-17 10:06 - 00000000 ____D C:\Program Files\trend micro
Task: {073FD440-F9A8-4015-BFF8-F7AEE78DD9D4} - System32\Tasks\{6973C801-646B-45D4-8754-5DCA9729E296} => pcalua.exe -a H:\OnePlus_setup.exe -d H:\ -c /s
Task: {14F67B75-025B-4C7E-970F-D270586D70CE} - System32\Tasks\AurumPC => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v AurumPC /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== ATTENTION
Task: {D8543457-74F4-4DBB-8404-713EA02395B9} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-05-02] ()
C:\Windows\AutoKMS
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090d0288befdb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfe4e1e35f22.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2a25feb20a8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f2b5ab3ea1a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ea96aceabb1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e0126111381.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{073FD440-F9A8-4015-BFF8-F7AEE78DD9D4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{073FD440-F9A8-4015-BFF8-F7AEE78DD9D4} => key removed successfully
C:\Windows\System32\Tasks\{6973C801-646B-45D4-8754-5DCA9729E296} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6973C801-646B-45D4-8754-5DCA9729E296} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{14F67B75-025B-4C7E-970F-D270586D70CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14F67B75-025B-4C7E-970F-D270586D70CE} => key removed successfully
C:\Windows\System32\Tasks\AurumPC => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AurumPC => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D8543457-74F4-4DBB-8404-713EA02395B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8543457-74F4-4DBB-8404-713EA02395B9} => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
C:\Windows\AutoKMS => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090d0288befdb.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfe4e1e35f22.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2a25feb20a8.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f2b5ab3ea1a0.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ea96aceabb1.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e0126111381.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 51015760 B
Java, Flash, Steam htmlcache => 502713917 B
Windows/system/drivers => 46948148 B
Edge => 0 B
Chrome => 751553329 B
Firefox => 9587945 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 54216 B
NetworkService => 1818624 B
AurumPC => 398536531 B
RecycleBin => 84209 B
EmptyTemp: => 1.7 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:26:38 ====
Re: Automaticky se zapne chrome s ruskou strankou
To je ted zbytecne. Dejte nove logy FRST.txt a Addition.txt.Aurum91 píše:Ted uz se to dokoncilo, ale nepomohlo. Asi to preinstaluju cele a bude klid.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Automaticky se zapne chrome s ruskou strankou
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01
Ran by AurumPC (administrator) on AURUM (19-04-2017 17:51:38)
Running from C:\Users\AurumPC\Desktop
Loaded Profiles: AurumPC (Available Profiles: AurumPC)
Platform: Windows 8.1 Pro with Media Center (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
() C:\Windows\System32\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe
(Innkeeper) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Innkeeper.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe
(Gaijin Entertainment) C:\Users\AurumPC\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(GitHub, Inc.) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(GitHub, Inc.) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(GitHub, Inc.) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(GitHub, Inc.) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\AurumPC\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2015-05-02] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2014-09-22] (ESET)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ASUS GX1000] => C:\Program Files (x86)\ASUS\ASUS ROG Gaming Mouse GX1000\Hid.exe [1854976 2012-10-25] (ASUS)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-05-24] (Razer Inc.)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044816 2017-03-16] (Electronic Arts)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3334528 2015-11-11] (Echobit LLC)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Spotify] => C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe [7064176 2017-04-19] (Spotify Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [MyComGames] => C:\Users\AurumPC\AppData\Local\MyComGames\MyComGames.exe [4825968 2016-03-03] (MY.COM B.V.)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Spotify Web Helper] => C:\Users\AurumPC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-19] (Spotify Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [World of Tanks] => "D:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Innkeeper] => C:\Users\AurumPC\AppData\Local\Innkeeper\Update.exe --processStart Innkeeper.exe --process-start-args="-startup"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [World of Tanks (1)] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Gaijin.Net Agent] => C:\Users\AurumPC\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2012616 2017-04-18] (Gaijin Entertainment)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk [2016-02-06]
ShortcutTarget: GamePark klient 2.lnk -> C:\Program Files\GamePark2\gpcl.exe (Allstar Group, s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{0BDB15C5-C018-4A2F-874E-4FF49074B1CA}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{46C44E1A-A238-4263-88B2-FA1A3C363169}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{5F5A749D-7C2C-4DA3-B435-25F5391E38CF}: [DhcpNameServer] 62.129.50.20 85.135.32.100
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FireFox:
========
FF DefaultProfile: 4a2qt0lf.default
FF ProfilePath: C:\Users\AurumPC\AppData\Roaming\Mozilla\Firefox\Profiles\4a2qt0lf.default [2017-04-19]
FF Extension: (Cookies Export/import) - C:\Users\AurumPC\AppData\Roaming\Mozilla\Firefox\Profiles\4a2qt0lf.default\Extensions\CookiesIE@yahoo.com.xpi [2016-03-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2473894330-3763936804-1510646441-1001: @my.com/Games -> C:\Users\AurumPC\AppData\Local\MyComGames\NPMyComDetector.dll [2016-01-26] (MY.COM B.V.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default [2017-04-19]
CHR Extension: (Prezentace Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02]
CHR Extension: (BetterTTV) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-03-23]
CHR Extension: (Dokumenty Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02]
CHR Extension: (Disk Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tabulky Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-03-17] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-11-28] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1350112 2014-09-16] (ESET)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-08-01] (Echobit LLC)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-03-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-03-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-16] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-16] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-10-23] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-10-20] ()
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69784 2016-05-18] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-07] (Disc Soft Ltd)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [469264 2015-05-02] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET)
R3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2015-08-01] (Echobit, LLC)
S3 GX1000MS; C:\Windows\system32\drivers\GX1000MS.sys [25600 2012-06-27] ( )
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2017-04-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-03-17] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [47672 2017-03-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-03-17] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [59448 2017-03-17] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51224 2016-04-07] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [42760 2016-02-23] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-18 21:03 - 2017-04-18 21:03 - 04089296 _____ C:\Users\AurumPC\Desktop\adwcleaner_6.045.exe
2017-04-18 15:10 - 2017-04-19 17:51 - 00017210 _____ C:\Users\AurumPC\Desktop\FRST.txt
2017-04-18 15:10 - 2017-04-19 17:51 - 00000000 ____D C:\FRST
2017-04-18 15:10 - 2017-04-18 15:10 - 02424832 _____ (Farbar) C:\Users\AurumPC\Desktop\FRST64.exe
2017-04-17 10:44 - 2017-04-17 10:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-17 10:44 - 2017-04-17 10:44 - 00001128 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-04-17 10:44 - 2017-04-17 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-04-17 10:44 - 2017-04-17 10:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-04-17 10:44 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-17 10:44 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-04-17 10:44 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2017-04-17 10:40 - 2017-04-17 10:43 - 00003232 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
2017-04-17 10:39 - 2017-04-18 21:04 - 00000000 ____D C:\Program Files\GridinSoft Anti-Malware
2017-04-17 10:39 - 2017-04-17 10:39 - 00000000 ____D C:\ProgramData\GridinSoft
2017-04-12 16:32 - 2017-03-21 15:11 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-04-12 16:32 - 2017-03-21 15:11 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-04-12 16:32 - 2017-03-21 15:11 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-04-12 16:32 - 2017-03-21 15:11 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-04-12 16:31 - 2017-03-25 21:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 16:31 - 2017-03-25 21:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 16:31 - 2017-03-25 21:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 16:31 - 2017-03-25 20:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 16:31 - 2017-03-25 20:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 16:31 - 2017-03-25 20:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 16:31 - 2017-03-25 20:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 16:31 - 2017-03-25 20:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 16:31 - 2017-03-25 20:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 16:31 - 2017-03-25 20:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 16:31 - 2017-03-25 20:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 16:31 - 2017-03-25 20:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 16:31 - 2017-03-25 20:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-04-12 16:31 - 2017-03-25 20:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 16:31 - 2017-03-25 20:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 16:31 - 2017-03-25 20:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 16:31 - 2017-03-25 19:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 16:31 - 2017-03-25 19:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 16:31 - 2017-03-25 19:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 16:31 - 2017-03-25 19:12 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-04-12 16:31 - 2017-03-25 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 16:31 - 2017-03-25 19:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 16:31 - 2017-03-25 19:00 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 16:31 - 2017-03-25 18:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 16:31 - 2017-03-25 18:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 16:31 - 2017-03-25 18:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 16:31 - 2017-03-25 18:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 16:31 - 2017-03-25 18:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 16:31 - 2017-03-25 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 16:31 - 2017-03-25 06:43 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 16:31 - 2017-03-24 20:24 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 16:31 - 2017-03-14 21:06 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 16:31 - 2017-03-14 16:26 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 16:31 - 2017-03-14 16:09 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 16:31 - 2017-03-14 16:08 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 16:31 - 2017-03-14 16:06 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 16:31 - 2017-03-13 18:13 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 16:31 - 2017-03-13 18:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 16:31 - 2017-03-13 18:08 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-04-12 16:31 - 2017-03-13 18:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 16:31 - 2017-03-13 17:59 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 16:31 - 2017-03-13 17:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 16:31 - 2017-03-13 17:56 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 16:31 - 2017-03-12 17:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-04-12 16:31 - 2017-03-11 05:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-04-12 16:31 - 2017-03-11 05:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-04-12 16:31 - 2017-03-11 05:49 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 16:31 - 2017-03-11 05:49 - 00388440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 16:31 - 2017-03-11 05:44 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 16:31 - 2017-03-11 05:41 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 16:31 - 2017-03-09 23:13 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 16:31 - 2017-03-09 23:08 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 16:31 - 2017-03-09 21:29 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 16:31 - 2017-03-08 01:25 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 16:31 - 2017-03-08 01:21 - 01212760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 16:31 - 2017-03-04 21:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 16:31 - 2017-03-04 21:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 16:31 - 2017-03-04 20:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 16:31 - 2017-03-04 18:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 16:31 - 2017-03-03 17:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 16:31 - 2017-03-03 17:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 16:31 - 2017-03-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 16:31 - 2017-03-03 17:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 16:31 - 2017-02-11 20:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-04-12 16:31 - 2017-02-11 19:00 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 16:31 - 2017-02-11 18:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-04-12 16:31 - 2017-02-11 18:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-04-12 16:31 - 2017-02-10 21:06 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 16:31 - 2017-02-10 16:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2017-04-12 16:31 - 2017-02-04 19:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 16:31 - 2017-02-04 19:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 16:31 - 2017-02-04 19:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 16:31 - 2017-02-01 21:44 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 16:31 - 2017-02-01 21:42 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 16:31 - 2017-01-21 21:22 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2017-04-12 16:31 - 2017-01-19 04:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-04-12 16:31 - 2017-01-18 16:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 16:31 - 2017-01-18 16:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 16:31 - 2017-01-14 22:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-04-12 16:31 - 2017-01-14 21:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-04-12 16:31 - 2017-01-14 16:37 - 00447095 _____ C:\Windows\system32\ApnDatabase.xml
2017-04-12 16:31 - 2017-01-12 18:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2017-04-12 16:31 - 2017-01-12 18:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2017-04-12 16:31 - 2017-01-12 17:03 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2017-04-12 16:31 - 2017-01-12 17:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2017-04-12 16:31 - 2017-01-12 08:12 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-04-12 16:31 - 2017-01-11 21:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-04-12 16:31 - 2017-01-11 19:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-04-12 16:31 - 2017-01-11 17:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-04-12 16:31 - 2017-01-11 00:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-04-12 16:31 - 2017-01-10 23:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-04-12 16:31 - 2017-01-10 22:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-04-12 16:31 - 2017-01-10 21:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-04-12 16:31 - 2017-01-10 21:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-04-12 16:31 - 2017-01-06 19:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-04-12 16:31 - 2017-01-06 19:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-04-12 16:31 - 2016-12-25 03:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-04-12 16:31 - 2016-12-25 03:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-04-12 16:31 - 2016-12-25 02:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-04-12 16:31 - 2016-12-25 02:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-04-12 16:31 - 2016-12-25 01:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-04-12 16:31 - 2016-12-09 10:08 - 00379736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-04-08 12:46 - 2017-04-08 12:46 - 00000000 ____D C:\Users\AurumPC\ansel
2017-04-08 12:39 - 2017-04-08 12:39 - 00000000 ____D C:\Users\AurumPC\AppData\Local\Gaijin
2017-04-08 12:39 - 2017-04-08 12:39 - 00000000 ____D C:\ProgramData\Gaijin
2017-03-20 22:36 - 2017-03-20 22:36 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-20 22:36 - 2017-03-17 02:59 - 01882168 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-03-20 22:36 - 2017-03-17 02:59 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-03-20 22:36 - 2017-03-17 02:59 - 01470520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-03-20 22:36 - 2017-03-17 02:59 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-03-20 22:36 - 2017-03-17 02:59 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-03-20 22:35 - 2017-03-20 22:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-20 22:35 - 2017-03-17 02:59 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-20 22:35 - 2017-03-17 00:56 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-20 22:35 - 2017-01-26 02:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-20 22:35 - 2017-01-26 02:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-20 22:35 - 2017-01-26 02:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-03-20 22:35 - 2017-01-26 02:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-03-20 22:33 - 2017-03-17 02:59 - 40190400 _____ C:\Windows\system32\nvcompiler.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 34952760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 28223544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 17282648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 16400616 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 14674712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 14434360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 13378096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437892.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437892.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 01053240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00895456 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00492560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00425104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00158264 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00126008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00124352 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00059448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-03-20 22:33 - 2017-03-17 02:59 - 00000669 _____ C:\Windows\system32\nv-vk64.json
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-19 17:43 - 2014-11-21 06:54 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-19 17:43 - 2014-11-21 06:10 - 00738682 _____ C:\Windows\system32\perfh005.dat
2017-04-19 17:43 - 2014-11-21 06:10 - 00151404 _____ C:\Windows\system32\perfc005.dat
2017-04-19 17:43 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-04-19 17:42 - 2015-05-02 11:40 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-19 17:37 - 2015-05-08 19:24 - 00000000 ____D C:\Users\AurumPC\AppData\Local\Spotify
2017-04-19 17:37 - 2015-05-08 19:23 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\Spotify
2017-04-19 17:36 - 2015-05-02 10:50 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-19 17:36 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-19 17:31 - 2016-01-16 15:30 - 00000000 ____D C:\Users\AurumPC\AppData\Local\CrashDumps
2017-04-19 17:31 - 2015-05-07 20:28 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\DAEMON Tools Lite
2017-04-19 17:31 - 2015-05-03 19:00 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\MPC-HC
2017-04-19 17:31 - 2015-05-02 14:34 - 00000000 ____D C:\Windows\Minidump
2017-04-19 17:31 - 2015-05-02 12:00 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\TS3Client
2017-04-19 17:27 - 2015-11-11 21:19 - 00000000 ____D C:\Users\AurumPC\AppData\LocalLow\Temp
2017-04-19 17:12 - 2016-03-04 19:21 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-04-19 15:28 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-19 15:28 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-04-19 15:25 - 2015-05-02 10:49 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5A020439-81B6-4D4E-ABFC-DC44CDF9CF67}
2017-04-18 21:23 - 2015-09-27 18:54 - 00000000 ____D C:\Users\AurumPC\AppData\Local\Battle.net
2017-04-18 21:23 - 2015-09-27 18:54 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-18 21:04 - 2015-08-10 22:32 - 00000000 ____D C:\AdwCleaner
2017-04-18 21:04 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-17 20:09 - 2015-05-02 10:49 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2473894330-3763936804-1510646441-1001
2017-04-17 18:55 - 2017-03-13 17:32 - 00003348 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2017-04-17 13:32 - 2016-10-31 16:36 - 00002454 _____ C:\Users\AurumPC\Desktop\Hearthstone Deck Tracker.lnk
2017-04-17 13:32 - 2016-10-31 16:36 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2017-04-17 13:32 - 2016-10-31 16:36 - 00000000 ____D C:\Users\AurumPC\AppData\Local\HearthstoneDeckTracker
2017-04-17 13:32 - 2016-04-26 15:39 - 00000000 ____D C:\Users\AurumPC\AppData\Local\SquirrelTemp
2017-04-17 10:38 - 2015-05-03 20:23 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\uTorrent
2017-04-15 16:36 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-04-13 15:17 - 2013-08-22 16:44 - 00390176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 21:51 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-04-12 21:51 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-12 21:51 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-12 16:35 - 2015-05-02 11:36 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 16:33 - 2015-05-02 11:36 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 16:33 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-04-12 16:31 - 2016-07-28 23:26 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1e916c4dabb51
2017-04-12 16:31 - 2016-05-11 20:32 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1abb36884dd2e
2017-04-12 16:31 - 2015-05-17 11:56 - 00004424 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-12 16:31 - 2015-05-17 11:56 - 00004372 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-12 16:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-12 16:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-08 12:46 - 2015-07-12 12:28 - 00000000 ____D C:\Users\AurumPC\Documents\My Games
2017-04-08 12:46 - 2015-05-02 10:46 - 00000000 ____D C:\Users\AurumPC
2017-04-06 16:09 - 2015-05-02 11:26 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 16:09 - 2015-05-02 11:26 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-06 15:58 - 2016-11-08 16:18 - 00002210 _____ C:\Users\AurumPC\Desktop\Innkeeper.lnk
2017-04-06 15:58 - 2016-11-08 16:18 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Innkeeper
2017-04-06 15:58 - 2016-11-08 16:18 - 00000000 ____D C:\Users\AurumPC\AppData\Local\Innkeeper
2017-04-04 19:20 - 2015-09-27 18:56 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-04-01 03:12 - 2016-07-13 17:53 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-01 03:12 - 2016-07-13 17:53 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-24 16:30 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-03-24 16:22 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-21 18:40 - 2015-05-02 11:09 - 00000000 ____D C:\Users\AurumPC\AppData\Local\NVIDIA Corporation
2017-03-20 22:36 - 2016-03-29 11:36 - 00000000 ____D C:\Temp
2017-03-20 22:36 - 2015-05-02 10:59 - 00000000 ____D C:\Users\AurumPC\AppData\Local\NVIDIA
2017-03-20 22:36 - 2015-05-02 10:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-20 22:36 - 2015-05-02 10:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-20 22:36 - 2015-05-02 10:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
==================== Files in the root of some directories =======
2016-04-24 19:14 - 2016-04-25 20:52 - 0005571 _____ () C:\Users\AurumPC\AppData\Local\games.txt
2016-03-07 01:07 - 2016-03-07 01:07 - 0007607 _____ () C:\Users\AurumPC\AppData\Local\Resmon.ResmonCfg
2016-04-24 19:14 - 2016-04-25 20:18 - 0000039 _____ () C:\Users\AurumPC\AppData\Local\test.txt
2016-04-24 19:14 - 2016-04-25 20:18 - 0000008 _____ () C:\Users\AurumPC\AppData\Local\version.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-17 20:09
==================== End of FRST.txt ============================
Ran by AurumPC (administrator) on AURUM (19-04-2017 17:51:38)
Running from C:\Users\AurumPC\Desktop
Loaded Profiles: AurumPC (Available Profiles: AurumPC)
Platform: Windows 8.1 Pro with Media Center (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
() C:\Windows\System32\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe
(Innkeeper) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Innkeeper.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Spotify Ltd) C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe
(Gaijin Entertainment) C:\Users\AurumPC\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(GitHub, Inc.) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(GitHub, Inc.) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(GitHub, Inc.) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(GitHub, Inc.) C:\Users\AurumPC\AppData\Local\Innkeeper\app-0.4.3\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\AurumPC\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2015-05-02] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2014-09-22] (ESET)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ASUS GX1000] => C:\Program Files (x86)\ASUS\ASUS ROG Gaming Mouse GX1000\Hid.exe [1854976 2012-10-25] (ASUS)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-05-24] (Razer Inc.)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044816 2017-03-16] (Electronic Arts)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3334528 2015-11-11] (Echobit LLC)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Spotify] => C:\Users\AurumPC\AppData\Roaming\Spotify\Spotify.exe [7064176 2017-04-19] (Spotify Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [MyComGames] => C:\Users\AurumPC\AppData\Local\MyComGames\MyComGames.exe [4825968 2016-03-03] (MY.COM B.V.)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Spotify Web Helper] => C:\Users\AurumPC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-19] (Spotify Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [World of Tanks] => "D:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Innkeeper] => C:\Users\AurumPC\AppData\Local\Innkeeper\Update.exe --processStart Innkeeper.exe --process-start-args="-startup"
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [World of Tanks (1)] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [Gaijin.Net Agent] => C:\Users\AurumPC\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2012616 2017-04-18] (Gaijin Entertainment)
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk [2016-02-06]
ShortcutTarget: GamePark klient 2.lnk -> C:\Program Files\GamePark2\gpcl.exe (Allstar Group, s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{0BDB15C5-C018-4A2F-874E-4FF49074B1CA}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{46C44E1A-A238-4263-88B2-FA1A3C363169}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{5F5A749D-7C2C-4DA3-B435-25F5391E38CF}: [DhcpNameServer] 62.129.50.20 85.135.32.100
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FireFox:
========
FF DefaultProfile: 4a2qt0lf.default
FF ProfilePath: C:\Users\AurumPC\AppData\Roaming\Mozilla\Firefox\Profiles\4a2qt0lf.default [2017-04-19]
FF Extension: (Cookies Export/import) - C:\Users\AurumPC\AppData\Roaming\Mozilla\Firefox\Profiles\4a2qt0lf.default\Extensions\CookiesIE@yahoo.com.xpi [2016-03-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2473894330-3763936804-1510646441-1001: @my.com/Games -> C:\Users\AurumPC\AppData\Local\MyComGames\NPMyComDetector.dll [2016-01-26] (MY.COM B.V.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default [2017-04-19]
CHR Extension: (Prezentace Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02]
CHR Extension: (BetterTTV) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-03-23]
CHR Extension: (Dokumenty Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02]
CHR Extension: (Disk Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tabulky Google) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\AurumPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-03-17] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-11-28] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1350112 2014-09-16] (ESET)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-08-01] (Echobit LLC)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-03-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-03-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-16] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-16] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-10-23] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-10-20] ()
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69784 2016-05-18] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-07] (Disc Soft Ltd)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [469264 2015-05-02] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET)
R3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2015-08-01] (Echobit, LLC)
S3 GX1000MS; C:\Windows\system32\drivers\GX1000MS.sys [25600 2012-06-27] ( )
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2017-04-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-03-17] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [47672 2017-03-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-03-17] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [59448 2017-03-17] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51224 2016-04-07] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [42760 2016-02-23] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-18 21:03 - 2017-04-18 21:03 - 04089296 _____ C:\Users\AurumPC\Desktop\adwcleaner_6.045.exe
2017-04-18 15:10 - 2017-04-19 17:51 - 00017210 _____ C:\Users\AurumPC\Desktop\FRST.txt
2017-04-18 15:10 - 2017-04-19 17:51 - 00000000 ____D C:\FRST
2017-04-18 15:10 - 2017-04-18 15:10 - 02424832 _____ (Farbar) C:\Users\AurumPC\Desktop\FRST64.exe
2017-04-17 10:44 - 2017-04-17 10:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-17 10:44 - 2017-04-17 10:44 - 00001128 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-04-17 10:44 - 2017-04-17 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-04-17 10:44 - 2017-04-17 10:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-04-17 10:44 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-17 10:44 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-04-17 10:44 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2017-04-17 10:40 - 2017-04-17 10:43 - 00003232 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
2017-04-17 10:39 - 2017-04-18 21:04 - 00000000 ____D C:\Program Files\GridinSoft Anti-Malware
2017-04-17 10:39 - 2017-04-17 10:39 - 00000000 ____D C:\ProgramData\GridinSoft
2017-04-12 16:32 - 2017-03-21 15:11 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-04-12 16:32 - 2017-03-21 15:11 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-04-12 16:32 - 2017-03-21 15:11 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-04-12 16:32 - 2017-03-21 15:11 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-04-12 16:31 - 2017-03-25 21:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 16:31 - 2017-03-25 21:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 16:31 - 2017-03-25 21:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 16:31 - 2017-03-25 20:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 16:31 - 2017-03-25 20:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 16:31 - 2017-03-25 20:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 16:31 - 2017-03-25 20:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 16:31 - 2017-03-25 20:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 16:31 - 2017-03-25 20:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 16:31 - 2017-03-25 20:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 16:31 - 2017-03-25 20:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 16:31 - 2017-03-25 20:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 16:31 - 2017-03-25 20:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-04-12 16:31 - 2017-03-25 20:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 16:31 - 2017-03-25 20:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 16:31 - 2017-03-25 20:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 16:31 - 2017-03-25 19:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 16:31 - 2017-03-25 19:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 16:31 - 2017-03-25 19:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 16:31 - 2017-03-25 19:12 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-04-12 16:31 - 2017-03-25 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 16:31 - 2017-03-25 19:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 16:31 - 2017-03-25 19:00 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 16:31 - 2017-03-25 18:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 16:31 - 2017-03-25 18:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 16:31 - 2017-03-25 18:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 16:31 - 2017-03-25 18:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 16:31 - 2017-03-25 18:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 16:31 - 2017-03-25 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 16:31 - 2017-03-25 06:43 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 16:31 - 2017-03-24 20:24 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 16:31 - 2017-03-14 21:06 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 16:31 - 2017-03-14 16:26 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 16:31 - 2017-03-14 16:09 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 16:31 - 2017-03-14 16:08 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 16:31 - 2017-03-14 16:06 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 16:31 - 2017-03-13 18:13 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 16:31 - 2017-03-13 18:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 16:31 - 2017-03-13 18:08 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-04-12 16:31 - 2017-03-13 18:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 16:31 - 2017-03-13 17:59 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 16:31 - 2017-03-13 17:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 16:31 - 2017-03-13 17:56 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 16:31 - 2017-03-12 17:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-04-12 16:31 - 2017-03-11 05:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-04-12 16:31 - 2017-03-11 05:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-04-12 16:31 - 2017-03-11 05:49 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 16:31 - 2017-03-11 05:49 - 00388440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 16:31 - 2017-03-11 05:44 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 16:31 - 2017-03-11 05:41 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 16:31 - 2017-03-09 23:13 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 16:31 - 2017-03-09 23:08 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 16:31 - 2017-03-09 21:29 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 16:31 - 2017-03-08 01:25 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 16:31 - 2017-03-08 01:21 - 01212760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 16:31 - 2017-03-04 21:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 16:31 - 2017-03-04 21:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 16:31 - 2017-03-04 20:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 16:31 - 2017-03-04 18:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 16:31 - 2017-03-03 17:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 16:31 - 2017-03-03 17:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 16:31 - 2017-03-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 16:31 - 2017-03-03 17:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 16:31 - 2017-02-11 20:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-04-12 16:31 - 2017-02-11 19:00 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 16:31 - 2017-02-11 18:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-04-12 16:31 - 2017-02-11 18:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-04-12 16:31 - 2017-02-10 21:06 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 16:31 - 2017-02-10 16:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2017-04-12 16:31 - 2017-02-04 19:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 16:31 - 2017-02-04 19:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 16:31 - 2017-02-04 19:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 16:31 - 2017-02-01 21:44 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 16:31 - 2017-02-01 21:42 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 16:31 - 2017-01-21 21:22 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2017-04-12 16:31 - 2017-01-19 04:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-04-12 16:31 - 2017-01-18 16:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 16:31 - 2017-01-18 16:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 16:31 - 2017-01-14 22:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-04-12 16:31 - 2017-01-14 21:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-04-12 16:31 - 2017-01-14 16:37 - 00447095 _____ C:\Windows\system32\ApnDatabase.xml
2017-04-12 16:31 - 2017-01-12 18:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2017-04-12 16:31 - 2017-01-12 18:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2017-04-12 16:31 - 2017-01-12 17:03 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2017-04-12 16:31 - 2017-01-12 17:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2017-04-12 16:31 - 2017-01-12 08:12 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-04-12 16:31 - 2017-01-11 21:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-04-12 16:31 - 2017-01-11 19:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-04-12 16:31 - 2017-01-11 17:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-04-12 16:31 - 2017-01-11 00:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-04-12 16:31 - 2017-01-10 23:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-04-12 16:31 - 2017-01-10 22:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-04-12 16:31 - 2017-01-10 21:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-04-12 16:31 - 2017-01-10 21:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-04-12 16:31 - 2017-01-06 19:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-04-12 16:31 - 2017-01-06 19:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-04-12 16:31 - 2016-12-25 03:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-04-12 16:31 - 2016-12-25 03:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-04-12 16:31 - 2016-12-25 02:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-04-12 16:31 - 2016-12-25 02:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-04-12 16:31 - 2016-12-25 01:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-04-12 16:31 - 2016-12-09 10:08 - 00379736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-04-08 12:46 - 2017-04-08 12:46 - 00000000 ____D C:\Users\AurumPC\ansel
2017-04-08 12:39 - 2017-04-08 12:39 - 00000000 ____D C:\Users\AurumPC\AppData\Local\Gaijin
2017-04-08 12:39 - 2017-04-08 12:39 - 00000000 ____D C:\ProgramData\Gaijin
2017-03-20 22:36 - 2017-03-20 22:36 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-20 22:36 - 2017-03-20 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-20 22:36 - 2017-03-17 02:59 - 01882168 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-03-20 22:36 - 2017-03-17 02:59 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-03-20 22:36 - 2017-03-17 02:59 - 01470520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-03-20 22:36 - 2017-03-17 02:59 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-03-20 22:36 - 2017-03-17 02:59 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-03-20 22:35 - 2017-03-20 22:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-20 22:35 - 2017-03-17 02:59 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-20 22:35 - 2017-03-17 00:56 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-20 22:35 - 2017-01-26 02:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-20 22:35 - 2017-01-26 02:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-20 22:35 - 2017-01-26 02:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-03-20 22:35 - 2017-01-26 02:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-03-20 22:33 - 2017-03-17 02:59 - 40190400 _____ C:\Windows\system32\nvcompiler.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 34952760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 28223544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 17282648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 16400616 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 14674712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 14434360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 13378096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437892.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437892.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 01053240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00895456 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00492560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00425104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00158264 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00126008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00124352 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00059448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-03-20 22:33 - 2017-03-17 02:59 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-03-20 22:33 - 2017-03-17 02:59 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-03-20 22:33 - 2017-03-17 02:59 - 00000669 _____ C:\Windows\system32\nv-vk64.json
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-19 17:43 - 2014-11-21 06:54 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-19 17:43 - 2014-11-21 06:10 - 00738682 _____ C:\Windows\system32\perfh005.dat
2017-04-19 17:43 - 2014-11-21 06:10 - 00151404 _____ C:\Windows\system32\perfc005.dat
2017-04-19 17:43 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-04-19 17:42 - 2015-05-02 11:40 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-19 17:37 - 2015-05-08 19:24 - 00000000 ____D C:\Users\AurumPC\AppData\Local\Spotify
2017-04-19 17:37 - 2015-05-08 19:23 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\Spotify
2017-04-19 17:36 - 2015-05-02 10:50 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-19 17:36 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-19 17:31 - 2016-01-16 15:30 - 00000000 ____D C:\Users\AurumPC\AppData\Local\CrashDumps
2017-04-19 17:31 - 2015-05-07 20:28 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\DAEMON Tools Lite
2017-04-19 17:31 - 2015-05-03 19:00 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\MPC-HC
2017-04-19 17:31 - 2015-05-02 14:34 - 00000000 ____D C:\Windows\Minidump
2017-04-19 17:31 - 2015-05-02 12:00 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\TS3Client
2017-04-19 17:27 - 2015-11-11 21:19 - 00000000 ____D C:\Users\AurumPC\AppData\LocalLow\Temp
2017-04-19 17:12 - 2016-03-04 19:21 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-04-19 15:28 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-19 15:28 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-04-19 15:25 - 2015-05-02 10:49 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5A020439-81B6-4D4E-ABFC-DC44CDF9CF67}
2017-04-18 21:23 - 2015-09-27 18:54 - 00000000 ____D C:\Users\AurumPC\AppData\Local\Battle.net
2017-04-18 21:23 - 2015-09-27 18:54 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-18 21:04 - 2015-08-10 22:32 - 00000000 ____D C:\AdwCleaner
2017-04-18 21:04 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-17 20:09 - 2015-05-02 10:49 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2473894330-3763936804-1510646441-1001
2017-04-17 18:55 - 2017-03-13 17:32 - 00003348 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2017-04-17 13:32 - 2016-10-31 16:36 - 00002454 _____ C:\Users\AurumPC\Desktop\Hearthstone Deck Tracker.lnk
2017-04-17 13:32 - 2016-10-31 16:36 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2017-04-17 13:32 - 2016-10-31 16:36 - 00000000 ____D C:\Users\AurumPC\AppData\Local\HearthstoneDeckTracker
2017-04-17 13:32 - 2016-04-26 15:39 - 00000000 ____D C:\Users\AurumPC\AppData\Local\SquirrelTemp
2017-04-17 10:38 - 2015-05-03 20:23 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\uTorrent
2017-04-15 16:36 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-04-13 15:17 - 2013-08-22 16:44 - 00390176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 21:51 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-04-12 21:51 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-12 21:51 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-12 16:35 - 2015-05-02 11:36 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 16:33 - 2015-05-02 11:36 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 16:33 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-04-12 16:31 - 2016-07-28 23:26 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1e916c4dabb51
2017-04-12 16:31 - 2016-05-11 20:32 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1abb36884dd2e
2017-04-12 16:31 - 2015-05-17 11:56 - 00004424 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-12 16:31 - 2015-05-17 11:56 - 00004372 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-12 16:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-12 16:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-08 12:46 - 2015-07-12 12:28 - 00000000 ____D C:\Users\AurumPC\Documents\My Games
2017-04-08 12:46 - 2015-05-02 10:46 - 00000000 ____D C:\Users\AurumPC
2017-04-06 16:09 - 2015-05-02 11:26 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 16:09 - 2015-05-02 11:26 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-06 15:58 - 2016-11-08 16:18 - 00002210 _____ C:\Users\AurumPC\Desktop\Innkeeper.lnk
2017-04-06 15:58 - 2016-11-08 16:18 - 00000000 ____D C:\Users\AurumPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Innkeeper
2017-04-06 15:58 - 2016-11-08 16:18 - 00000000 ____D C:\Users\AurumPC\AppData\Local\Innkeeper
2017-04-04 19:20 - 2015-09-27 18:56 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-04-01 03:12 - 2016-07-13 17:53 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-01 03:12 - 2016-07-13 17:53 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-24 16:30 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-03-24 16:22 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-21 18:40 - 2015-05-02 11:09 - 00000000 ____D C:\Users\AurumPC\AppData\Local\NVIDIA Corporation
2017-03-20 22:36 - 2016-03-29 11:36 - 00000000 ____D C:\Temp
2017-03-20 22:36 - 2015-05-02 10:59 - 00000000 ____D C:\Users\AurumPC\AppData\Local\NVIDIA
2017-03-20 22:36 - 2015-05-02 10:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-20 22:36 - 2015-05-02 10:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-20 22:36 - 2015-05-02 10:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
==================== Files in the root of some directories =======
2016-04-24 19:14 - 2016-04-25 20:52 - 0005571 _____ () C:\Users\AurumPC\AppData\Local\games.txt
2016-03-07 01:07 - 2016-03-07 01:07 - 0007607 _____ () C:\Users\AurumPC\AppData\Local\Resmon.ResmonCfg
2016-04-24 19:14 - 2016-04-25 20:18 - 0000039 _____ () C:\Users\AurumPC\AppData\Local\test.txt
2016-04-24 19:14 - 2016-04-25 20:18 - 0000008 _____ () C:\Users\AurumPC\AppData\Local\version.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-17 20:09
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.rar
- (15.7 KiB) Staženo 76 x
Re: Automaticky se zapne chrome s ruskou strankou
Po restartu dejte vedet, jak se PC chova.- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
Kód: Vybrat vše
Start CloseProcesses: HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Automaticky se zapne chrome s ruskou strankou
Už je to dobré přestalo to dělat. Jestli je to vše tak mnohokrát děkuji.
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-04-2017
Ran by AurumPC (20-04-2017 15:25:09) Run:3
Running from C:\Users\AurumPC\Desktop
Loaded Profiles: AurumPC (Available Profiles: AurumPC)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
End
*****************
Processes closed successfully.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AurumPC => value removed successfully
The system needed a reboot.
==== End of Fixlog 15:25:09 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-04-2017
Ran by AurumPC (20-04-2017 15:25:09) Run:3
Running from C:\Users\AurumPC\Desktop
Loaded Profiles: AurumPC (Available Profiles: AurumPC)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\...\Run: [AurumPC] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
End
*****************
Processes closed successfully.
HKU\S-1-5-21-2473894330-3763936804-1510646441-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AurumPC => value removed successfully
The system needed a reboot.
==== End of Fixlog 15:25:09 ====
Re: Automaticky se zapne chrome s ruskou strankou
- Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
- Oznacte jen moznost "Remove disinfection tools"
- kliknete na Run
Mejte se krasne a treba zase nekdy
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?