Preventivní kontrola logu

[burrry]

Dobrý den, poprosím o kontrolu logu, děkuji.

Logfile of random's system information tool 1.13 (written by random/random)
Run by Gabriela at 2016-10-22 07:03:31
Microsoft Windows 10 Pro
System drive C: has 30 GB (27%) free of 114 GB
Total RAM: 8130 MB (78% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:03:32, on 22. 10. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0596)
Boot mode: Normal

Running processes:
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe
C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Gabriela_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Launch SilverCrest STMS 2219 A1-K] C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe
O4 - HKLM\..\Run: [Launch SilverCrest STMS 2219 A1-M] C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "D:\Hry\Steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Gabriela\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Gabriela\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gabriela\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Gabriela\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gabriela\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Odeslat do OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: KMS Server Service (KMSServerService) - Unknown owner - C:\WINDOWS\System32\KMSServer.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\Program Files\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - D:\Program Files\Origin\OriginWebHelperService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12006 bytes

======Listing Processes======







winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\WINDOWS\System32\spoolsv.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dcbc49cf-a6a0-48fe-bc52-b3087cad4a05 -SystemEventPortName:HostProcess-f88b0ed4-9cae-4360-b854-dfc9f3e610c6 -IoCancelEventPortName:HostProcess-c32d4627-ff57-4420-bfd6-0201c92e17fa -NonStateChangingEventPortName:HostProcess-46335dce-836b-4d56-b1fc-e5dea8968a16 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:aeb0d155-ec42-4a23-a220-3f847265d81d -DeviceGroupId:WudfDefaultDevicePool
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"D:\Program Files\Origin\OriginWebHelperService.exe"
"C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
dashost.exe {c6849773-ab36-4d9d-a07744274fea3423}
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
sihost.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\Explorer.EXE
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe" silentrun
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE" /tsr
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe"
"C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe"
"C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\WINDOWS\System32\KMSServer.exe
"fontdrvhost.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="2064.0.1554248455\215264713" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 2064 "\\.\pipe\gecko-crash-server-pipe.2064" tab

"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-483752506-2189368557-1702194831-10024_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-483752506-2189368557-1702194831-10024 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 624 628 636 8192 632
taskeng.exe {FAB5BB53-7253-4DE5-AD79-A2D4BBE6312F}

C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Gabriela\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\update-S-1-5-21-483752506-2189368557-1702194831-1002.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\WINDOWS\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\AutoPico Daily Restart - "C:\Program Files\KMSpico\AutoPico.exe" /silent
C:\WINDOWS\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\WINDOWS\system32\tasks\klcp_update - "C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task - C:\Users\Gabriela\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\SafeZone scheduled Autoupdate 1469512324 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\system32\tasks\update-S-1-5-21-483752506-2189368557-1702194831-1002 - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\WINDOWS\system32\tasks\update-sys - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{2CC82238-225C-41B3-AAD9-CAEF36A251D5} - C:\Windows\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{489FD5F0-DBD9-4F7E-93A3-7A0E9C702FB3} - C:\Windows\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\{023EA7C3-A676-4454-A0FC-B837C0EB601C} - C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 6\kitserver\zaloha - Kitserver 6.4.0\setup.exe" -d "C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 6\kitserver\zaloha - Kitserver 6.4.0"
C:\WINDOWS\system32\tasks\{47CA020E-86D9-42F2-BE93-BBCC39575E85} - C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
C:\WINDOWS\system32\tasks\{799158DD-0EBC-4A82-83B9-5A0186C3CD58} - C:\WINDOWS\system32\pcalua.exe -a E:\Directx\dxsetup.exe -d E:\
C:\WINDOWS\system32\tasks\{B4CCB836-C86C-4709-8619-782700517F88} - C:\WINDOWS\system32\pcalua.exe -a "D:\Program Files (x86)\Activision\Rome - Total War\RomeTW.exe" -d "D:\Program Files (x86)\Activision\Rome - Total War"
C:\WINDOWS\system32\tasks\{B5C1B280-BE79-4CBB-A462-B11CFC206CAD} - C:\Windows\system32\pcalua.exe -a C:\Users\Gabriela\Downloads\Liberation_1.0.exe -d C:\Users\Gabriela\Downloads
C:\WINDOWS\system32\tasks\{F90A0E38-92FD-45C8-89D6-A39BD611D7C8} - C:\Windows\system32\pcalua.exe -a E:\IL2\il2setup.exe -d E:\IL2
C:\WINDOWS\system32\tasks\WPD\SqmUpload_S-1-5-21-483752506-2189368557-1702194831-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\WINDOWS\system32\tasks\WPD\SqmUpload_S-1-5-21-483752506-2189368557-1702194831-1002 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\WINDOWS\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\WINDOWS\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - C:\Windows\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe Reboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\SpaceMan.exe /Repair
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\Windows\system32\MRT.exe /EHB /Q
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\StorageSense - %windir%\system32\rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload

=========Mozilla firefox=========

ProfilePath - C:\Users\Gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\4ejp6yqg.default-1465841778149

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.185 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.111.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.185 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL


C:\Program Files (x86)\Mozilla Firefox\components\
flashplayer.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np32dsw.dll
npMeetingJoinPluginOC.dll
nppdf32.dll
ShockwavePlugin.class

C:\Users\Gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\4ejp6yqg.default-1465841778149\addons.json

C:\Users\Gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\4ejp6yqg.default-1465841778149\extensions.json
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\Gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\4ejp6yqg.default-1465841778149\pluginreg.dat
Plugin - Adobe Acrobat - 15.20.20039.7108 - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
Plugin - NVIDIA 3D VISION - 7.17.13.7290 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Plugin - NVIDIA 3D Vision - 7.17.13.7290 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
Plugin - Microsoft Office 2013 - 15.0.4514.1000 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
Plugin - Silverlight Plug-In - 5.1.50901.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll
Plugin - Shockwave for Director - 8.5.1.102 - C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
Plugin - Microsoft Office 2013 - 15.0.4849.1000 - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
Plugin - Adobe Acrobat - 15.20.20039.7108 - C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
Plugin - Java(TM) Platform SE 8 U111 - 11.111.2.14 - C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
Plugin - Java Deployment Toolkit 8.0.1110.14 - 11.111.2.14 - C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
Plugin - Intel® Identity Protection Technology - 4.0.5.0 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
Plugin - Intel® Identity Protection Technology - 4.0.5.0 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
Plugin - Shockwave Flash - 23.0.0.185 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll

=========Google Chrome=========


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27 229064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2016-08-16 2351920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27 163528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2016-08-16 1743664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-14 2397120]
"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2009-09-30 825184]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2016-06-07 8838400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Hry\Steam.exe [2016-09-20 2858272]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-08-05 8894680]
"OneDrive"=C:\Users\Gabriela\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-08-23 633024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Gabriela\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\Gabriela\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-10-13 9083840]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2012-10-09 1637528]
"Launch SilverCrest STMS 2219 A1-K"=C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe [2013-07-16 3403256]
"Launch SilverCrest STMS 2219 A1-M"=C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe [2013-07-16 2841592]
"Lightshot"=C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2016-07-11 225944]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22 587288]

C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odeslat do OneNote.lnk - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=%SystemRoot%\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-10-22 06:45:43 ----A---- C:\WINDOWS\system32\KMSServer.exe
2016-10-21 10:34:09 ----D---- C:\WINDOWS\LastGood
2016-10-21 10:30:25 ----A---- C:\WINDOWS\SYSWOW64\nvStreaming.exe
2016-10-21 10:29:36 ----D---- C:\WINDOWS\LastGood.Tmp
2016-10-21 03:15:46 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-10-12 14:40:57 ----D---- C:\Program Files (x86)\Origin Games
2016-10-12 10:13:06 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2016-10-12 10:13:06 ----A---- C:\WINDOWS\system32\vbscript.dll
2016-10-12 10:13:06 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-10-12 10:13:06 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-10-12 10:13:04 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-10-12 10:13:04 ----A---- C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-10-12 10:13:04 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-12 10:13:04 ----A---- C:\WINDOWS\system32\appraiser.dll
2016-10-12 10:13:04 ----A---- C:\WINDOWS\system32\acmigration.dll
2016-10-12 10:13:03 ----A---- C:\WINDOWS\system32\wmp.dll
2016-10-12 10:13:03 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-12 10:13:02 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2016-10-12 10:13:02 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-10-12 10:13:01 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2016-10-12 10:13:01 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-10-12 10:13:01 ----A---- C:\WINDOWS\system32\twinui.dll
2016-10-12 10:13:01 ----A---- C:\WINDOWS\system32\msfeeds.dll
2016-10-12 10:13:01 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-10-12 10:13:01 ----A---- C:\WINDOWS\system32\diagtrack.dll
2016-10-12 10:13:01 ----A---- C:\WINDOWS\system32\aeinv.dll
2016-10-12 10:13:00 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2016-10-12 10:13:00 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2016-10-12 10:13:00 ----A---- C:\WINDOWS\system32\MSVidCtl.dll
2016-10-12 10:13:00 ----A---- C:\WINDOWS\system32\LicenseManager.dll
2016-10-12 10:13:00 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-10-12 10:13:00 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-10-12 10:13:00 ----A---- C:\WINDOWS\system32\generaltel.dll
2016-10-12 10:13:00 ----A---- C:\WINDOWS\system32\FntCache.dll
2016-10-12 10:13:00 ----A---- C:\WINDOWS\system32\DWrite.dll
2016-10-12 10:13:00 ----A---- C:\WINDOWS\system32\devinv.dll
2016-10-12 10:12:59 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-10-12 10:12:59 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-10-12 10:12:59 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-10-12 10:12:59 ----A---- C:\WINDOWS\system32\wininet.dll
2016-10-12 10:12:59 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-10-12 10:12:59 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-10-12 10:12:59 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-10-12 10:12:59 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2016-10-12 10:12:59 ----A---- C:\WINDOWS\system32\MusNotification.exe
2016-10-12 10:12:59 ----A---- C:\WINDOWS\system32\invagent.dll
2016-10-12 10:12:59 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-10-12 10:12:59 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2016-10-12 10:12:59 ----A---- C:\WINDOWS\system32\aepic.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\SYSWOW64\MSVidCtl.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\SYSWOW64\LockAppHost.exe
2016-10-12 10:12:58 ----A---- C:\WINDOWS\SYSWOW64\LicenseManager.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2016-10-12 10:12:58 ----A---- C:\WINDOWS\SYSWOW64\DWrite.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\SYSWOW64\AboveLockAppHost.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\wpx.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\winload.exe
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\wer.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\shell32.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\LockAppHost.exe
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\inetcomm.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\drivers\dfsc.sys
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\diagtrack_win.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\ApplicationFrame.dll
2016-10-12 10:12:58 ----A---- C:\WINDOWS\system32\AboveLockAppHost.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\SYSWOW64\wmpeffects.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.Enumeration.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\SYSWOW64\drvstore.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\SYSWOW64\DafPrintProvider.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\SYSWOW64\adsmsext.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\wsqmcons.exe
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\wmpeffects.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\winresume.exe
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\win32spl.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\WebClnt.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\puiobj.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\drvstore.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\drivers\tm.sys
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\davclnt.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\das.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\DafPrintProvider.dll
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\bcdedit.exe
2016-10-12 10:12:57 ----A---- C:\WINDOWS\system32\adsmsext.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\SYSWOW64\wmpshell.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\SYSWOW64\wmpdxm.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\SYSWOW64\WebClnt.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\SYSWOW64\puiobj.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\SYSWOW64\puiapi.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\SYSWOW64\DevDispItemProvider.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\SYSWOW64\davclnt.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\system32\wmpshell.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\system32\puiapi.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\system32\pnpclean.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\system32\offreg.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\system32\dwmcore.dll
2016-10-12 10:12:56 ----A---- C:\WINDOWS\system32\drivers\mrxdav.sys
2016-10-12 10:12:56 ----A---- C:\WINDOWS\system32\DevDispItemProvider.dll
2016-10-09 15:51:09 ----A---- C:\WINDOWS\SYSWOW64\vp6vfw.dll
2016-10-09 15:51:09 ----A---- C:\WINDOWS\SYSWOW64\SHW32.DLL
2016-10-09 15:51:09 ----A---- C:\WINDOWS\SYSWOW64\msvcr71.dll
2016-10-09 15:51:09 ----A---- C:\WINDOWS\SYSWOW64\msvcp71.dll
2016-10-09 15:51:09 ----A---- C:\WINDOWS\SYSWOW64\mfc71.dll
2016-10-02 15:18:34 ----D---- C:\Users\Gabriela\AppData\Roaming\Sun
2016-10-02 15:18:32 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2016-10-02 15:18:24 ----D---- C:\ProgramData\Oracle
2016-10-02 15:18:21 ----D---- C:\Program Files (x86)\Java
2016-09-23 23:18:36 ----A---- C:\WINDOWS\system32\nvoglv64.dll
2016-09-23 23:18:26 ----A---- C:\WINDOWS\SYSWOW64\nvoglv32.dll
2016-09-23 23:17:48 ----A---- C:\WINDOWS\SYSWOW64\NvIFROpenGL.dll
2016-09-23 23:17:14 ----A---- C:\WINDOWS\system32\nvhdap64.dll
2016-09-23 23:17:12 ----A---- C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-09-23 23:17:00 ----A---- C:\WINDOWS\system32\NvFBC64.dll
2016-09-23 23:16:58 ----A---- C:\WINDOWS\SYSWOW64\NvFBC.dll
2016-09-23 23:16:52 ----A---- C:\WINDOWS\system32\nvdispco6437290.dll
2016-09-23 23:16:46 ----A---- C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-09-23 23:16:44 ----A---- C:\WINDOWS\SYSWOW64\nvDecMFTMjpeg.dll
2016-09-23 23:16:40 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2016-09-23 23:15:16 ----A---- C:\WINDOWS\SYSWOW64\nvcompiler.dll
2016-09-23 22:51:40 ----A---- C:\WINDOWS\SYSWOW64\NvIFR.dll
2016-09-23 22:51:40 ----A---- C:\WINDOWS\system32\NvIFROpenGL.dll
2016-09-23 22:51:40 ----A---- C:\WINDOWS\system32\NvIFR64.dll
2016-09-23 22:51:38 ----A---- C:\WINDOWS\system32\nvdispgenco6437290.dll
2016-09-23 22:51:38 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2016-09-23 22:51:38 ----A---- C:\WINDOWS\system32\drivers\nvhda64v.sys
2016-09-23 22:51:36 ----A---- C:\WINDOWS\SYSWOW64\nvcuvid.dll
2016-09-23 22:43:58 ----A---- C:\WINDOWS\SYSWOW64\nvwgf2um.dll
2016-09-23 22:43:50 ----A---- C:\WINDOWS\SYSWOW64\nvumdshim.dll
2016-09-23 22:43:28 ----A---- C:\WINDOWS\SYSWOW64\nvopencl.dll
2016-09-23 22:43:24 ----A---- C:\WINDOWS\SYSWOW64\nvoglshim32.dll
2016-09-23 22:43:24 ----A---- C:\WINDOWS\system32\nvoglshim64.dll
2016-09-23 22:43:20 ----A---- C:\WINDOWS\SYSWOW64\nvinit.dll
2016-09-23 22:43:20 ----A---- C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-09-23 22:43:18 ----A---- C:\WINDOWS\SYSWOW64\nvfatbinaryLoader.dll
2016-09-23 22:43:16 ----A---- C:\WINDOWS\SYSWOW64\nvEncodeAPI.dll
2016-09-23 22:43:16 ----A---- C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-09-23 22:43:10 ----A---- C:\WINDOWS\SYSWOW64\nvEncMFTH264.dll
2016-09-23 22:43:10 ----A---- C:\WINDOWS\system32\nvEncMFTH264.dll
2016-09-23 22:42:26 ----A---- C:\WINDOWS\SYSWOW64\nvapi.dll
2016-09-23 22:36:02 ----A---- C:\WINDOWS\SYSWOW64\nvptxJitCompiler.dll
2016-09-23 22:36:02 ----A---- C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-09-23 22:36:02 ----A---- C:\WINDOWS\system32\nvopencl.dll
2016-09-23 22:36:02 ----A---- C:\WINDOWS\system32\nvd3dumx.dll
2016-09-23 22:36:00 ----A---- C:\WINDOWS\SYSWOW64\nvcuda.dll
2016-09-23 22:36:00 ----A---- C:\WINDOWS\system32\nvinitx.dll
2016-09-23 22:36:00 ----A---- C:\WINDOWS\system32\nvcuda.dll

======List of files/folders modified in the last 1 month======

2016-10-22 07:03:32 ----D---- C:\Program Files\trend micro
2016-10-22 06:55:31 ----D---- C:\WINDOWS\Temp
2016-10-22 06:51:44 ----D---- C:\WINDOWS\Minidump
2016-10-22 06:51:44 ----D---- C:\WINDOWS\INF
2016-10-22 06:51:44 ----D---- C:\WINDOWS\debug
2016-10-22 06:51:44 ----D---- C:\Windows
2016-10-22 06:49:52 ----D---- C:\WINDOWS\System32
2016-10-22 06:49:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-22 06:46:21 ----D---- C:\WINDOWS\Prefetch
2016-10-22 06:45:30 ----D---- C:\ProgramData\NVIDIA
2016-10-22 02:05:25 ----D---- C:\WINDOWS\system32\sru
2016-10-21 18:36:12 ----D---- C:\WINDOWS\system32\config
2016-10-21 17:29:00 ----D---- C:\WINDOWS\system32\logs
2016-10-21 16:55:02 ----D---- C:\WINDOWS\Microsoft.NET
2016-10-21 16:49:43 ----D---- C:\WINDOWS\AppReadiness
2016-10-21 12:52:12 ----HD---- C:\Program Files\WindowsApps
2016-10-21 11:03:59 ----D---- C:\WINDOWS\system32\drivers
2016-10-21 10:33:34 ----D---- C:\WINDOWS\SysWOW64
2016-10-21 10:33:34 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-21 10:30:24 ----D---- C:\Program Files (x86)\VulkanRT
2016-10-21 10:29:51 ----D---- C:\ProgramData\NVIDIA Corporation
2016-10-21 10:29:34 ----D---- C:\WINDOWS\system32\DriverStore
2016-10-21 10:23:09 ----SHDC---- C:\WINDOWS\Installer
2016-10-21 10:23:09 ----SHD---- C:\Config.Msi
2016-10-21 10:23:09 ----RSD---- C:\WINDOWS\Fonts
2016-10-21 10:23:09 ----D---- C:\ProgramData\Microsoft Help
2016-10-21 10:20:46 ----SHD---- C:\System Volume Information
2016-10-21 09:40:46 ----RD---- C:\Program Files (x86)
2016-10-21 03:16:46 ----HD---- C:\ProgramData
2016-10-20 17:56:08 ----D---- C:\WINDOWS\SoftwareDistribution
2016-10-20 17:55:09 ----D---- C:\WINDOWS\system32\LogFiles
2016-10-20 15:21:20 ----D---- C:\Program Files (x86)\Common Files
2016-10-17 23:43:55 ----D---- C:\ProgramData\Origin
2016-10-17 23:39:55 ----D---- C:\Users\Gabriela\AppData\Roaming\Origin
2016-10-16 12:43:50 ----D---- C:\WINDOWS\WinSxS
2016-10-16 12:41:13 ----D---- C:\WINDOWS\rescache
2016-10-16 11:17:11 ----D---- C:\WINDOWS\system32\catroot2
2016-10-16 00:47:33 ----RSD---- C:\WINDOWS\assembly
2016-10-16 00:46:20 ----D---- C:\WINDOWS\system32\appraiser
2016-10-16 00:46:20 ----D---- C:\WINDOWS\CbsTemp
2016-10-14 13:56:01 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-10-14 13:56:01 ----AD---- C:\Program Files\Microsoft Silverlight
2016-10-14 13:52:04 ----SD---- C:\WINDOWS\system32\DiagSvcs
2016-10-14 13:52:04 ----D---- C:\WINDOWS\SYSWOW64\migration
2016-10-14 13:52:04 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-10-14 13:52:04 ----D---- C:\WINDOWS\system32\migration
2016-10-14 13:52:04 ----D---- C:\WINDOWS\system32\en-US
2016-10-14 13:52:04 ----D---- C:\WINDOWS\system32\cs-CZ
2016-10-14 13:52:04 ----D---- C:\WINDOWS\system32\Boot
2016-10-14 13:52:03 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-10-14 13:52:03 ----D---- C:\WINDOWS\AppPatch
2016-10-14 13:52:03 ----D---- C:\Program Files\Windows Media Player
2016-10-14 13:52:03 ----D---- C:\Program Files\Internet Explorer
2016-10-14 13:52:03 ----D---- C:\Program Files (x86)\Windows Media Player
2016-10-14 13:52:03 ----D---- C:\Program Files (x86)\Internet Explorer
2016-10-13 23:04:45 ----D---- C:\WINDOWS\system32\Tasks
2016-10-12 12:26:04 ----A---- C:\WINDOWS\win.ini
2016-10-12 12:24:06 ----D---- C:\WINDOWS\system32\MRT
2016-10-12 12:22:21 ----AC---- C:\WINDOWS\system32\MRT.exe
2016-10-11 20:03:05 ----D---- C:\WINDOWS\system32\Macromed
2016-10-11 20:03:04 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2016-10-09 15:51:09 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-10-07 13:34:30 ----D---- C:\WINDOWS\system32\NDF
2016-10-01 02:23:20 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2016-09-23 22:44:18 ----A---- C:\WINDOWS\system32\nvwgf2umx.dll
2016-09-23 22:43:52 ----A---- C:\WINDOWS\system32\nvumdshimx.dll
2016-09-23 22:42:28 ----A---- C:\WINDOWS\system32\nvapi64.dll
2016-09-23 22:36:00 ----A---- C:\WINDOWS\SYSWOW64\nvd3dum.dll

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2016-09-09 74544]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2016-10-13 293352]
R1 AsIO;AsIO; SysWow64\drivers\AsIO.sys []
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2016-09-09 103064]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2016-09-13 969184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2016-09-22 513632]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2016-09-09 108816]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2016-09-09 163416]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2014-12-26 310728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2014-12-26 42696]
R3 InputFilter_Hid_FlexDef2b;@oem38.inf,%HIDUASServiceDesc%;Siliten HID Devices(FlexDef2b) Driver Service; C:\WINDOWS\System32\drivers\InputFilter_FlexDef2b.sys [2010-06-19 17920]
R3 MouFilter_Mou_FlexDef4;@oem44.inf,%HIDUASServiceDesc%;HID Mouse(FlexDef4) Driver Service; C:\WINDOWS\System32\drivers\MouFilter_FlexDef4.sys [2010-10-20 15360]
R3 NVHDA;@oem14.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2016-09-23 232008]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2016-09-23 14242880]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-14 26560]
R3 nvvad_WaveExtensible;@oem47.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2016-04-14 56384]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-30 589824]
R3 tap0901;@oem41.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\WINDOWS\System32\drivers\tap0901.sys [2013-08-22 40664]
S2 SecDrv;SecDrv; \??\C:\WINDOWS\system32\drivers\SECDRV.SYS []
S3 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2016-09-09 37656]
S3 HyperVideo;HyperVideo; C:\WINDOWS\system32\DRIVERS\HyperVideo.sys [2015-10-30 26112]
S3 netvsc;netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [2015-10-30 108032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2013-07-04 936728]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-09-09 197128]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-06-14 2521024]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2016-09-17 1364024]
R2 OneSyncSvc_4faf3;Hostitel synchronizace_4faf3; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 Origin Web Helper Service;Origin Web Helper Service; D:\Program Files\Origin\OriginWebHelperService.exe [2016-10-12 2209296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-09-17 426040]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
R3 KMSServerService;KMS Server Service; C:\WINDOWS\System32\KMSServer.exe [2016-10-22 38454]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-06-14 3632576]
R3 PimIndexMaintenanceSvc_4faf3;Data kontaktů_4faf3; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_20057a18;Hostitel synchronizace_20057a18; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_249f07e9;Hostitel synchronizace_249f07e9; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_42c35;Hostitel synchronizace_42c35; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_471e509;Hostitel synchronizace_471e509; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_48433;Hostitel synchronizace_48433; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_4d8d5;Hostitel synchronizace_4d8d5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_581dc;Hostitel synchronizace_581dc; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_5a760;Hostitel synchronizace_5a760; C:\Windows\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_9ae1bb2;Hostitel synchronizace_9ae1bb2; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2013-11-20 691480]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MessagingService_20057a18;Služba zasílání zpráv_20057a18; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_249f07e9;Služba zasílání zpráv_249f07e9; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_42c35;Služba zasílání zpráv_42c35; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_471e509;Služba zasílání zpráv_471e509; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_48433;Služba zasílání zpráv_48433; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_4d8d5;Služba zasílání zpráv_4d8d5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_4faf3;Služba zasílání zpráv_4faf3; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_581dc;Služba zasílání zpráv_581dc; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_9ae1bb2;Služba zasílání zpráv_9ae1bb2; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-10-21 172488]
S3 Origin Client Service;Origin Client Service; D:\Program Files\Origin\OriginClientService.exe [2016-10-12 2142728]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 178760]
S3 PimIndexMaintenanceSvc_20057a18;Data kontaktů_20057a18; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_249f07e9;Data kontaktů_249f07e9; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_42c35;Data kontaktů_42c35; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_471e509;Data kontaktů_471e509; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_48433;Data kontaktů_48433; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_4d8d5;Data kontaktů_4d8d5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_581dc;Data kontaktů_581dc; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_9ae1bb2;Data kontaktů_9ae1bb2; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-09-20 1466144]

-----------------EOF-----------------

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[burrry]

Dobrý večer, musel jsem do práce, tak log dávám až teď.

# AdwCleaner v6.030 - Log soubor vytvořen 23/10/2016 na 22:25:22
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-10-23.2 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Gabriela - WOLF
# Beží od : C:\Users\Gabriela\Desktop\adwcleaner_6.030.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Adresáře ] *****

Nebyly nalezeny žádné škodlivé složky.


***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL soubory.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupce ] *****

Žádné infikovaný zástupce nenalezen.


***** [ Plánovač úloh ] *****

Žádný nebezpečná úloha nenalezena.


***** [ Registry ] *****

Nebyly nalezeny žádné škodlivé položky registru.


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox báze.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium báze.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1237 Bajtů] - [23/10/2016 22:25:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1311 Bajtů] ##########

[Rudy]

Toto je OK. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=30&t=133101 .

[burrry]

Dobrý večer


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Gabriela (administrator) on WOLF (25-10-2016 19:35:18)
Running from C:\Users\Gabriela\Desktop
Loaded Profiles: Gabriela (Available Profiles: Gabriela)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Electronic Arts) D:\Program Files\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\KMSpico\AutoPico.exe
() C:\Windows\System32\KMSServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Siliten) C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe
(Siliten) C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.25071.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.16.15.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.12.8312.0_x64__8wekyb3d8bbwe\Solitaire.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Gabriela\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-13] (AVAST Software)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637528 2012-10-09] (CANON INC.)
HKLM-x32\...\Run: [Launch SilverCrest STMS 2219 A1-K] => C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe [3403256 2013-07-16] (Siliten)
HKLM-x32\...\Run: [Launch SilverCrest STMS 2219 A1-M] => C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe [2841592 2013-07-16] (Siliten)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-483752506-2189368557-1702194831-1002\...\Run: [Steam] => D:\Hry\Steam.exe [2858272 2016-09-20] (Valve Corporation)
HKU\S-1-5-21-483752506-2189368557-1702194831-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-483752506-2189368557-1702194831-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-09] (AVAST Software)
Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2016-05-07]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{36b27c85-0428-4799-a435-6e009522258c}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\4ejp6yqg.default-1465841778149 [2016-10-25]
FF Homepage: Mozilla\Firefox\Profiles\4ejp6yqg.default-1465841778149 -> hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-17] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll [2003-02-11] (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R3 KMSServerService; C:\WINDOWS\System32\KMSServer.exe [38454 2016-10-24] () [File not signed]
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files\Origin\OriginClientService.exe [2142728 2016-10-12] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files\Origin\OriginWebHelperService.exe [2209296 2016-10-12] (Electronic Arts)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [691480 2013-11-20] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 vmicvss; C:\WINDOWS\System32\ICSvc.dll [511488 2016-09-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [310728 2014-12-26] ()
R3 InputFilter_Hid_FlexDef2b; C:\WINDOWS\System32\drivers\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [42696 2014-12-26] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 MouFilter_Mou_FlexDef4; C:\WINDOWS\System32\drivers\MouFilter_FlexDef4.sys [15360 2010-10-20] (Siliten)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11973 2016-08-23] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 VmtkmHid_0; C:\WINDOWS\System32\drivers\VmtkmHid_0.sys [11264 2012-07-23] (0)
R3 VmtkmHid_MouFiltr_0; C:\WINDOWS\System32\drivers\VmtkmMouFiltr_0.sys [7168 2012-07-23] (0)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-25 19:35 - 2016-10-25 19:35 - 00015696 _____ C:\Users\Gabriela\Desktop\FRST.txt
2016-10-25 19:34 - 2016-10-25 19:35 - 00000000 ____D C:\FRST
2016-10-25 19:33 - 2016-10-25 19:33 - 00112640 _____ (forum.viry.cz) C:\Users\Gabriela\Desktop\FRSTLauncher.exe
2016-10-25 19:29 - 2016-10-25 19:29 - 02407424 _____ (Farbar) C:\Users\Gabriela\Desktop\FRST64.exe
2016-10-24 17:29 - 2016-10-24 17:29 - 00038454 _____ C:\WINDOWS\system32\KMSServer.exe
2016-10-23 22:23 - 2016-10-23 22:23 - 03910208 _____ C:\Users\Gabriela\Desktop\adwcleaner_6.030.exe
2016-10-23 22:22 - 2016-10-23 22:28 - 00000000 ____D C:\AdwCleaner
2016-10-22 06:50 - 2016-10-22 06:50 - 01328128 _____ C:\Users\Gabriela\Downloads\RSITx64.exe
2016-10-21 10:34 - 2016-10-21 10:34 - 00000000 ____D C:\WINDOWS\LastGood
2016-10-21 10:34 - 2016-10-21 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-21 10:30 - 2016-09-17 00:36 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-10-21 10:29 - 2016-10-21 10:29 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-10-21 03:15 - 2016-10-21 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 08:20 - 2016-10-20 08:20 - 00000000 ____D C:\Users\Gabriela\AppData\LocalLow\Temp
2016-10-20 07:22 - 2016-10-20 07:22 - 00000820 _____ C:\Users\Gabriela\Desktop\Cechovní expedice – zástupce.lnk
2016-10-19 18:42 - 2016-10-19 18:42 - 00000000 ____D C:\Users\Gabriela\Documents\Gabriela
2016-10-12 14:40 - 2016-10-12 14:40 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-10-12 14:33 - 2016-10-12 14:33 - 00000000 ____D C:\Users\Gabriela\.QtWebEngineProcess
2016-10-12 14:33 - 2016-10-12 14:33 - 00000000 ____D C:\Users\Gabriela\.Origin
2016-10-12 10:13 - 2016-10-05 09:56 - 01644736 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-12 10:13 - 2016-10-05 09:56 - 01242304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-12 10:13 - 2016-10-05 09:56 - 00602304 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-12 10:13 - 2016-10-05 09:56 - 00591040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-12 10:13 - 2016-10-05 09:56 - 00144576 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-12 10:13 - 2016-10-05 09:56 - 00085696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-12 10:13 - 2016-10-05 09:01 - 01637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-12 10:13 - 2016-10-05 08:54 - 01297760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-10-12 10:13 - 2016-10-05 06:10 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-12 10:13 - 2016-10-05 06:10 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-12 10:13 - 2016-10-05 06:00 - 01661952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-12 10:13 - 2016-10-05 05:55 - 03549696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-12 10:13 - 2016-10-05 05:48 - 02437120 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-12 10:13 - 2016-10-05 05:10 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-12 10:13 - 2016-10-05 05:09 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-12 10:13 - 2016-10-05 04:55 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-12 10:13 - 2016-10-05 04:50 - 22379520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-12 10:13 - 2016-10-05 04:50 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-12 10:13 - 2016-10-05 04:39 - 24611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-12 10:13 - 2016-10-05 04:39 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-12 10:13 - 2016-10-05 04:33 - 14255104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-12 10:13 - 2016-10-05 04:27 - 09920512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-12 10:13 - 2016-10-05 04:26 - 07836672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-12 10:13 - 2016-10-05 04:13 - 19349504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-12 10:13 - 2016-10-05 04:13 - 18675200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-10-12 10:13 - 2016-10-05 04:06 - 12587008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-12 10:13 - 2016-10-05 04:01 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-10-12 10:13 - 2016-09-17 09:45 - 02610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-10-12 10:13 - 2016-09-17 08:45 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-12 10:13 - 2016-09-17 08:22 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-10-12 10:12 - 2016-10-05 09:56 - 00329920 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-12 10:12 - 2016-10-05 09:56 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-12 10:12 - 2016-10-05 09:20 - 01030408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-12 10:12 - 2016-10-05 09:20 - 00875480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-12 10:12 - 2016-10-05 09:19 - 00129376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-12 10:12 - 2016-10-05 09:18 - 07468384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-12 10:12 - 2016-10-05 09:18 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-12 10:12 - 2016-10-05 09:18 - 01142560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-12 10:12 - 2016-10-05 09:01 - 01337184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-12 10:12 - 2016-10-05 08:17 - 03693064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-12 10:12 - 2016-10-05 08:15 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-10-12 10:12 - 2016-10-05 08:14 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-12 10:12 - 2016-10-05 08:09 - 00604920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-12 10:12 - 2016-10-05 07:45 - 00987488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-10-12 10:12 - 2016-10-05 07:39 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-12 10:12 - 2016-10-05 07:39 - 00576856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-12 10:12 - 2016-10-05 07:38 - 00636296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-12 10:12 - 2016-10-05 07:38 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-12 10:12 - 2016-10-05 07:37 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-10-12 10:12 - 2016-10-05 07:31 - 00422240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-10-12 10:12 - 2016-10-05 07:25 - 00871776 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-12 10:12 - 2016-10-05 07:23 - 00305808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-12 10:12 - 2016-10-05 07:08 - 02937896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-12 10:12 - 2016-10-05 07:05 - 00256704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-10-12 10:12 - 2016-10-05 07:01 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-10-12 10:12 - 2016-10-05 07:00 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-12 10:12 - 2016-10-05 06:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-12 10:12 - 2016-10-05 06:50 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2016-10-12 10:12 - 2016-10-05 06:49 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2016-10-12 10:12 - 2016-10-05 06:49 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-10-12 10:12 - 2016-10-05 06:47 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
2016-10-12 10:12 - 2016-10-05 06:47 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-12 10:12 - 2016-10-05 06:38 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-12 10:12 - 2016-10-05 06:35 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-12 10:12 - 2016-10-05 06:34 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-12 10:12 - 2016-10-05 06:33 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-10-12 10:12 - 2016-10-05 06:32 - 00538744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-10-12 10:12 - 2016-10-05 06:30 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-10-12 10:12 - 2016-10-05 06:30 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-10-12 10:12 - 2016-10-05 06:30 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-12 10:12 - 2016-10-05 06:29 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-10-12 10:12 - 2016-10-05 06:27 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack_win.dll
2016-10-12 10:12 - 2016-10-05 06:23 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-10-12 10:12 - 2016-10-05 06:19 - 00717152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-12 10:12 - 2016-10-05 06:18 - 00253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-12 10:12 - 2016-10-05 06:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-10-12 10:12 - 2016-10-05 06:17 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-10-12 10:12 - 2016-10-05 06:15 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2016-10-12 10:12 - 2016-10-05 06:07 - 01159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2016-10-12 10:12 - 2016-10-05 06:05 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-12 10:12 - 2016-10-05 06:04 - 01718272 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-12 10:12 - 2016-10-05 06:02 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-12 10:12 - 2016-10-05 06:00 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-12 10:12 - 2016-10-05 06:00 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-12 10:12 - 2016-10-05 05:57 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-10-12 10:12 - 2016-10-05 05:40 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-12 10:12 - 2016-10-05 05:40 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2016-10-12 10:12 - 2016-10-05 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
2016-10-12 10:12 - 2016-10-05 05:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-12 10:12 - 2016-10-05 05:30 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-12 10:12 - 2016-10-05 05:29 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-12 10:12 - 2016-10-05 05:29 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-12 10:12 - 2016-10-05 05:28 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-12 10:12 - 2016-10-05 05:24 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-10-12 10:12 - 2016-10-05 05:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-12 10:12 - 2016-10-05 05:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-10-12 10:12 - 2016-10-05 05:15 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-10-12 10:12 - 2016-10-05 05:14 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-10-12 10:12 - 2016-10-05 05:13 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2016-10-12 10:12 - 2016-10-05 05:05 - 01467904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-12 10:12 - 2016-10-05 05:04 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-12 10:12 - 2016-10-05 05:04 - 00885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-12 10:12 - 2016-10-05 04:59 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-12 10:12 - 2016-10-05 04:54 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-12 10:12 - 2016-10-05 04:40 - 01626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-12 10:12 - 2016-10-05 04:39 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-12 10:12 - 2016-10-05 04:22 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-12 10:12 - 2016-10-05 04:13 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-12 10:12 - 2016-10-01 04:16 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-12 10:12 - 2016-09-27 04:39 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-12 10:12 - 2016-09-17 10:08 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-12 10:12 - 2016-09-17 09:28 - 03077120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-12 10:12 - 2016-09-17 09:12 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-10-12 10:12 - 2016-09-17 08:43 - 02552832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-12 10:12 - 2016-06-18 06:55 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-10-12 10:12 - 2016-06-18 06:51 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-10-12 10:12 - 2016-06-18 06:49 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-10-12 10:12 - 2016-06-18 06:45 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-10-10 22:45 - 2016-10-10 22:45 - 00000095 _____ C:\Users\Gabriela\Desktop\dědictví.txt
2016-10-09 15:51 - 2006-03-28 13:00 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2016-10-09 15:51 - 2006-03-28 13:00 - 00118832 _____ (MicroQuill Software Publishing, Inc.) C:\WINDOWS\SysWOW64\SHW32.DLL
2016-10-09 15:51 - 2006-03-28 12:56 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2016-10-09 15:51 - 2006-03-28 12:56 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2016-10-09 15:51 - 2004-12-10 10:06 - 00327680 _____ (On2.com Inc.) C:\WINDOWS\SysWOW64\vp6dec.ax
2016-10-09 15:51 - 2004-08-30 14:25 - 00438272 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2016-10-09 15:51 - 2003-09-10 12:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2016-10-09 15:51 - 2003-09-05 12:07 - 00168960 _____ (Xceed Software Inc. 1-450-442-2626 zip@xceedsoft.com www.xceedsoft.com) C:\WINDOWS\SysWOW64\XCDZIP35.OCX
2016-10-09 15:51 - 2000-05-22 00:00 - 00647872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCT2.OCX
2016-10-08 21:35 - 2016-10-08 21:35 - 00000022 _____ C:\Users\Gabriela\Desktop\pisnička rio.txt
2016-10-02 15:18 - 2016-10-20 15:21 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-10-02 15:18 - 2016-10-20 15:21 - 00000000 ____D C:\ProgramData\Oracle
2016-10-02 15:18 - 2016-10-20 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-02 15:18 - 2016-10-20 15:21 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-02 15:18 - 2016-10-02 15:18 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Sun
2016-10-02 15:18 - 2016-10-02 15:18 - 00000000 ____D C:\Users\Gabriela\AppData\LocalLow\Sun
2016-10-02 15:18 - 2016-10-02 15:18 - 00000000 ____D C:\Users\Gabriela\.oracle_jre_usage
2016-10-02 15:17 - 2016-10-02 15:17 - 00739904 _____ (Oracle Corporation) C:\Users\Gabriela\Downloads\JavaSetup8u101.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-25 19:25 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-10-25 19:03 - 2016-05-15 10:05 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-25 18:48 - 2015-06-09 00:21 - 00000404 _____ C:\WINDOWS\Tasks\update-S-1-5-21-483752506-2189368557-1702194831-1002.job
2016-10-25 17:33 - 2015-06-09 00:21 - 00000404 _____ C:\WINDOWS\Tasks\update-sys.job
2016-10-25 17:17 - 2015-03-07 09:56 - 00020172 _____ C:\Users\Gabriela\Desktop\FOE BODY.xlsx
2016-10-25 14:47 - 2014-12-20 10:46 - 00004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{489FD5F0-DBD9-4F7E-93A3-7A0E9C702FB3}
2016-10-25 12:58 - 2016-07-29 09:41 - 00000000 ____D C:\Users\Gabriela
2016-10-25 08:33 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-25 08:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-24 10:40 - 2016-01-19 14:59 - 00000000 ____D C:\ProgramData\Origin
2016-10-24 10:38 - 2016-01-19 15:01 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Origin
2016-10-23 23:11 - 2016-07-29 09:50 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-23 23:11 - 2016-04-27 08:11 - 00750030 _____ C:\WINDOWS\system32\perfh005.dat
2016-10-23 23:11 - 2016-04-27 08:11 - 00150654 _____ C:\WINDOWS\system32\perfc005.dat
2016-10-23 23:04 - 2016-07-29 09:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-23 23:04 - 2016-04-27 08:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-23 23:02 - 2015-10-30 08:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-10-22 07:03 - 2016-07-26 08:02 - 00000000 ____D C:\Program Files\trend micro
2016-10-22 06:51 - 2016-08-05 11:54 - 00000000 ____D C:\WINDOWS\Minidump
2016-10-21 16:56 - 2014-12-20 10:15 - 00000000 __SHD C:\Users\Gabriela\Documents\System Volume Information
2016-10-21 10:33 - 2016-04-26 23:46 - 00350048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-21 10:33 - 2014-12-25 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-21 10:30 - 2016-03-14 08:51 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-21 10:29 - 2016-07-29 09:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-21 10:23 - 2014-12-19 09:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-10-21 03:00 - 2015-06-14 12:06 - 00000000 ____D C:\Users\Gabriela\Documents\Cechovní expedice
2016-10-20 17:37 - 2016-01-24 21:35 - 00007598 _____ C:\Users\Gabriela\AppData\Local\Resmon.ResmonCfg
2016-10-19 09:46 - 2016-02-21 15:17 - 00000000 ____D C:\Users\Gabriela\Documents\ROTUNDA
2016-10-16 12:41 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-10-16 00:46 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-16 00:46 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-14 14:34 - 2016-04-27 09:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-14 13:56 - 2016-01-23 12:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-14 13:56 - 2016-01-23 12:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-14 13:52 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-14 13:52 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-13 23:04 - 2015-11-27 03:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-13 23:04 - 2014-12-25 18:55 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-10-13 19:30 - 2014-12-20 05:06 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-10-12 22:51 - 2014-12-25 19:44 - 00000000 ____D C:\Users\Gabriela\Documents\Hry
2016-10-12 12:26 - 2013-08-22 15:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-10-12 12:24 - 2014-12-25 18:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-12 12:22 - 2014-12-25 18:42 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-12 12:21 - 2016-01-23 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-11 20:03 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-10-11 20:03 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-09 17:52 - 2014-12-25 16:35 - 00000000 ____D C:\Users\Gabriela\AppData\Local\Adobe
2016-10-09 15:51 - 2014-12-19 09:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-08 16:36 - 2015-02-08 20:00 - 00000134 _____ C:\Users\Gabriela\Desktop\hry.txt
2016-10-07 13:34 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-01 02:23 - 2015-10-30 09:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-01 02:23 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-26 19:34 - 2014-12-20 10:40 - 00000000 ____D C:\Users\Gabriela\AppData\Local\Packages

==================== Files in the root of some directories =======

2016-01-04 18:15 - 2016-01-04 18:15 - 0004608 _____ () C:\Users\Gabriela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-24 21:35 - 2016-10-20 17:37 - 0007598 _____ () C:\Users\Gabriela\AppData\Local\Resmon.ResmonCfg
2015-06-09 00:21 - 2015-06-09 00:21 - 0000003 _____ () C:\Users\Gabriela\AppData\Local\updater.log
2015-06-09 00:21 - 2016-08-06 18:28 - 0000424 _____ () C:\Users\Gabriela\AppData\Local\UserProducts.xml
2016-07-29 10:04 - 2016-07-29 10:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-25 16:52

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:111.35 GB) (Free:33.54 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:931.17 GB) (Free:840.34 GB) NTFS

Available physical RAM: 5888.82 MB
Total physical RAM: 8130.13 MB
Percentage of memory in use: 27%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C05C2587)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C05C25FF)
Partition 1: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-483752506-2189368557-1702194831-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Gabriela\Desktop" je 342 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
C:\Program Files\KMSpico\AutoPico.exe
C:\Windows\System32\KMSServer.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [691480 2013-11-20] () [File not signed]
C:\WINDOWS\LastGood.Tmp
C:\Users\Gabriela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\DP45977C.lfl
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[burrry]

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Gabriela (26-10-2016 10:12:16) Run:1
Running from C:\Users\Gabriela\Desktop
Loaded Profiles: Gabriela (Available Profiles: Gabriela)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
C:\Program Files\KMSpico\AutoPico.exe
C:\Windows\System32\KMSServer.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [691480 2013-11-20] () [File not signed]
C:\WINDOWS\LastGood.Tmp
C:\Users\Gabriela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\DP45977C.lfl
End
*****************

C:\Program Files\KMSpico\AutoPico.exe => moved successfully
C:\Windows\System32\KMSServer.exe => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
Service KMSELDI => service removed successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
C:\Users\Gabriela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

==== End of Fixlog 10:12:17 ====

[Rudy]

Smazáno. Log je již OK.

[burrry]

Děkuji moc.

[Rudy]

Rádo se stalo!