"preventivni" kontrola logu, sekani zvuku, videa , reklamy

[Peky]

dobre rano, prosim o kontrolu logu (sekani videi, vyskakovani reklam)

Logfile of random's system information tool 1.14 (written by random/random)
Run by jj at 2016-12-04 06:24:53
Microsoft Windows 10 Pro
System drive C: has 171 GB (72%) free of 238 GB
Total RAM: 3071 MB (46% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:25:05, on 4.12.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0672)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\jj\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\jj\AppData\Local\UpdateAdmin\UpdateAdmin.exe
C:\Users\jj\AppData\Roaming\Seznam.cz\szninstall.exe
C:\Games\WargamingGameUpdater.exe
C:\Users\jj\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Users\jj\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
C:\Program Files\trend micro\jj_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.eshield.com/general/new ... 5B3AD4}&i=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12454
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8013
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [OneDrive] "C:\Users\jj\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [UpdateAdmin] C:\Users\jj\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\jj\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\jj\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [World of Tanks] "C:\Games\WargamingGameUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - https://fpdownload.macromedia.com/pub/s ... tor/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{336ccda5-3d46-468a-b8b5-10dfce35e50b}: NameServer = 82.163.143.176 82.163.142.178
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.143.176 82.163.142.178
O17 - HKLM\System\CS1\Services\Tcpip\..\{336ccda5-3d46-468a-b8b5-10dfce35e50b}: NameServer = 82.163.143.176 82.163.142.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.143.176 82.163.142.178
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9296 bytes

======Enumerating Processes======

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource core
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Users\jj\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Users\jj\AppData\Local\UpdateAdmin\UpdateAdmin.exe" /RUN
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2253141340-2309542035-3164301-10005_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2253141340-2309542035-3164301-10005 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Users\jj\AppData\Roaming\Seznam.cz\szninstall.exe" -c
"C:\Games\WargamingGameUpdater.exe"
"C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe"
C:\Users\jj\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
"C:\Users\jj\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\fontdrvhost.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\jj\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=54.0.2840.99 --handshake-handle=0x154
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=A6B598F670AC99D06F806037D629ECDB --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=A6B598F670AC99D06F806037D629ECDB --channel="3724.2.1564219190\975898441" --mojo-platform-channel-handle=2360 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=E4A232BC018C2E5C0EC866B5D8EB6219 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=E4A232BC018C2E5C0EC866B5D8EB6219 --channel="3724.10.104917906\2139902774" --mojo-platform-channel-handle=7100 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --ppapi-flash-args --lang=cs --device-scale-factor=1 --mojo-application-channel-token=A9FE17FD4CB401737305B9BE9EBDC3D7 --mojo-platform-channel-handle=4372 --ignored=" --type=renderer " /prefetch:3
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\System32\InstallAgent.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 620 624 632 8192 628
"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetServiceDss -RestrictPrivileges -AccessKey 9AD6F51B-55E2-5E83-5A06-BB19FB2644E8 -Reinvoke
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\msfeedssync.exe sync
C:\WINDOWS\system32\wermgr.exe -upload
C:\WINDOWS\System32\sihclient.exe
C:\WINDOWS\System32\wsqmcons.exe
C:\WINDOWS\system32\compattelrunner.exe
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:wAchzcPn20y/2wlM.1
C:\Users\jj\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41161.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
"C:\Users\jj\Downloads\RSITx64.exe"
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe -Embedding
C:\WINDOWS\system32\schtasks.exe /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task - C:\Users\jj\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\UpdateAdmin - C:\Users\jj\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{7E34E83C-E88E-40EE-A69A-B74A0FA3F2FA} - C:\WINDOWS\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\{063790F2-F46E-4B93-A9DB-A9D514FCC90E} - C:\WINDOWS\system32\pcalua.exe -a C:\Users\jj\Downloads\neighbours-from-hell-2_1.0.exe -d C:\Users\jj\Downloads
C:\WINDOWS\system32\tasks\{7E757880-165B-FC72-3BEF-A1052CEAE97A} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\98700878\9a99cebb.dll"
C:\WINDOWS\system32\tasks\WPD\SqmUpload_S-1-5-21-2253141340-2309542035-3164301-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\WINDOWS\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - C:\WINDOWS\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe Reboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\SpaceMan.exe /Repair
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\StorageSense - %windir%\system32\rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://services.eshield.com/general/new ... 5B3AD4}&i="
prefs.js - "keyword.URL" - "http://search.eshield.com/serp?guid={32 ... _search&k="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
np32dsw.dll
ShockwavePlugin.class

C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\addons.json
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b}
Firefox Hello Beta - extension - loop@mozilla.org

C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\extensions.json
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b} - C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Search Expanse - extension - firefox@www.searchexpanse.com - C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\extensions\firefox@www.searchexpanse.com.xpi
Firefox Hello - extension - loop@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\loop@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\pluginreg.dat
Plugin - Google Update - 1.3.31.5 - C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
Plugin - Google Earth Plugin - 7.1.7.2600 - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Plugin - Shockwave for Director - 12.2.4.194 - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll
Plugin - Shockwave Flash - 23.0.0.185 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll
Plugin - Unity Player - 5.3.3.3441 - C:\Users\jj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

=========Google Chrome=========

C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension bgjpfhpjcgdppjbgnpnjllokbmcdllig 1 Seznam Lištička - Email 1.3.16
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cpmnhbncebjjpeligahihhphgkkblldl 1 Online Football Manager 1
Extension dkmjljdbbgogihjcapfhgkonfmccbffp 0 eShield 1.5
Extension dogdoihocdkadpalbghcpfafbojcfofa 0 MyStart New Tab 2.14.42
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension heglpchjbjmchcmenfopoohbdibnnfap 1 Penaltovém Rozstřelu 2010 1.0
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5416.905.0.6
Homepage:
default_search_provider.search_url:
C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dogdoihocdkadpalbghcpfafbojcfofa]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-04-05 2397752]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2016-04-05 1767432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\jj\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-08-24 633024]
"UpdateAdmin"=C:\Users\jj\AppData\Local\UpdateAdmin\UpdateAdmin.exe [2015-09-14 237840]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2016-10-13 2860832]
"cz.seznam.software.autoupdate"=C:\Users\jj\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\jj\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"World of Tanks"=C:\Games\WargamingGameUpdater.exe [2016-09-26 3134728]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=%SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-12-04 06:24:54 ----D---- C:\Program Files\trend micro
2016-12-04 06:24:53 ----D---- C:\rsit
2016-11-09 18:11:26 ----ASH---- C:\swapfile.sys
2016-11-09 18:11:26 ----ASH---- C:\pagefile.sys
2016-11-09 18:10:49 ----ASH---- C:\hiberfil.sys
2016-11-08 23:38:56 ----A---- C:\WINDOWS\SYSWOW64\MSVidCtl.dll
2016-11-08 23:38:54 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-11-08 23:38:50 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2016-11-08 23:38:47 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2016-11-08 23:38:45 ----A---- C:\WINDOWS\SYSWOW64\DafPrintProvider.dll
2016-11-08 23:38:44 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2016-11-08 23:38:42 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2016-11-08 23:38:38 ----A---- C:\WINDOWS\SYSWOW64\MosStorage.dll
2016-11-08 23:38:38 ----A---- C:\WINDOWS\SYSWOW64\MosHostClient.dll
2016-11-08 23:38:38 ----A---- C:\WINDOWS\SYSWOW64\MapsBtSvc.dll
2016-11-08 23:38:38 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2016-11-08 23:38:37 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2016-11-08 23:38:37 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2016-11-08 23:38:36 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2016-11-08 23:38:36 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2016-11-08 23:38:34 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2016-11-08 23:38:29 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2016-11-08 23:38:28 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-11-08 23:38:25 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2016-11-08 23:38:22 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-11-08 23:38:18 ----A---- C:\WINDOWS\SYSWOW64\msctf.dll
2016-11-08 23:38:17 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2016-11-08 23:38:15 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2016-11-08 23:38:08 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2016-11-08 23:38:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2016-11-08 23:38:06 ----A---- C:\WINDOWS\SYSWOW64\MessagingDataModel2.dll
2016-11-08 23:38:06 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2016-11-08 23:38:06 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2016-11-08 23:38:05 ----A---- C:\WINDOWS\system32\tquery.dll
2016-11-08 23:38:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.Globalization.dll
2016-11-08 23:38:03 ----A---- C:\WINDOWS\SYSWOW64\ActiveSyncProvider.dll
2016-11-08 23:38:02 ----A---- C:\WINDOWS\SYSWOW64\CredProvDataModel.dll
2016-11-08 23:38:01 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2016-11-08 23:38:00 ----A---- C:\WINDOWS\SYSWOW64\crypt32.dll
2016-11-08 23:37:59 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2016-11-08 23:37:59 ----A---- C:\WINDOWS\system32\mssrch.dll
2016-11-08 23:37:58 ----A---- C:\WINDOWS\SYSWOW64\LockAppHost.exe
2016-11-08 23:37:57 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2016-11-08 23:37:57 ----A---- C:\WINDOWS\SYSWOW64\ContactApis.dll
2016-11-08 23:37:56 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2016-11-08 23:37:56 ----A---- C:\WINDOWS\SYSWOW64\comdlg32.dll
2016-11-08 23:37:55 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2016-11-08 23:37:54 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2016-11-08 23:37:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Web.dll
2016-11-08 23:37:53 ----A---- C:\WINDOWS\SYSWOW64\CertEnroll.dll
2016-11-08 23:37:52 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2016-11-08 23:37:51 ----A---- C:\WINDOWS\SYSWOW64\AppointmentApis.dll
2016-11-08 23:37:50 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2016-11-08 23:37:49 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2016-11-08 23:37:48 ----A---- C:\WINDOWS\SYSWOW64\Taskmgr.exe
2016-11-08 23:37:48 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2016-11-08 23:37:47 ----A---- C:\WINDOWS\SYSWOW64\twinui.appcore.dll
2016-11-08 23:37:47 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2016-11-08 23:37:47 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2016-11-08 23:37:46 ----A---- C:\WINDOWS\SYSWOW64\twinapi.appcore.dll
2016-11-08 23:37:46 ----A---- C:\WINDOWS\SYSWOW64\prnfldr.dll
2016-11-08 23:37:46 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2016-11-08 23:37:46 ----A---- C:\WINDOWS\SYSWOW64\LogonController.dll
2016-11-08 23:37:45 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2016-11-08 23:37:45 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2016-11-08 23:37:44 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2016-11-08 23:37:44 ----A---- C:\WINDOWS\SYSWOW64\Windows.Graphics.Printing.3D.dll
2016-11-08 23:37:43 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2016-11-08 23:37:42 ----A---- C:\WINDOWS\SYSWOW64\RemoteNaturalLanguage.dll
2016-11-08 23:37:42 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2016-11-08 23:37:40 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2016-11-08 23:37:39 ----A---- C:\WINDOWS\SYSWOW64\propsys.dll
2016-11-08 23:37:37 ----A---- C:\WINDOWS\SYSWOW64\mstsc.exe
2016-11-08 23:37:36 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2016-11-08 23:37:35 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2016-11-08 23:37:35 ----A---- C:\WINDOWS\SYSWOW64\UIAnimation.dll
2016-11-08 23:37:35 ----A---- C:\WINDOWS\SYSWOW64\SettingSync.dll
2016-11-08 23:37:35 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2016-11-08 23:37:34 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2016-11-08 23:37:34 ----A---- C:\WINDOWS\SYSWOW64\msftedit.dll
2016-11-08 23:37:34 ----A---- C:\WINDOWS\system32\SIHClient.exe
2016-11-08 23:37:31 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2016-11-08 23:37:31 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2016-11-08 23:37:30 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2016-11-08 23:37:30 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2016-11-08 23:37:29 ----A---- C:\WINDOWS\SYSWOW64\SHCore.dll
2016-11-08 23:37:29 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2016-11-08 23:37:29 ----A---- C:\WINDOWS\SYSWOW64\mmc.exe
2016-11-08 23:37:28 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2016-11-08 23:37:27 ----A---- C:\WINDOWS\system32\drivers\usbd.sys
2016-11-08 23:37:25 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Speech.dll
2016-11-08 23:37:25 ----A---- C:\WINDOWS\SYSWOW64\gameux.dll
2016-11-08 23:37:24 ----A---- C:\WINDOWS\SYSWOW64\wlanapi.dll
2016-11-08 23:37:24 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2016-11-08 23:37:24 ----A---- C:\WINDOWS\SYSWOW64\MrmCoreR.dll
2016-11-08 23:37:23 ----A---- C:\WINDOWS\SYSWOW64\input.dll
2016-11-08 23:37:21 ----A---- C:\WINDOWS\SYSWOW64\WSShared.dll
2016-11-08 23:37:21 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2016-11-08 23:37:20 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2016-11-08 23:37:20 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2016-11-08 23:37:19 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2016-11-08 23:37:19 ----A---- C:\WINDOWS\system32\drivers\usbport.sys
2016-11-08 23:37:18 ----A---- C:\WINDOWS\SYSWOW64\mmcndmgr.dll
2016-11-08 23:37:17 ----A---- C:\WINDOWS\SYSWOW64\wdc.dll
2016-11-08 23:37:15 ----A---- C:\WINDOWS\SYSWOW64\WMPDMC.exe
2016-11-08 23:37:15 ----A---- C:\WINDOWS\SYSWOW64\NPSM.dll
2016-11-08 23:37:15 ----A---- C:\WINDOWS\SYSWOW64\GlobCollationHost.dll
2016-11-08 23:37:14 ----A---- C:\WINDOWS\SYSWOW64\wsecedit.dll
2016-11-08 23:37:14 ----A---- C:\WINDOWS\SYSWOW64\Display.dll
2016-11-08 23:37:13 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2016-11-08 23:37:13 ----A---- C:\WINDOWS\SYSWOW64\ntshrui.dll
2016-11-08 23:37:12 ----A---- C:\WINDOWS\SYSWOW64\wininetlui.dll
2016-11-08 23:37:12 ----A---- C:\WINDOWS\SYSWOW64\filemgmt.dll
2016-11-08 23:37:11 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2016-11-08 23:37:11 ----A---- C:\WINDOWS\SYSWOW64\PhoneOm.dll
2016-11-08 23:37:10 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-08 23:37:09 ----A---- C:\WINDOWS\SYSWOW64\mbsmsapi.dll
2016-11-08 23:37:07 ----A---- C:\WINDOWS\SYSWOW64\SearchFolder.dll
2016-11-08 23:37:07 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2016-11-08 23:37:06 ----A---- C:\WINDOWS\SYSWOW64\MbaeApiPublic.dll
2016-11-08 23:37:05 ----A---- C:\WINDOWS\SYSWOW64\certreq.exe
2016-11-08 23:37:00 ----A---- C:\WINDOWS\SYSWOW64\usercpl.dll
2016-11-08 23:36:59 ----A---- C:\WINDOWS\SYSWOW64\twinapi.dll
2016-11-08 23:36:59 ----A---- C:\WINDOWS\SYSWOW64\puiobj.dll
2016-11-08 23:36:58 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2016-11-08 23:36:57 ----A---- C:\WINDOWS\SYSWOW64\UXInit.dll
2016-11-08 23:36:57 ----A---- C:\WINDOWS\SYSWOW64\rasgcw.dll
2016-11-08 23:36:56 ----A---- C:\WINDOWS\SYSWOW64\UserLanguagesCpl.dll
2016-11-08 23:36:56 ----A---- C:\WINDOWS\SYSWOW64\rasdlg.dll
2016-11-08 23:36:56 ----A---- C:\WINDOWS\SYSWOW64\netshell.dll
2016-11-08 23:36:55 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.BackgroundTransfer.dll
2016-11-08 23:36:55 ----A---- C:\WINDOWS\SYSWOW64\SCardDlg.dll
2016-11-08 23:36:55 ----A---- C:\WINDOWS\SYSWOW64\LockAppBroker.dll
2016-11-08 23:36:55 ----A---- C:\WINDOWS\SYSWOW64\asycfilt.dll
2016-11-08 23:36:54 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Import.dll
2016-11-08 23:36:54 ----A---- C:\WINDOWS\SYSWOW64\OneDriveSettingSyncProvider.dll
2016-11-08 23:36:54 ----A---- C:\WINDOWS\SYSWOW64\oemlicense.dll
2016-11-08 23:36:53 ----A---- C:\WINDOWS\SYSWOW64\wvc.dll
2016-11-08 23:36:53 ----A---- C:\WINDOWS\SYSWOW64\themecpl.dll
2016-11-08 23:36:52 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2016-11-08 23:36:51 ----A---- C:\WINDOWS\SYSWOW64\WlanMM.dll
2016-11-08 23:36:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.Search.dll
2016-11-08 23:36:49 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Editing.dll
2016-11-08 23:36:49 ----A---- C:\WINDOWS\SYSWOW64\hgcpl.dll
2016-11-08 23:36:49 ----A---- C:\WINDOWS\SYSWOW64\DevicePairing.dll
2016-11-08 23:36:49 ----A---- C:\WINDOWS\system32\mssprxy.dll
2016-11-08 23:36:47 ----A---- C:\WINDOWS\SYSWOW64\SmartcardCredentialProvider.dll
2016-11-08 23:36:47 ----A---- C:\WINDOWS\SYSWOW64\objsel.dll
2016-11-08 23:36:47 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2016-11-08 23:36:46 ----A---- C:\WINDOWS\SYSWOW64\wcnwiz.dll
2016-11-08 23:36:46 ----A---- C:\WINDOWS\SYSWOW64\dui70.dll
2016-11-08 23:36:45 ----A---- C:\WINDOWS\SYSWOW64\PlayToManager.dll
2016-11-08 23:36:45 ----A---- C:\WINDOWS\system32\drivers\HdAudio.sys
2016-11-08 23:36:44 ----A---- C:\WINDOWS\SYSWOW64\WSSync.dll
2016-11-08 23:36:44 ----A---- C:\WINDOWS\SYSWOW64\WLanConn.dll
2016-11-08 23:36:44 ----A---- C:\WINDOWS\SYSWOW64\Windows.AccountsControl.dll
2016-11-08 23:36:44 ----A---- C:\WINDOWS\SYSWOW64\azroleui.dll
2016-11-08 23:36:43 ----A---- C:\WINDOWS\SYSWOW64\NPSMDesktopProvider.dll
2016-11-08 23:36:43 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2016-11-08 23:36:43 ----A---- C:\WINDOWS\system32\drivers\hdaudbus.sys
2016-11-08 23:36:41 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-11-08 23:36:41 ----A---- C:\WINDOWS\SYSWOW64\licensingdiag.exe
2016-11-08 23:36:41 ----A---- C:\WINDOWS\SYSWOW64\dot3ui.dll
2016-11-08 23:36:39 ----A---- C:\WINDOWS\system32\drivers\BthAvrcpTg.sys
2016-11-08 23:36:38 ----A---- C:\WINDOWS\SYSWOW64\IdCtrls.dll
2016-11-08 23:36:38 ----A---- C:\WINDOWS\SYSWOW64\GamePanel.exe
2016-11-08 23:36:38 ----A---- C:\WINDOWS\SYSWOW64\apprepsync.dll
2016-11-08 23:36:38 ----A---- C:\WINDOWS\SYSWOW64\apprepapi.dll
2016-11-08 23:36:37 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2016-11-08 23:36:33 ----A---- C:\WINDOWS\SYSWOW64\odbcconf.dll
2016-11-08 23:36:26 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2016-11-08 23:36:26 ----A---- C:\WINDOWS\SYSWOW64\atmlib.dll
2016-11-08 23:35:57 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2016-11-08 23:35:57 ----A---- C:\WINDOWS\system32\WWAHost.exe
2016-11-08 23:35:54 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2016-11-08 23:35:53 ----A---- C:\WINDOWS\system32\Pimstore.dll
2016-11-08 23:35:52 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2016-11-08 23:35:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2016-11-08 23:35:46 ----A---- C:\WINDOWS\system32\SpeechPal.dll
2016-11-08 23:35:44 ----A---- C:\WINDOWS\system32\wmpmde.dll
2016-11-08 23:35:44 ----A---- C:\WINDOWS\system32\CertEnroll.dll
2016-11-08 23:35:43 ----A---- C:\WINDOWS\system32\winmde.dll
2016-11-08 23:35:43 ----A---- C:\WINDOWS\system32\ContactApis.dll
2016-11-08 23:35:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2016-11-08 23:35:42 ----A---- C:\WINDOWS\system32\twinapi.appcore.dll
2016-11-08 23:35:41 ----A---- C:\WINDOWS\system32\mstsc.exe
2016-11-08 23:35:40 ----A---- C:\WINDOWS\system32\PortableDeviceApi.dll
2016-11-08 23:35:40 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2016-11-08 23:35:39 ----A---- C:\WINDOWS\system32\UserDataService.dll
2016-11-08 23:35:39 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-11-08 23:35:38 ----A---- C:\WINDOWS\system32\wpdshext.dll
2016-11-08 23:35:38 ----A---- C:\WINDOWS\system32\msv1_0.dll
2016-11-08 23:35:37 ----A---- C:\WINDOWS\SYSWOW64\PortableDeviceApi.dll
2016-11-08 23:35:37 ----A---- C:\WINDOWS\system32\EmailApis.dll
2016-11-08 23:35:36 ----A---- C:\WINDOWS\system32\ubpm.dll
2016-11-08 23:35:36 ----A---- C:\WINDOWS\system32\ChatApis.dll
2016-11-08 23:35:35 ----A---- C:\WINDOWS\system32\UIAnimation.dll
2016-11-08 23:35:35 ----A---- C:\WINDOWS\system32\sppsvc.exe
2016-11-08 23:35:32 ----A---- C:\WINDOWS\system32\wuauclt.exe
2016-11-08 23:35:32 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-11-08 23:35:31 ----A---- C:\WINDOWS\system32\wups.dll
2016-11-08 23:35:31 ----A---- C:\WINDOWS\system32\TpmTasks.dll
2016-11-08 23:35:31 ----A---- C:\WINDOWS\system32\sdengin2.dll
2016-11-08 23:35:30 ----A---- C:\WINDOWS\system32\WebcamUi.dll
2016-11-08 23:35:29 ----A---- C:\WINDOWS\system32\wuuhext.dll
2016-11-08 23:35:29 ----A---- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2016-11-08 23:35:28 ----A---- C:\WINDOWS\SYSWOW64\WebcamUi.dll
2016-11-08 23:35:28 ----A---- C:\WINDOWS\SYSWOW64\PortableDeviceConnectApi.dll
2016-11-08 23:35:28 ----A---- C:\WINDOWS\system32\PortableDeviceConnectApi.dll
2016-11-08 23:35:27 ----A---- C:\WINDOWS\system32\WalletService.dll
2016-11-08 23:35:27 ----A---- C:\WINDOWS\system32\StikyNot.exe
2016-11-08 23:35:27 ----A---- C:\WINDOWS\system32\AppointmentApis.dll
2016-11-08 23:35:26 ----A---- C:\WINDOWS\SYSWOW64\PortableDeviceClassExtension.dll
2016-11-08 23:35:26 ----A---- C:\WINDOWS\system32\RADCUI.dll
2016-11-08 23:35:26 ----A---- C:\WINDOWS\system32\racpldlg.dll
2016-11-08 23:35:25 ----A---- C:\WINDOWS\system32\Windows.Graphics.dll
2016-11-08 23:35:24 ----A---- C:\WINDOWS\system32\usocore.dll
2016-11-08 23:35:22 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2016-11-08 23:35:20 ----A---- C:\WINDOWS\system32\NMAA.dll
2016-11-08 23:35:19 ----A---- C:\WINDOWS\system32\MapsStore.dll
2016-11-08 23:35:19 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2016-11-08 23:35:19 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2016-11-08 23:35:15 ----A---- C:\WINDOWS\system32\mos.dll
2016-11-08 23:35:13 ----A---- C:\WINDOWS\system32\BingMaps.dll
2016-11-08 23:35:11 ----A---- C:\WINDOWS\system32\shell32.dll
2016-11-08 23:35:09 ----A---- C:\WINDOWS\SYSWOW64\wmpeffects.dll
2016-11-08 23:35:08 ----A---- C:\WINDOWS\system32\wmpeffects.dll
2016-11-08 23:35:07 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2016-11-08 23:35:04 ----A---- C:\WINDOWS\system32\wmp.dll
2016-11-08 23:34:58 ----A---- C:\WINDOWS\system32\windows.storage.dll
2016-11-08 23:34:57 ----A---- C:\WINDOWS\system32\WpcMon.exe
2016-11-08 23:34:56 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2016-11-08 23:34:55 ----A---- C:\WINDOWS\system32\Wpc.dll
2016-11-08 23:34:52 ----A---- C:\WINDOWS\system32\MosHostClient.dll
2016-11-08 23:34:52 ----A---- C:\WINDOWS\system32\mapsupdatetask.dll
2016-11-08 23:34:52 ----A---- C:\WINDOWS\system32\MapsCSP.dll
2016-11-08 23:34:52 ----A---- C:\WINDOWS\system32\MapsBtSvc.dll
2016-11-08 23:34:51 ----A---- C:\WINDOWS\system32\MosStorage.dll
2016-11-08 23:34:51 ----A---- C:\WINDOWS\system32\moshostcore.dll
2016-11-08 23:34:51 ----A---- C:\WINDOWS\system32\moshost.dll
2016-11-08 23:34:51 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-08 23:34:50 ----A---- C:\WINDOWS\system32\mmc.exe
2016-11-08 23:34:48 ----A---- C:\WINDOWS\SYSWOW64\Wpc.dll
2016-11-08 23:34:48 ----A---- C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-11-08 23:34:47 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2016-11-08 23:34:47 ----A---- C:\WINDOWS\system32\PrintDialogs3D.dll
2016-11-08 23:34:46 ----A---- C:\WINDOWS\system32\WpcWebSync.dll
2016-11-08 23:34:45 ----A---- C:\WINDOWS\system32\mfsvr.dll
2016-11-08 23:34:45 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-11-08 23:34:44 ----A---- C:\WINDOWS\SYSWOW64\WMVCORE.DLL
2016-11-08 23:34:44 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2016-11-08 23:34:43 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2016-11-08 23:34:41 ----A---- C:\WINDOWS\system32\msi.dll
2016-11-08 23:34:40 ----A---- C:\WINDOWS\system32\prnfldr.dll
2016-11-08 23:34:40 ----A---- C:\WINDOWS\system32\MbaeApiPublic.dll
2016-11-08 23:34:39 ----A---- C:\WINDOWS\system32\WMNetMgr.dll
2016-11-08 23:34:38 ----A---- C:\WINDOWS\system32\WindowsCodecsRaw.dll
2016-11-08 23:34:34 ----A---- C:\WINDOWS\system32\Windows.Web.dll
2016-11-08 23:34:33 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2016-11-08 23:34:32 ----A---- C:\WINDOWS\system32\wmpps.dll
2016-11-08 23:34:32 ----A---- C:\WINDOWS\system32\usercpl.dll
2016-11-08 23:34:32 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-11-08 23:34:31 ----A---- C:\WINDOWS\system32\Windows.Media.Import.dll
2016-11-08 23:34:31 ----A---- C:\WINDOWS\system32\PlayToManager.dll
2016-11-08 23:34:31 ----A---- C:\WINDOWS\system32\PhotoScreensaver.scr
2016-11-08 23:34:30 ----A---- C:\WINDOWS\system32\Windows.Storage.Search.dll
2016-11-08 23:34:29 ----A---- C:\WINDOWS\system32\dbgeng.dll
2016-11-08 23:34:28 ----A---- C:\WINDOWS\SYSWOW64\WMNetMgr.dll
2016-11-08 23:34:27 ----A---- C:\WINDOWS\system32\wmdrmdev.dll
2016-11-08 23:34:27 ----A---- C:\WINDOWS\system32\mfcore.dll
2016-11-08 23:34:27 ----A---- C:\WINDOWS\system32\mbsmsapi.dll
2016-11-08 23:34:26 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-11-08 23:34:26 ----A---- C:\WINDOWS\system32\PrintDialogs.dll
2016-11-08 23:34:26 ----A---- C:\WINDOWS\system32\mfps.dll
2016-11-08 23:34:25 ----A---- C:\WINDOWS\system32\ntshrui.dll
2016-11-08 23:34:25 ----A---- C:\WINDOWS\system32\localspl.dll
2016-11-08 23:34:23 ----A---- C:\WINDOWS\SYSWOW64\wmdrmsdk.dll
2016-11-08 23:34:23 ----A---- C:\WINDOWS\system32\wpncore.dll
2016-11-08 23:34:23 ----A---- C:\WINDOWS\system32\pmcsnap.dll
2016-11-08 23:34:22 ----A---- C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-11-08 23:34:22 ----A---- C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-11-08 23:34:21 ----A---- C:\WINDOWS\system32\wlansvc.dll
2016-11-08 23:34:20 ----A---- C:\WINDOWS\SYSWOW64\PhotoScreensaver.scr
2016-11-08 23:34:20 ----A---- C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-08 23:34:18 ----A---- C:\WINDOWS\system32\wmdrmsdk.dll
2016-11-08 23:34:17 ----A---- C:\WINDOWS\system32\rasgcw.dll
2016-11-08 23:34:17 ----A---- C:\WINDOWS\system32\cscui.dll
2016-11-08 23:34:16 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-11-08 23:34:16 ----A---- C:\WINDOWS\system32\wcnwiz.dll
2016-11-08 23:34:15 ----A---- C:\WINDOWS\system32\netcenter.dll
2016-11-08 23:34:13 ----A---- C:\WINDOWS\system32\wlanui.dll
2016-11-08 23:34:12 ----A---- C:\WINDOWS\system32\WLanConn.dll
2016-11-08 23:34:11 ----A---- C:\WINDOWS\system32\msdrm.dll
2016-11-08 23:34:11 ----A---- C:\WINDOWS\system32\IKEEXT.DLL
2016-11-08 23:34:10 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-11-08 23:34:10 ----A---- C:\WINDOWS\system32\mqsnap.dll
2016-11-08 23:34:10 ----A---- C:\WINDOWS\system32\LegacyNetUXHost.exe
2016-11-08 23:34:09 ----A---- C:\WINDOWS\SYSWOW64\WpcWebFilter.dll
2016-11-08 23:34:09 ----A---- C:\WINDOWS\system32\WpcWebFilter.dll
2016-11-08 23:34:09 ----A---- C:\WINDOWS\system32\odbcconf.dll
2016-11-08 23:34:09 ----A---- C:\WINDOWS\system32\MBMediaManager.dll
2016-11-08 23:34:08 ----A---- C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-11-08 23:34:08 ----A---- C:\WINDOWS\system32\rdpudd.dll
2016-11-08 23:34:08 ----A---- C:\WINDOWS\system32\drivers\genericusbfn.sys
2016-11-08 23:34:00 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2016-11-08 23:33:58 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-11-08 23:33:55 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2016-11-08 23:33:55 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2016-11-08 23:33:54 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2016-11-08 23:33:51 ----A---- C:\WINDOWS\system32\WWanAPI.dll
2016-11-08 23:33:51 ----A---- C:\WINDOWS\system32\diagtrack.dll
2016-11-08 23:33:48 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-11-08 23:33:45 ----A---- C:\WINDOWS\system32\msfeeds.dll
2016-11-08 23:33:44 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-11-08 23:33:43 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-11-08 23:33:39 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2016-11-08 23:33:39 ----A---- C:\WINDOWS\system32\CredProvDataModel.dll
2016-11-08 23:33:38 ----A---- C:\WINDOWS\system32\PhoneService.dll
2016-11-08 23:33:36 ----A---- C:\WINDOWS\system32\wininet.dll
2016-11-08 23:33:35 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-11-08 23:33:33 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-11-08 23:33:28 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-11-08 23:33:26 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-11-08 23:33:25 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-11-08 23:33:19 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2016-11-08 23:33:17 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-11-08 23:33:13 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-11-08 23:33:11 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-11-08 23:33:10 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2016-11-08 23:33:07 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-08 23:33:06 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-11-08 23:33:04 ----A---- C:\WINDOWS\system32\inetcomm.dll
2016-11-08 23:33:03 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-11-08 23:33:02 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2016-11-08 23:33:01 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-11-08 23:32:48 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2016-11-08 23:32:46 ----A---- C:\WINDOWS\system32\qmgr.dll
2016-11-08 23:32:44 ----A---- C:\WINDOWS\system32\twinui.appcore.dll
2016-11-08 23:32:44 ----A---- C:\WINDOWS\system32\DafPrintProvider.dll
2016-11-08 23:32:42 ----A---- C:\WINDOWS\system32\crypt32.dll
2016-11-08 23:32:41 ----A---- C:\WINDOWS\system32\OpcServices.dll
2016-11-08 23:32:40 ----A---- C:\WINDOWS\system32\combase.dll
2016-11-08 23:32:39 ----A---- C:\WINDOWS\system32\winload.exe
2016-11-08 23:32:38 ----A---- C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-11-08 23:32:38 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2016-11-08 23:32:37 ----A---- C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-08 23:32:36 ----A---- C:\WINDOWS\system32\dosvc.dll
2016-11-08 23:32:35 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2016-11-08 23:32:35 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-08 23:32:33 ----A---- C:\WINDOWS\system32\ole32.dll
2016-11-08 23:32:33 ----A---- C:\WINDOWS\system32\ntdll.dll
2016-11-08 23:32:31 ----A---- C:\WINDOWS\system32\drivers\mup.sys
2016-11-08 23:32:30 ----A---- C:\WINDOWS\system32\SettingSync.dll
2016-11-08 23:32:30 ----A---- C:\WINDOWS\system32\MrmCoreR.dll
2016-11-08 23:32:29 ----A---- C:\WINDOWS\system32\WMPDMC.exe
2016-11-08 23:32:29 ----A---- C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-11-08 23:32:29 ----A---- C:\WINDOWS\system32\UserLanguagesCpl.dll
2016-11-08 23:32:29 ----A---- C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-08 23:32:28 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2016-11-08 23:32:28 ----A---- C:\WINDOWS\system32\drivers\bowser.sys
2016-11-08 23:32:27 ----A---- C:\WINDOWS\system32\WSShared.dll
2016-11-08 23:32:27 ----A---- C:\WINDOWS\system32\MiracastReceiver.dll
2016-11-08 23:32:26 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-11-08 23:32:26 ----A---- C:\WINDOWS\system32\PhoneOm.dll
2016-11-08 23:32:25 ----A---- C:\WINDOWS\system32\workfolderssvc.dll
2016-11-08 23:32:25 ----A---- C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-11-08 23:32:25 ----A---- C:\WINDOWS\system32\dxtrans.dll
2016-11-08 23:32:24 ----A---- C:\WINDOWS\system32\WSService.dll
2016-11-08 23:32:23 ----A---- C:\WINDOWS\system32\drivers\ndiswan.sys
2016-11-08 23:32:23 ----A---- C:\WINDOWS\system32\DMRServer.dll
2016-11-08 23:32:23 ----A---- C:\WINDOWS\system32\asycfilt.dll
2016-11-08 23:32:22 ----A---- C:\WINDOWS\system32\netcfgx.dll
2016-11-08 23:32:22 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 23:32:21 ----A---- C:\WINDOWS\system32\SearchFolder.dll
2016-11-08 23:32:20 ----A---- C:\WINDOWS\system32\wininetlui.dll
2016-11-08 23:32:20 ----A---- C:\WINDOWS\system32\netman.dll
2016-11-08 23:32:19 ----A---- C:\WINDOWS\system32\wvc.dll
2016-11-08 23:32:19 ----A---- C:\WINDOWS\system32\LogonController.dll
2016-11-08 23:32:18 ----A---- C:\WINDOWS\system32\Windows.Devices.Picker.dll
2016-11-08 23:32:18 ----A---- C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2016-11-08 23:32:18 ----A---- C:\WINDOWS\system32\SRH.dll
2016-11-08 23:32:17 ----A---- C:\WINDOWS\system32\wwansvc.dll
2016-11-08 23:32:17 ----A---- C:\WINDOWS\system32\ConhostV2.dll
2016-11-08 23:32:17 ----A---- C:\WINDOWS\system32\AppxApplicabilityEngine.dll
2016-11-08 23:32:15 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2016-11-08 23:32:15 ----A---- C:\WINDOWS\system32\ListSvc.dll
2016-11-08 23:32:14 ----A---- C:\WINDOWS\system32\netshell.dll
2016-11-08 23:32:13 ----A---- C:\WINDOWS\system32\wwanmm.dll
2016-11-08 23:32:13 ----A---- C:\WINDOWS\system32\wdc.dll
2016-11-08 23:32:12 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2016-11-08 23:32:12 ----A---- C:\WINDOWS\system32\werconcpl.dll
2016-11-08 23:32:11 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2016-11-08 23:32:11 ----A---- C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2016-11-08 23:32:10 ----A---- C:\WINDOWS\system32\wwanconn.dll
2016-11-08 23:32:10 ----A---- C:\WINDOWS\system32\WUDFPlatform.dll
2016-11-08 23:32:10 ----A---- C:\WINDOWS\system32\WFS.exe
2016-11-08 23:32:10 ----A---- C:\WINDOWS\system32\pnidui.dll
2016-11-08 23:32:09 ----A---- C:\WINDOWS\system32\wpr.exe
2016-11-08 23:32:09 ----A---- C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2016-11-08 23:32:08 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2016-11-08 23:32:08 ----A---- C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-08 23:32:08 ----A---- C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2016-11-08 23:32:08 ----A---- C:\WINDOWS\system32\bisrv.dll
2016-11-08 23:32:07 ----A---- C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2016-11-08 23:32:07 ----A---- C:\WINDOWS\system32\webcheck.dll
2016-11-08 23:32:07 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2016-11-08 23:32:06 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2016-11-08 23:32:06 ----A---- C:\WINDOWS\system32\iepeers.dll
2016-11-08 23:32:05 ----A---- C:\WINDOWS\system32\WSSync.dll
2016-11-08 23:32:05 ----A---- C:\WINDOWS\system32\PlayToReceiver.dll
2016-11-08 23:32:05 ----A---- C:\WINDOWS\system32\credprovs.dll
2016-11-08 23:32:05 ----A---- C:\WINDOWS\system32\browserbroker.dll
2016-11-08 23:32:04 ----A---- C:\WINDOWS\system32\mshtmled.dll
2016-11-08 23:32:04 ----A---- C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2016-11-08 23:32:04 ----A---- C:\WINDOWS\system32\dot3ui.dll
2016-11-08 23:32:04 ----A---- C:\WINDOWS\system32\domgmt.dll
2016-11-08 23:32:04 ----A---- C:\WINDOWS\system32\CellularAPI.dll
2016-11-08 23:32:04 ----A---- C:\WINDOWS\system32\aadtb.dll
2016-11-08 23:31:57 ----A---- C:\WINDOWS\system32\ApplicationFrame.dll
2016-11-08 23:31:56 ----A---- C:\WINDOWS\system32\MSVidCtl.dll
2016-11-08 23:31:56 ----A---- C:\WINDOWS\system32\d2d1.dll
2016-11-08 23:31:54 ----A---- C:\WINDOWS\system32\winhttp.dll
2016-11-08 23:31:52 ----A---- C:\WINDOWS\system32\twinui.dll
2016-11-08 23:31:49 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2016-11-08 23:31:49 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2016-11-08 23:31:49 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2016-11-08 23:31:48 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-11-08 23:31:46 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-11-08 23:31:43 ----A---- C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-11-08 23:31:43 ----A---- C:\WINDOWS\system32\msctf.dll
2016-11-08 23:31:41 ----A---- C:\WINDOWS\system32\fveapibase.dll
2016-11-08 23:31:40 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-11-08 23:31:40 ----A---- C:\WINDOWS\system32\fveapi.dll
2016-11-08 23:31:38 ----A---- C:\WINDOWS\SYSWOW64\UIRibbon.dll
2016-11-08 23:31:38 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2016-11-08 23:31:37 ----A---- C:\WINDOWS\system32\MessagingDataModel2.dll
2016-11-08 23:31:36 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-08 23:31:35 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-11-08 23:31:34 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-08 23:31:33 ----A---- C:\WINDOWS\system32\diagtrack_win.dll
2016-11-08 23:31:32 ----A---- C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-08 23:31:31 ----A---- C:\WINDOWS\system32\winresume.exe
2016-11-08 23:31:30 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2016-11-08 23:31:29 ----A---- C:\WINDOWS\system32\UIRibbon.dll
2016-11-08 23:31:29 ----A---- C:\WINDOWS\system32\LockAppHost.exe
2016-11-08 23:31:28 ----A---- C:\WINDOWS\system32\comdlg32.dll
2016-11-08 23:31:26 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-08 23:31:26 ----A---- C:\WINDOWS\explorer.exe
2016-11-08 23:31:24 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-08 23:31:23 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-11-08 23:31:22 ----A---- C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-11-08 23:31:21 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-11-08 23:31:21 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2016-11-08 23:31:21 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2016-11-08 23:31:20 ----A---- C:\WINDOWS\system32\audiosrv.dll
2016-11-08 23:31:19 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2016-11-08 23:31:19 ----A---- C:\WINDOWS\system32\atmfd.dll
2016-11-08 23:31:17 ----A---- C:\WINDOWS\system32\Taskmgr.exe
2016-11-08 23:31:16 ----A---- C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-11-08 23:31:16 ----A---- C:\WINDOWS\system32\NgcCtnrGidsHandler.dll
2016-11-08 23:31:15 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-08 23:31:15 ----A---- C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-08 23:31:13 ----A---- C:\WINDOWS\system32\wintrust.dll
2016-11-08 23:31:13 ----A---- C:\WINDOWS\system32\authui.dll
2016-11-08 23:31:12 ----A---- C:\WINDOWS\system32\propsys.dll
2016-11-08 23:31:11 ----A---- C:\WINDOWS\system32\wsecedit.dll
2016-11-08 23:31:11 ----A---- C:\WINDOWS\system32\ShareHost.dll
2016-11-08 23:31:11 ----A---- C:\WINDOWS\system32\GamePanel.exe
2016-11-08 23:31:10 ----A---- C:\WINDOWS\system32\RDXService.dll
2016-11-08 23:31:10 ----A---- C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-08 23:31:10 ----A---- C:\WINDOWS\system32\DXP.dll
2016-11-08 23:31:09 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-08 23:31:09 ----A---- C:\WINDOWS\system32\HttpsDataSource.dll
2016-11-08 23:31:08 ----A---- C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-11-08 23:31:08 ----A---- C:\WINDOWS\system32\SHCore.dll
2016-11-08 23:31:07 ----A---- C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-11-08 23:31:07 ----A---- C:\WINDOWS\system32\internetmail.dll
2016-11-08 23:31:07 ----A---- C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-08 23:31:06 ----A---- C:\WINDOWS\system32\ClipUp.exe
2016-11-08 23:31:06 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2016-11-08 23:31:05 ----A---- C:\WINDOWS\system32\wldp.dll
2016-11-08 23:31:05 ----A---- C:\WINDOWS\system32\vss_ps.dll
2016-11-08 23:31:05 ----A---- C:\WINDOWS\system32\RDXTaskFactory.dll
2016-11-08 23:31:05 ----A---- C:\WINDOWS\system32\input.dll
2016-11-08 23:31:04 ----A---- C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-11-08 23:31:04 ----A---- C:\WINDOWS\system32\phoneactivate.exe
2016-11-08 23:31:04 ----A---- C:\WINDOWS\system32\NPSM.dll
2016-11-08 23:31:04 ----A---- C:\WINDOWS\system32\DevicePairing.dll
2016-11-08 23:31:03 ----A---- C:\WINDOWS\system32\sppwinob.dll
2016-11-08 23:31:03 ----A---- C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-11-08 23:31:03 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2016-11-08 23:31:02 ----A---- C:\WINDOWS\system32\sppobjs.dll
2016-11-08 23:31:01 ----A---- C:\WINDOWS\system32\gameux.dll
2016-11-08 23:31:00 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-08 23:31:00 ----A---- C:\WINDOWS\system32\pcasvc.dll
2016-11-08 23:30:59 ----A---- C:\WINDOWS\system32\wbengine.exe
2016-11-08 23:30:59 ----A---- C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-08 23:30:59 ----A---- C:\WINDOWS\system32\AppReadiness.dll
2016-11-08 23:30:54 ----A---- C:\WINDOWS\system32\themecpl.dll
2016-11-08 23:30:53 ----A---- C:\WINDOWS\system32\SyncCenter.dll
2016-11-08 23:30:53 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2016-11-08 23:30:52 ----A---- C:\WINDOWS\system32\SharedStartModel.dll
2016-11-08 23:30:52 ----A---- C:\WINDOWS\system32\reseteng.dll
2016-11-08 23:30:51 ----A---- C:\WINDOWS\system32\twinapi.dll
2016-11-08 23:30:51 ----A---- C:\WINDOWS\system32\syncutil.dll
2016-11-08 23:30:51 ----A---- C:\WINDOWS\system32\SCardDlg.dll
2016-11-08 23:30:51 ----A---- C:\WINDOWS\system32\certprop.dll
2016-11-08 23:30:50 ----A---- C:\WINDOWS\system32\UXInit.dll
2016-11-08 23:30:50 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2016-11-08 23:30:50 ----A---- C:\WINDOWS\system32\ExecModelClient.dll
2016-11-08 23:30:50 ----A---- C:\WINDOWS\system32\certreq.exe
2016-11-08 23:30:49 ----A---- C:\WINDOWS\system32\msftedit.dll
2016-11-08 23:30:49 ----A---- C:\WINDOWS\system32\hgcpl.dll
2016-11-08 23:30:48 ----A---- C:\WINDOWS\system32\cryptui.dll
2016-11-08 23:30:48 ----A---- C:\WINDOWS\system32\APHostService.dll
2016-11-08 23:30:47 ----A---- C:\WINDOWS\system32\fhsvc.dll
2016-11-08 23:30:46 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-08 23:30:46 ----A---- C:\WINDOWS\system32\themeui.dll
2016-11-08 23:30:45 ----A---- C:\WINDOWS\system32\dui70.dll
2016-11-08 23:30:45 ----A---- C:\WINDOWS\system32\certcli.dll
2016-11-08 23:30:45 ----A---- C:\WINDOWS\system32\AdmTmpl.dll
2016-11-08 23:30:44 ----A---- C:\WINDOWS\SYSWOW64\AdmTmpl.dll
2016-11-08 23:30:44 ----A---- C:\WINDOWS\system32\oemlicense.dll
2016-11-08 23:30:44 ----A---- C:\WINDOWS\system32\fhsettingsprovider.dll
2016-11-08 23:30:43 ----A---- C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2016-11-08 23:30:43 ----A---- C:\WINDOWS\system32\Display.dll
2016-11-08 23:30:42 ----A---- C:\WINDOWS\system32\msctfp.dll
2016-11-08 23:30:42 ----A---- C:\WINDOWS\system32\Dxpserver.exe
2016-11-08 23:30:40 ----A---- C:\WINDOWS\system32\zipfldr.dll
2016-11-08 23:30:40 ----A---- C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-11-08 23:30:40 ----A---- C:\WINDOWS\system32\NPSMDesktopProvider.dll
2016-11-08 23:30:40 ----A---- C:\WINDOWS\system32\ActivationManager.dll
2016-11-08 23:30:39 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2016-11-08 23:30:39 ----A---- C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-11-08 23:30:39 ----A---- C:\WINDOWS\system32\edputil.dll
2016-11-08 23:30:38 ----A---- C:\WINDOWS\system32\mspaint.exe
2016-11-08 23:30:36 ----A---- C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2016-11-08 23:30:36 ----A---- C:\WINDOWS\system32\licensingdiag.exe
2016-11-08 23:30:36 ----A---- C:\WINDOWS\system32\FingerprintEnrollment.dll
2016-11-08 23:30:36 ----A---- C:\WINDOWS\system32\drivers\scfilter.sys
2016-11-08 23:30:36 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-11-08 23:30:35 ----A---- C:\WINDOWS\system32\winsrv.dll
2016-11-08 23:30:35 ----A---- C:\WINDOWS\system32\UIRibbonRes.dll
2016-11-08 23:30:35 ----A---- C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-08 23:30:35 ----A---- C:\WINDOWS\system32\IdCtrls.dll
2016-11-08 23:30:35 ----A---- C:\WINDOWS\system32\apprepsync.dll
2016-11-08 23:30:35 ----A---- C:\WINDOWS\system32\apprepapi.dll
2016-11-08 23:30:34 ----A---- C:\WINDOWS\SYSWOW64\UIRibbonRes.dll
2016-11-08 23:30:34 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2016-11-08 23:30:33 ----A---- C:\WINDOWS\system32\sud.dll
2016-11-08 23:30:32 ----A---- C:\WINDOWS\system32\atmlib.dll

======List of files/folders modified in the last 1 month======

2016-12-04 06:25:17 ----D---- C:\WINDOWS\AppReadiness
2016-12-04 06:25:06 ----D---- C:\WINDOWS\Prefetch
2016-12-04 06:24:59 ----HD---- C:\Program Files\WindowsApps
2016-12-04 06:24:54 ----RD---- C:\Program Files
2016-12-04 06:24:50 ----D---- C:\WINDOWS\Temp
2016-12-04 06:24:05 ----D---- C:\WINDOWS\system32\sru
2016-12-04 06:22:39 ----AD---- C:\Program Files (x86)\Steam
2016-12-01 06:05:55 ----D---- C:\Windows
2016-12-01 06:05:52 ----D---- C:\Users\jj\AppData\Roaming\MPC-HC
2016-12-01 06:04:20 ----D---- C:\Users\jj\AppData\Roaming\Seznam.cz
2016-12-01 06:00:04 ----D---- C:\WINDOWS\INF
2016-11-14 18:08:05 ----D---- C:\WINDOWS\Logs
2016-11-14 18:08:05 ----D---- C:\WINDOWS\debug
2016-11-14 18:08:04 ----D---- C:\WINDOWS\Minidump
2016-11-14 14:16:41 ----D---- C:\WINDOWS\System32
2016-11-14 14:16:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-14 13:56:55 ----AD---- C:\KMPlayer
2016-11-12 16:56:20 ----D---- C:\WINDOWS\Microsoft.NET
2016-11-11 19:50:35 ----D---- C:\WINDOWS\system32\config
2016-11-11 17:22:03 ----D---- C:\ProgramData\{1446b617-412c-1}
2016-11-10 19:42:40 ----D---- C:\WINDOWS\WinSxS
2016-11-10 19:36:35 ----D---- C:\WINDOWS\CbsTemp
2016-11-10 19:36:31 ----D---- C:\WINDOWS\system32\appraiser
2016-11-10 13:55:05 ----D---- C:\Games
2016-11-09 21:43:46 ----D---- C:\WINDOWS\rescache
2016-11-09 21:40:31 ----SHD---- C:\System Volume Information
2016-11-09 21:35:36 ----RSD---- C:\WINDOWS\assembly
2016-11-09 20:37:16 ----D---- C:\WINDOWS\system32\DriverStore
2016-11-09 20:32:36 ----D---- C:\WINDOWS\system32\catroot2
2016-11-09 18:14:55 ----HD---- C:\$WINDOWS.~BT
2016-11-09 18:11:39 ----D---- C:\WINDOWS\system32\Tasks
2016-11-09 18:10:55 ----D---- C:\WINDOWS\system32\drivers
2016-11-09 14:23:35 ----SD---- C:\WINDOWS\SYSWOW64\F12
2016-11-09 14:23:35 ----D---- C:\WINDOWS\SYSWOW64\migration
2016-11-09 14:23:35 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-11-09 14:23:35 ----D---- C:\WINDOWS\SysWOW64
2016-11-09 14:23:31 ----D---- C:\WINDOWS\system32\wbem
2016-11-09 14:23:31 ----D---- C:\WINDOWS\system32\oobe
2016-11-09 14:23:30 ----SD---- C:\WINDOWS\system32\F12
2016-11-09 14:23:30 ----D---- C:\WINDOWS\system32\migwiz
2016-11-09 14:23:30 ----D---- C:\WINDOWS\system32\migration
2016-11-09 14:23:30 ----D---- C:\WINDOWS\system32\cs-CZ
2016-11-09 14:23:30 ----D---- C:\WINDOWS\system32\Boot
2016-11-09 14:23:26 ----RD---- C:\WINDOWS\PrintDialog
2016-11-09 14:23:26 ----D---- C:\WINDOWS\Provisioning
2016-11-09 14:23:25 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-11-09 14:23:25 ----RD---- C:\WINDOWS\DevicesFlow
2016-11-09 14:23:23 ----D---- C:\WINDOWS\AppPatch
2016-11-09 14:23:23 ----D---- C:\Program Files\Windows Photo Viewer
2016-11-09 14:23:23 ----D---- C:\Program Files\Windows Media Player
2016-11-09 14:23:23 ----D---- C:\Program Files\Windows Mail
2016-11-09 14:23:23 ----D---- C:\Program Files\Windows Defender
2016-11-09 14:23:23 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2016-11-09 14:23:23 ----D---- C:\Program Files (x86)\Windows Mail
2016-11-09 14:23:23 ----D---- C:\Program Files (x86)\Windows Defender
2016-11-09 14:23:23 ----D---- C:\Program Files (x86)\Internet Explorer
2016-11-09 14:23:22 ----D---- C:\Program Files\Internet Explorer
2016-11-09 14:19:59 ----DC---- C:\WINDOWS\Panther
2016-11-09 14:15:05 ----D---- C:\WINDOWS\Registration
2016-11-09 13:21:57 ----D---- C:\WINDOWS\system32\MRT
2016-11-09 13:17:48 ----AC---- C:\WINDOWS\system32\MRT.exe
2016-11-08 23:06:50 ----A---- C:\WINDOWS\system32\facecredentialprovider.dll
2016-11-08 22:37:26 ----D---- C:\WINDOWS\system32\Macromed
2016-11-08 22:37:15 ----D---- C:\WINDOWS\SYSWOW64\Macromed

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2016-03-01 175616]
R3 NVNET;@netnvm64.inf,%NVENETFD.Service.DispName%;NVIDIA nForce Ethernet Driver; C:\WINDOWS\System32\drivers\nvmf6264.sys [2015-10-30 344192]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2000-01-01 29800]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-04-05 28216]
R3 P17;@oem6.inf,%CTAudio_Device.Dev.amd64%;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-02-05 1529856]
S2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\WINDOWS\nvflsh64.sys []
S3 nvvad_WaveExtensible;@oem0.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2016-03-21 56384]
S4 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; %windir%\system32\svchost.exe -k apphost;"ServiceDll"=%windir%\system32\inetsrv\apphostsvc.dll
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-04-05 1164856]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2016-03-01 26624]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-04-05 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-04-05 2522680]
R2 OneSyncSvc_249249;Hostitel synchronizace_249249; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-04-05 3634232]
R3 PimIndexMaintenanceSvc_249249;Data kontaktů_249249; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
S2 OneSyncSvc_1041e6;Hostitel synchronizace_1041e6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_11ccb9f;Hostitel synchronizace_11ccb9f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_18959ed1f;Hostitel synchronizace_18959ed1f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_1de54;Hostitel synchronizace_1de54; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_2246a;Hostitel synchronizace_2246a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_2439d;Hostitel synchronizace_2439d; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_25b244;Hostitel synchronizace_25b244; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_274dc;Hostitel synchronizace_274dc; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_27abf;Hostitel synchronizace_27abf; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_3aa3e0af6;Hostitel synchronizace_3aa3e0af6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_5f04fe;Hostitel synchronizace_5f04fe; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_6594eb;Hostitel synchronizace_6594eb; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [2016-10-13 329480]
S3 MessagingService_1041e6;Služba zasílání zpráv_1041e6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_11ccb9f;Služba zasílání zpráv_11ccb9f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_18959ed1f;Služba zasílání zpráv_18959ed1f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_1de54;Služba zasílání zpráv_1de54; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_2246a;Služba zasílání zpráv_2246a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_2439d;Služba zasílání zpráv_2439d; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_249249;Služba zasílání zpráv_249249; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_25b244;Služba zasílání zpráv_25b244; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_274dc;Služba zasílání zpráv_274dc; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_27abf;Služba zasílání zpráv_27abf; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_3aa3e0af6;Služba zasílání zpráv_3aa3e0af6; C:\WINDOWS\system32\svchost.exe -k

[Peky]

UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_5f04fe;Služba zasílání zpráv_5f04fe; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_6594eb;Služba zasílání zpráv_6594eb; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-06-05 146888]
S3 PimIndexMaintenanceSvc_1041e6;Data kontaktů_1041e6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_11ccb9f;Data kontaktů_11ccb9f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_18959ed1f;Data kontaktů_18959ed1f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_1de54;Data kontaktů_1de54; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_2246a;Data kontaktů_2246a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_2439d;Data kontaktů_2439d; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_25b244;Data kontaktů_25b244; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_274dc;Data kontaktů_274dc; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_27abf;Data kontaktů_27abf; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_3aa3e0af6;Data kontaktů_3aa3e0af6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_5f04fe;Data kontaktů_5f04fe; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_6594eb;Data kontaktů_6594eb; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-10-13 1459488]
S4 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-10-30 51376]

-----------------EOF-----------------
Logfile of random's system information tool 1.14 (written by random/random)
Run by jj at 2016-12-04 06:24:53
Microsoft Windows 10 Pro
System drive C: has 171 GB (72%) free of 238 GB
Total RAM: 3071 MB (46% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:25:05, on 4.12.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0672)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\jj\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\jj\AppData\Local\UpdateAdmin\UpdateAdmin.exe
C:\Users\jj\AppData\Roaming\Seznam.cz\szninstall.exe
C:\Games\WargamingGameUpdater.exe
C:\Users\jj\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Users\jj\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
C:\Program Files\trend micro\jj_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.eshield.com/general/new ... 5B3AD4}&i=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12454
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8013
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [OneDrive] "C:\Users\jj\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [UpdateAdmin] C:\Users\jj\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\jj\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\jj\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [World of Tanks] "C:\Games\WargamingGameUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - https://fpdownload.macromedia.com/pub/s ... tor/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{336ccda5-3d46-468a-b8b5-10dfce35e50b}: NameServer = 82.163.143.176 82.163.142.178
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.143.176 82.163.142.178
O17 - HKLM\System\CS1\Services\Tcpip\..\{336ccda5-3d46-468a-b8b5-10dfce35e50b}: NameServer = 82.163.143.176 82.163.142.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.143.176 82.163.142.178
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9296 bytes

======Enumerating Processes======

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource core
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Users\jj\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Users\jj\AppData\Local\UpdateAdmin\UpdateAdmin.exe" /RUN
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2253141340-2309542035-3164301-10005_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2253141340-2309542035-3164301-10005 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Users\jj\AppData\Roaming\Seznam.cz\szninstall.exe" -c
"C:\Games\WargamingGameUpdater.exe"
"C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe"
C:\Users\jj\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
"C:\Users\jj\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\fontdrvhost.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\jj\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=54.0.2840.99 --handshake-handle=0x154
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=A6B598F670AC99D06F806037D629ECDB --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=A6B598F670AC99D06F806037D629ECDB --channel="3724.2.1564219190\975898441" --mojo-platform-channel-handle=2360 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=E4A232BC018C2E5C0EC866B5D8EB6219 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=E4A232BC018C2E5C0EC866B5D8EB6219 --channel="3724.10.104917906\2139902774" --mojo-platform-channel-handle=7100 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --ppapi-flash-args --lang=cs --device-scale-factor=1 --mojo-application-channel-token=A9FE17FD4CB401737305B9BE9EBDC3D7 --mojo-platform-channel-handle=4372 --ignored=" --type=renderer " /prefetch:3
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\System32\InstallAgent.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 620 624 632 8192 628
"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetServiceDss -RestrictPrivileges -AccessKey 9AD6F51B-55E2-5E83-5A06-BB19FB2644E8 -Reinvoke
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\msfeedssync.exe sync
C:\WINDOWS\system32\wermgr.exe -upload
C:\WINDOWS\System32\sihclient.exe
C:\WINDOWS\System32\wsqmcons.exe
C:\WINDOWS\system32\compattelrunner.exe
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:wAchzcPn20y/2wlM.1
C:\Users\jj\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41161.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
"C:\Users\jj\Downloads\RSITx64.exe"
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe -Embedding
C:\WINDOWS\system32\schtasks.exe /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task - C:\Users\jj\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\UpdateAdmin - C:\Users\jj\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{7E34E83C-E88E-40EE-A69A-B74A0FA3F2FA} - C:\WINDOWS\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\{063790F2-F46E-4B93-A9DB-A9D514FCC90E} - C:\WINDOWS\system32\pcalua.exe -a C:\Users\jj\Downloads\neighbours-from-hell-2_1.0.exe -d C:\Users\jj\Downloads
C:\WINDOWS\system32\tasks\{7E757880-165B-FC72-3BEF-A1052CEAE97A} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\98700878\9a99cebb.dll"
C:\WINDOWS\system32\tasks\WPD\SqmUpload_S-1-5-21-2253141340-2309542035-3164301-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\WINDOWS\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - C:\WINDOWS\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe Reboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\SpaceMan.exe /Repair
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\StorageSense - %windir%\system32\rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://services.eshield.com/general/new ... 5B3AD4}&i="
prefs.js - "keyword.URL" - "http://search.eshield.com/serp?guid={32 ... _search&k="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
np32dsw.dll
ShockwavePlugin.class

C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\addons.json
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b}
Firefox Hello Beta - extension - loop@mozilla.org

C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\extensions.json
Seznam lištička - extension - {ea614400-e918-4741-9a97-7a972ff7c30b} - C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Search Expanse - extension - firefox@www.searchexpanse.com - C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\extensions\firefox@www.searchexpanse.com.xpi
Firefox Hello - extension - loop@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\loop@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\pluginreg.dat
Plugin - Google Update - 1.3.31.5 - C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
Plugin - Google Earth Plugin - 7.1.7.2600 - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Plugin - Shockwave for Director - 12.2.4.194 - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll
Plugin - Shockwave Flash - 23.0.0.185 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll
Plugin - Unity Player - 5.3.3.3441 - C:\Users\jj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

=========Google Chrome=========

C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension bgjpfhpjcgdppjbgnpnjllokbmcdllig 1 Seznam Lištička - Email 1.3.16
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cpmnhbncebjjpeligahihhphgkkblldl 1 Online Football Manager 1
Extension dkmjljdbbgogihjcapfhgkonfmccbffp 0 eShield 1.5
Extension dogdoihocdkadpalbghcpfafbojcfofa 0 MyStart New Tab 2.14.42
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension heglpchjbjmchcmenfopoohbdibnnfap 1 Penaltovém Rozstřelu 2010 1.0
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5416.905.0.6
Homepage:
default_search_provider.search_url:
C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dogdoihocdkadpalbghcpfafbojcfofa]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-04-05 2397752]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2016-04-05 1767432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\jj\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-08-24 633024]
"UpdateAdmin"=C:\Users\jj\AppData\Local\UpdateAdmin\UpdateAdmin.exe [2015-09-14 237840]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2016-10-13 2860832]
"cz.seznam.software.autoupdate"=C:\Users\jj\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\jj\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"World of Tanks"=C:\Games\WargamingGameUpdater.exe [2016-09-26 3134728]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=%SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-12-04 06:24:54 ----D---- C:\Program Files\trend micro
2016-12-04 06:24:53 ----D---- C:\rsit
2016-11-09 18:11:26 ----ASH---- C:\swapfile.sys
2016-11-09 18:11:26 ----ASH---- C:\pagefile.sys
2016-11-09 18:10:49 ----ASH---- C:\hiberfil.sys
2016-11-08 23:38:56 ----A---- C:\WINDOWS\SYSWOW64\MSVidCtl.dll
2016-11-08 23:38:54 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-11-08 23:38:50 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2016-11-08 23:38:47 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2016-11-08 23:38:45 ----A---- C:\WINDOWS\SYSWOW64\DafPrintProvider.dll
2016-11-08 23:38:44 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2016-11-08 23:38:42 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2016-11-08 23:38:38 ----A---- C:\WINDOWS\SYSWOW64\MosStorage.dll
2016-11-08 23:38:38 ----A---- C:\WINDOWS\SYSWOW64\MosHostClient.dll
2016-11-08 23:38:38 ----A---- C:\WINDOWS\SYSWOW64\MapsBtSvc.dll
2016-11-08 23:38:38 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2016-11-08 23:38:37 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2016-11-08 23:38:37 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2016-11-08 23:38:36 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2016-11-08 23:38:36 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2016-11-08 23:38:34 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2016-11-08 23:38:29 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2016-11-08 23:38:28 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-11-08 23:38:25 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2016-11-08 23:38:22 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-11-08 23:38:18 ----A---- C:\WINDOWS\SYSWOW64\msctf.dll
2016-11-08 23:38:17 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2016-11-08 23:38:15 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2016-11-08 23:38:08 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2016-11-08 23:38:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2016-11-08 23:38:06 ----A---- C:\WINDOWS\SYSWOW64\MessagingDataModel2.dll
2016-11-08 23:38:06 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2016-11-08 23:38:06 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2016-11-08 23:38:05 ----A---- C:\WINDOWS\system32\tquery.dll
2016-11-08 23:38:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.Globalization.dll
2016-11-08 23:38:03 ----A---- C:\WINDOWS\SYSWOW64\ActiveSyncProvider.dll
2016-11-08 23:38:02 ----A---- C:\WINDOWS\SYSWOW64\CredProvDataModel.dll
2016-11-08 23:38:01 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2016-11-08 23:38:00 ----A---- C:\WINDOWS\SYSWOW64\crypt32.dll
2016-11-08 23:37:59 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2016-11-08 23:37:59 ----A---- C:\WINDOWS\system32\mssrch.dll
2016-11-08 23:37:58 ----A---- C:\WINDOWS\SYSWOW64\LockAppHost.exe
2016-11-08 23:37:57 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2016-11-08 23:37:57 ----A---- C:\WINDOWS\SYSWOW64\ContactApis.dll
2016-11-08 23:37:56 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2016-11-08 23:37:56 ----A---- C:\WINDOWS\SYSWOW64\comdlg32.dll
2016-11-08 23:37:55 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2016-11-08 23:37:54 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2016-11-08 23:37:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Web.dll
2016-11-08 23:37:53 ----A---- C:\WINDOWS\SYSWOW64\CertEnroll.dll
2016-11-08 23:37:52 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2016-11-08 23:37:51 ----A---- C:\WINDOWS\SYSWOW64\AppointmentApis.dll
2016-11-08 23:37:50 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2016-11-08 23:37:49 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2016-11-08 23:37:48 ----A---- C:\WINDOWS\SYSWOW64\Taskmgr.exe
2016-11-08 23:37:48 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2016-11-08 23:37:47 ----A---- C:\WINDOWS\SYSWOW64\twinui.appcore.dll
2016-11-08 23:37:47 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2016-11-08 23:37:47 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2016-11-08 23:37:46 ----A---- C:\WINDOWS\SYSWOW64\twinapi.appcore.dll
2016-11-08 23:37:46 ----A---- C:\WINDOWS\SYSWOW64\prnfldr.dll
2016-11-08 23:37:46 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2016-11-08 23:37:46 ----A---- C:\WINDOWS\SYSWOW64\LogonController.dll
2016-11-08 23:37:45 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2016-11-08 23:37:45 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2016-11-08 23:37:44 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2016-11-08 23:37:44 ----A---- C:\WINDOWS\SYSWOW64\Windows.Graphics.Printing.3D.dll
2016-11-08 23:37:43 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2016-11-08 23:37:42 ----A---- C:\WINDOWS\SYSWOW64\RemoteNaturalLanguage.dll
2016-11-08 23:37:42 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2016-11-08 23:37:40 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2016-11-08 23:37:39 ----A---- C:\WINDOWS\SYSWOW64\propsys.dll
2016-11-08 23:37:37 ----A---- C:\WINDOWS\SYSWOW64\mstsc.exe
2016-11-08 23:37:36 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2016-11-08 23:37:35 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2016-11-08 23:37:35 ----A---- C:\WINDOWS\SYSWOW64\UIAnimation.dll
2016-11-08 23:37:35 ----A---- C:\WINDOWS\SYSWOW64\SettingSync.dll
2016-11-08 23:37:35 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2016-11-08 23:37:34 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2016-11-08 23:37:34 ----A---- C:\WINDOWS\SYSWOW64\msftedit.dll
2016-11-08 23:37:34 ----A---- C:\WINDOWS\system32\SIHClient.exe
2016-11-08 23:37:31 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2016-11-08 23:37:31 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2016-11-08 23:37:30 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2016-11-08 23:37:30 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2016-11-08 23:37:29 ----A---- C:\WINDOWS\SYSWOW64\SHCore.dll
2016-11-08 23:37:29 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2016-11-08 23:37:29 ----A---- C:\WINDOWS\SYSWOW64\mmc.exe
2016-11-08 23:37:28 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2016-11-08 23:37:27 ----A---- C:\WINDOWS\system32\drivers\usbd.sys
2016-11-08 23:37:25 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Speech.dll
2016-11-08 23:37:25 ----A---- C:\WINDOWS\SYSWOW64\gameux.dll
2016-11-08 23:37:24 ----A---- C:\WINDOWS\SYSWOW64\wlanapi.dll
2016-11-08 23:37:24 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2016-11-08 23:37:24 ----A---- C:\WINDOWS\SYSWOW64\MrmCoreR.dll
2016-11-08 23:37:23 ----A---- C:\WINDOWS\SYSWOW64\input.dll
2016-11-08 23:37:21 ----A---- C:\WINDOWS\SYSWOW64\WSShared.dll
2016-11-08 23:37:21 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2016-11-08 23:37:20 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2016-11-08 23:37:20 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2016-11-08 23:37:19 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2016-11-08 23:37:19 ----A---- C:\WINDOWS\system32\drivers\usbport.sys
2016-11-08 23:37:18 ----A---- C:\WINDOWS\SYSWOW64\mmcndmgr.dll
2016-11-08 23:37:17 ----A---- C:\WINDOWS\SYSWOW64\wdc.dll
2016-11-08 23:37:15 ----A---- C:\WINDOWS\SYSWOW64\WMPDMC.exe
2016-11-08 23:37:15 ----A---- C:\WINDOWS\SYSWOW64\NPSM.dll
2016-11-08 23:37:15 ----A---- C:\WINDOWS\SYSWOW64\GlobCollationHost.dll
2016-11-08 23:37:14 ----A---- C:\WINDOWS\SYSWOW64\wsecedit.dll
2016-11-08 23:37:14 ----A---- C:\WINDOWS\SYSWOW64\Display.dll
2016-11-08 23:37:13 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2016-11-08 23:37:13 ----A---- C:\WINDOWS\SYSWOW64\ntshrui.dll
2016-11-08 23:37:12 ----A---- C:\WINDOWS\SYSWOW64\wininetlui.dll
2016-11-08 23:37:12 ----A---- C:\WINDOWS\SYSWOW64\filemgmt.dll
2016-11-08 23:37:11 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2016-11-08 23:37:11 ----A---- C:\WINDOWS\SYSWOW64\PhoneOm.dll
2016-11-08 23:37:10 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-08 23:37:09 ----A---- C:\WINDOWS\SYSWOW64\mbsmsapi.dll
2016-11-08 23:37:07 ----A---- C:\WINDOWS\SYSWOW64\SearchFolder.dll
2016-11-08 23:37:07 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2016-11-08 23:37:06 ----A---- C:\WINDOWS\SYSWOW64\MbaeApiPublic.dll
2016-11-08 23:37:05 ----A---- C:\WINDOWS\SYSWOW64\certreq.exe
2016-11-08 23:37:00 ----A---- C:\WINDOWS\SYSWOW64\usercpl.dll
2016-11-08 23:36:59 ----A---- C:\WINDOWS\SYSWOW64\twinapi.dll
2016-11-08 23:36:59 ----A---- C:\WINDOWS\SYSWOW64\puiobj.dll
2016-11-08 23:36:58 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2016-11-08 23:36:57 ----A---- C:\WINDOWS\SYSWOW64\UXInit.dll
2016-11-08 23:36:57 ----A---- C:\WINDOWS\SYSWOW64\rasgcw.dll
2016-11-08 23:36:56 ----A---- C:\WINDOWS\SYSWOW64\UserLanguagesCpl.dll
2016-11-08 23:36:56 ----A---- C:\WINDOWS\SYSWOW64\rasdlg.dll
2016-11-08 23:36:56 ----A---- C:\WINDOWS\SYSWOW64\netshell.dll
2016-11-08 23:36:55 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.BackgroundTransfer.dll
2016-11-08 23:36:55 ----A---- C:\WINDOWS\SYSWOW64\SCardDlg.dll
2016-11-08 23:36:55 ----A---- C:\WINDOWS\SYSWOW64\LockAppBroker.dll
2016-11-08 23:36:55 ----A---- C:\WINDOWS\SYSWOW64\asycfilt.dll
2016-11-08 23:36:54 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Import.dll
2016-11-08 23:36:54 ----A---- C:\WINDOWS\SYSWOW64\OneDriveSettingSyncProvider.dll
2016-11-08 23:36:54 ----A---- C:\WINDOWS\SYSWOW64\oemlicense.dll
2016-11-08 23:36:53 ----A---- C:\WINDOWS\SYSWOW64\wvc.dll
2016-11-08 23:36:53 ----A---- C:\WINDOWS\SYSWOW64\themecpl.dll
2016-11-08 23:36:52 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2016-11-08 23:36:51 ----A---- C:\WINDOWS\SYSWOW64\WlanMM.dll
2016-11-08 23:36:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.Search.dll
2016-11-08 23:36:49 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Editing.dll
2016-11-08 23:36:49 ----A---- C:\WINDOWS\SYSWOW64\hgcpl.dll
2016-11-08 23:36:49 ----A---- C:\WINDOWS\SYSWOW64\DevicePairing.dll
2016-11-08 23:36:49 ----A---- C:\WINDOWS\system32\mssprxy.dll
2016-11-08 23:36:47 ----A---- C:\WINDOWS\SYSWOW64\SmartcardCredentialProvider.dll
2016-11-08 23:36:47 ----A---- C:\WINDOWS\SYSWOW64\objsel.dll
2016-11-08 23:36:47 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2016-11-08 23:36:46 ----A---- C:\WINDOWS\SYSWOW64\wcnwiz.dll
2016-11-08 23:36:46 ----A---- C:\WINDOWS\SYSWOW64\dui70.dll
2016-11-08 23:36:45 ----A---- C:\WINDOWS\SYSWOW64\PlayToManager.dll
2016-11-08 23:36:45 ----A---- C:\WINDOWS\system32\drivers\HdAudio.sys
2016-11-08 23:36:44 ----A---- C:\WINDOWS\SYSWOW64\WSSync.dll
2016-11-08 23:36:44 ----A---- C:\WINDOWS\SYSWOW64\WLanConn.dll
2016-11-08 23:36:44 ----A---- C:\WINDOWS\SYSWOW64\Windows.AccountsControl.dll
2016-11-08 23:36:44 ----A---- C:\WINDOWS\SYSWOW64\azroleui.dll
2016-11-08 23:36:43 ----A---- C:\WINDOWS\SYSWOW64\NPSMDesktopProvider.dll
2016-11-08 23:36:43 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2016-11-08 23:36:43 ----A---- C:\WINDOWS\system32\drivers\hdaudbus.sys
2016-11-08 23:36:41 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-11-08 23:36:41 ----A---- C:\WINDOWS\SYSWOW64\licensingdiag.exe
2016-11-08 23:36:41 ----A---- C:\WINDOWS\SYSWOW64\dot3ui.dll
2016-11-08 23:36:39 ----A---- C:\WINDOWS\system32\drivers\BthAvrcpTg.sys
2016-11-08 23:36:38 ----A---- C:\WINDOWS\SYSWOW64\IdCtrls.dll
2016-11-08 23:36:38 ----A---- C:\WINDOWS\SYSWOW64\GamePanel.exe
2016-11-08 23:36:38 ----A---- C:\WINDOWS\SYSWOW64\apprepsync.dll
2016-11-08 23:36:38 ----A---- C:\WINDOWS\SYSWOW64\apprepapi.dll
2016-11-08 23:36:37 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2016-11-08 23:36:33 ----A---- C:\WINDOWS\SYSWOW64\odbcconf.dll
2016-11-08 23:36:26 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2016-11-08 23:36:26 ----A---- C:\WINDOWS\SYSWOW64\atmlib.dll
2016-11-08 23:35:57 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2016-11-08 23:35:57 ----A---- C:\WINDOWS\system32\WWAHost.exe
2016-11-08 23:35:54 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2016-11-08 23:35:53 ----A---- C:\WINDOWS\system32\Pimstore.dll
2016-11-08 23:35:52 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2016-11-08 23:35:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2016-11-08 23:35:46 ----A---- C:\WINDOWS\system32\SpeechPal.dll
2016-11-08 23:35:44 ----A---- C:\WINDOWS\system32\wmpmde.dll
2016-11-08 23:35:44 ----A---- C:\WINDOWS\system32\CertEnroll.dll
2016-11-08 23:35:43 ----A---- C:\WINDOWS\system32\winmde.dll
2016-11-08 23:35:43 ----A---- C:\WINDOWS\system32\ContactApis.dll
2016-11-08 23:35:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2016-11-08 23:35:42 ----A---- C:\WINDOWS\system32\twinapi.appcore.dll
2016-11-08 23:35:41 ----A---- C:\WINDOWS\system32\mstsc.exe
2016-11-08 23:35:40 ----A---- C:\WINDOWS\system32\PortableDeviceApi.dll
2016-11-08 23:35:40 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2016-11-08 23:35:39 ----A---- C:\WINDOWS\system32\UserDataService.dll
2016-11-08 23:35:39 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-11-08 23:35:38 ----A---- C:\WINDOWS\system32\wpdshext.dll
2016-11-08 23:35:38 ----A---- C:\WINDOWS\system32\msv1_0.dll
2016-11-08 23:35:37 ----A---- C:\WINDOWS\SYSWOW64\PortableDeviceApi.dll
2016-11-08 23:35:37 ----A---- C:\WINDOWS\system32\EmailApis.dll
2016-11-08 23:35:36 ----A---- C:\WINDOWS\system32\ubpm.dll
2016-11-08 23:35:36 ----A---- C:\WINDOWS\system32\ChatApis.dll
2016-11-08 23:35:35 ----A---- C:\WINDOWS\system32\UIAnimation.dll
2016-11-08 23:35:35 ----A---- C:\WINDOWS\system32\sppsvc.exe
2016-11-08 23:35:32 ----A---- C:\WINDOWS\system32\wuauclt.exe
2016-11-08 23:35:32 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-11-08 23:35:31 ----A---- C:\WINDOWS\system32\wups.dll
2016-11-08 23:35:31 ----A---- C:\WINDOWS\system32\TpmTasks.dll
2016-11-08 23:35:31 ----A---- C:\WINDOWS\system32\sdengin2.dll
2016-11-08 23:35:30 ----A---- C:\WINDOWS\system32\WebcamUi.dll
2016-11-08 23:35:29 ----A---- C:\WINDOWS\system32\wuuhext.dll
2016-11-08 23:35:29 ----A---- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2016-11-08 23:35:28 ----A---- C:\WINDOWS\SYSWOW64\WebcamUi.dll
2016-11-08 23:35:28 ----A---- C:\WINDOWS\SYSWOW64\PortableDeviceConnectApi.dll
2016-11-08 23:35:28 ----A---- C:\WINDOWS\system32\PortableDeviceConnectApi.dll
2016-11-08 23:35:27 ----A---- C:\WINDOWS\system32\WalletService.dll
2016-11-08 23:35:27 ----A---- C:\WINDOWS\system32\StikyNot.exe
2016-11-08 23:35:27 ----A---- C:\WINDOWS\system32\AppointmentApis.dll
2016-11-08 23:35:26 ----A---- C:\WINDOWS\SYSWOW64\PortableDeviceClassExtension.dll
2016-11-08 23:35:26 ----A---- C:\WINDOWS\system32\RADCUI.dll
2016-11-08 23:35:26 ----A---- C:\WINDOWS\system32\racpldlg.dll
2016-11-08 23:35:25 ----A---- C:\WINDOWS\system32\Windows.Graphics.dll
2016-11-08 23:35:24 ----A---- C:\WINDOWS\system32\usocore.dll
2016-11-08 23:35:22 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2016-11-08 23:35:20 ----A---- C:\WINDOWS\system32\NMAA.dll
2016-11-08 23:35:19 ----A---- C:\WINDOWS\system32\MapsStore.dll
2016-11-08 23:35:19 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2016-11-08 23:35:19 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2016-11-08 23:35:15 ----A---- C:\WINDOWS\system32\mos.dll
2016-11-08 23:35:13 ----A---- C:\WINDOWS\system32\BingMaps.dll
2016-11-08 23:35:11 ----A---- C:\WINDOWS\system32\shell32.dll
2016-11-08 23:35:09 ----A---- C:\WINDOWS\SYSWOW64\wmpeffects.dll
2016-11-08 23:35:08 ----A---- C:\WINDOWS\system32\wmpeffects.dll
2016-11-08 23:35:07 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2016-11-08 23:35:04 ----A---- C:\WINDOWS\system32\wmp.dll
2016-11-08 23:34:58 ----A---- C:\WINDOWS\system32\windows.storage.dll
2016-11-08 23:34:57 ----A---- C:\WINDOWS\system32\WpcMon.exe
2016-11-08 23:34:56 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2016-11-08 23:34:55 ----A---- C:\WINDOWS\system32\Wpc.dll
2016-11-08 23:34:52 ----A---- C:\WINDOWS\system32\MosHostClient.dll
2016-11-08 23:34:52 ----A---- C:\WINDOWS\system32\mapsupdatetask.dll
2016-11-08 23:34:52 ----A---- C:\WINDOWS\system32\MapsCSP.dll
2016-11-08 23:34:52 ----A---- C:\WINDOWS\system32\MapsBtSvc.dll
2016-11-08 23:34:51 ----A---- C:\WINDOWS\system32\MosStorage.dll
2016-11-08 23:34:51 ----A---- C:\WINDOWS\system32\moshostcore.dll
2016-11-08 23:34:51 ----A---- C:\WINDOWS\system32\moshost.dll
2016-11-08 23:34:51 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-08 23:34:50 ----A---- C:\WINDOWS\system32\mmc.exe
2016-11-08 23:34:48 ----A---- C:\WINDOWS\SYSWOW64\Wpc.dll
2016-11-08 23:34:48 ----A---- C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-11-08 23:34:47 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2016-11-08 23:34:47 ----A---- C:\WINDOWS\system32\PrintDialogs3D.dll
2016-11-08 23:34:46 ----A---- C:\WINDOWS\system32\WpcWebSync.dll
2016-11-08 23:34:45 ----A---- C:\WINDOWS\system32\mfsvr.dll
2016-11-08 23:34:45 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-11-08 23:34:44 ----A---- C:\WINDOWS\SYSWOW64\WMVCORE.DLL
2016-11-08 23:34:44 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2016-11-08 23:34:43 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2016-11-08 23:34:41 ----A---- C:\WINDOWS\system32\msi.dll
2016-11-08 23:34:40 ----A---- C:\WINDOWS\system32\prnfldr.dll
2016-11-08 23:34:40 ----A---- C:\WINDOWS\system32\MbaeApiPublic.dll
2016-11-08 23:34:39 ----A---- C:\WINDOWS\system32\WMNetMgr.dll
2016-11-08 23:34:38 ----A---- C:\WINDOWS\system32\WindowsCodecsRaw.dll
2016-11-08 23:34:34 ----A---- C:\WINDOWS\system32\Windows.Web.dll
2016-11-08 23:34:33 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2016-11-08 23:34:32 ----A---- C:\WINDOWS\system32\wmpps.dll
2016-11-08 23:34:32 ----A---- C:\WINDOWS\system32\usercpl.dll
2016-11-08 23:34:32 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-11-08 23:34:31 ----A---- C:\WINDOWS\system32\Windows.Media.Import.dll
2016-11-08 23:34:31 ----A---- C:\WINDOWS\system32\PlayToManager.dll
2016-11-08 23:34:31 ----A---- C:\WINDOWS\system32\PhotoScreensaver.scr
2016-11-08 23:34:30 ----A---- C:\WINDOWS\system32\Windows.Storage.Search.dll
2016-11-08 23:34:29 ----A---- C:\WINDOWS\system32\dbgeng.dll
2016-11-08 23:34:28 ----A---- C:\WINDOWS\SYSWOW64\WMNetMgr.dll
2016-11-08 23:34:27 ----A---- C:\WINDOWS\system32\wmdrmdev.dll
2016-11-08 23:34:27 ----A---- C:\WINDOWS\system32\mfcore.dll
2016-11-08 23:34:27 ----A---- C:\WINDOWS\system32\mbsmsapi.dll
2016-11-08 23:34:26 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-11-08 23:34:26 ----A---- C:\WINDOWS\system32\PrintDialogs.dll
2016-11-08 23:34:26 ----A---- C:\WINDOWS\system32\mfps.dll
2016-11-08 23:34:25 ----A---- C:\WINDOWS\system32\ntshrui.dll
2016-11-08 23:34:25 ----A---- C:\WINDOWS\system32\localspl.dll
2016-11-08 23:34:23 ----A---- C:\WINDOWS\SYSWOW64\wmdrmsdk.dll
2016-11-08 23:34:23 ----A---- C:\WINDOWS\system32\wpncore.dll
2016-11-08 23:34:23 ----A---- C:\WINDOWS\system32\pmcsnap.dll
2016-11-08 23:34:22 ----A---- C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-11-08 23:34:22 ----A---- C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-11-08 23:34:21 ----A---- C:\WINDOWS\system32\wlansvc.dll
2016-11-08 23:34:20 ----A---- C:\WINDOWS\SYSWOW64\PhotoScreensaver.scr
2016-11-08 23:34:20 ----A---- C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-08 23:34:18 ----A---- C:\WINDOWS\system32\wmdrmsdk.dll
2016-11-08 23:34:17 ----A---- C:\WINDOWS\system32\rasgcw.dll
2016-11-08 23:34:17 ----A---- C:\WINDOWS\system32\cscui.dll
2016-11-08 23:34:16 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-11-08 23:34:16 ----A---- C:\WINDOWS\system32\wcnwiz.dll
2016-11-08 23:34:15 ----A---- C:\WINDOWS\system32\netcenter.dll
2016-11-08 23:34:13 ----A---- C:\WINDOWS\system32\wlanui.dll
2016-11-08 23:34:12 ----A---- C:\WINDOWS\system32\WLanConn.dll
2016-11-08 23:34:11 ----A---- C:\WINDOWS\system32\msdrm.dll
2016-11-08 23:34:11 ----A---- C:\WINDOWS\system32\IKEEXT.DLL
2016-11-08 23:34:10 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-11-08 23:34:10 ----A---- C:\WINDOWS\system32\mqsnap.dll
2016-11-08 23:34:10 ----A---- C:\WINDOWS\system32\LegacyNetUXHost.exe
2016-11-08 23:34:09 ----A---- C:\WINDOWS\SYSWOW64\WpcWebFilter.dll
2016-11-08 23:34:09 ----A---- C:\WINDOWS\system32\WpcWebFilter.dll
2016-11-08 23:34:09 ----A---- C:\WINDOWS\system32\odbcconf.dll
2016-11-08 23:34:09 ----A---- C:\WINDOWS\system32\MBMediaManager.dll
2016-11-08 23:34:08 ----A---- C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-11-08 23:34:08 ----A---- C:\WINDOWS\system32\rdpudd.dll
2016-11-08 23:34:08 ----A---- C:\WINDOWS\system32\drivers\genericusbfn.sys
2016-11-08 23:34:00 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2016-11-08 23:33:58 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-11-08 23:33:55 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2016-11-08 23:33:55 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2016-11-08 23:33:54 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2016-11-08 23:33:51 ----A---- C:\WINDOWS\system32\WWanAPI.dll
2016-11-08 23:33:51 ----A---- C:\WINDOWS\system32\diagtrack.dll
2016-11-08 23:33:48 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-11-08 23:33:45 ----A---- C:\WINDOWS\system32\msfeeds.dll
2016-11-08 23:33:44 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-11-08 23:33:43 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-11-08 23:33:39 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2016-11-08 23:33:39 ----A---- C:\WINDOWS\system32\CredProvDataModel.dll
2016-11-08 23:33:38 ----A---- C:\WINDOWS\system32\PhoneService.dll
2016-11-08 23:33:36 ----A---- C:\WINDOWS\system32\wininet.dll
2016-11-08 23:33:35 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-11-08 23:33:33 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-11-08 23:33:28 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-11-08 23:33:26 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-11-08 23:33:25 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-11-08 23:33:19 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2016-11-08 23:33:17 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-11-08 23:33:13 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-11-08 23:33:11 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-11-08 23:33:10 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2016-11-08 23:33:07 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-08 23:33:06 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-11-08 23:33:04 ----A---- C:\WINDOWS\system32\inetcomm.dll
2016-11-08 23:33:03 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-11-08 23:33:02 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2016-11-08 23:33:01 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-11-08 23:32:48 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2016-11-08 23:32:46 ----A---- C:\WINDOWS\system32\qmgr.dll
2016-11-08 23:32:44 ----A---- C:\WINDOWS\system32\twinui.appcore.dll
2016-11-08 23:32:44 ----A---- C:\WINDOWS\system32\DafPrintProvider.dll
2016-11-08 23:32:42 ----A---- C:\WINDOWS\system32\crypt32.dll
2016-11-08 23:32:41 ----A---- C:\WINDOWS\system32\OpcServices.dll
2016-11-08 23:32:40 ----A---- C:\WINDOWS\system32\combase.dll
2016-11-08 23:32:39 ----A---- C:\WINDOWS\system32\winload.exe
2016-11-08 23:32:38 ----A---- C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-11-08 23:32:38 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2016-11-08 23:32:37 ----A---- C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-08 23:32:36 ----A---- C:\WINDOWS\system32\dosvc.dll
2016-11-08 23:32:35 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2016-11-08 23:32:35 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-08 23:32:33 ----A---- C:\WINDOWS\system32\ole32.dll
2016-11-08 23:32:33 ----A---- C:\WINDOWS\system32\ntdll.dll
2016-11-08 23:32:31 ----A---- C:\WINDOWS\system32\drivers\mup.sys
2016-11-08 23:32:30 ----A---- C:\WINDOWS\system32\SettingSync.dll
2016-11-08 23:32:30 ----A---- C:\WINDOWS\system32\MrmCoreR.dll
2016-11-08 23:32:29 ----A---- C:\WINDOWS\system32\WMPDMC.exe
2016-11-08 23:32:29 ----A---- C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-11-08 23:32:29 ----A---- C:\WINDOWS\system32\UserLanguagesCpl.dll
2016-11-08 23:32:29 ----A---- C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-08 23:32:28 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2016-11-08 23:32:28 ----A---- C:\WINDOWS\system32\drivers\bowser.sys
2016-11-08 23:32:27 ----A---- C:\WINDOWS\system32\WSShared.dll
2016-11-08 23:32:27 ----A---- C:\WINDOWS\system32\MiracastReceiver.dll
2016-11-08 23:32:26 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-11-08 23:32:26 ----A---- C:\WINDOWS\system32\PhoneOm.dll
2016-11-08 23:32:25 ----A---- C:\WINDOWS\system32\workfolderssvc.dll
2016-11-08 23:32:25 ----A---- C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-11-08 23:32:25 ----A---- C:\WINDOWS\system32\dxtrans.dll
2016-11-08 23:32:24 ----A---- C:\WINDOWS\system32\WSService.dll
2016-11-08 23:32:23 ----A---- C:\WINDOWS\system32\drivers\ndiswan.sys
2016-11-08 23:32:23 ----A---- C:\WINDOWS\system32\DMRServer.dll
2016-11-08 23:32:23 ----A---- C:\WINDOWS\system32\asycfilt.dll
2016-11-08 23:32:22 ----A---- C:\WINDOWS\system32\netcfgx.dll
2016-11-08 23:32:22 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 23:32:21 ----A---- C:\WINDOWS\system32\SearchFolder.dll
2016-11-08 23:32:20 ----A---- C:\WINDOWS\system32\wininetlui.dll
2016-11-08 23:32:20 ----A---- C:\WINDOWS\system32\netman.dll
2016-11-08 23:32:19 ----A---- C:\WINDOWS\system32\wvc.dll
2016-11-08 23:32:19 ----A---- C:\WINDOWS\system32\LogonController.dll
2016-11-08 23:32:18 ----A---- C:\WINDOWS\system32\Windows.Devices.Picker.dll
2016-11-08 23:32:18 ----A---- C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2016-11-08 23:32:18 ----A---- C:\WINDOWS\system32\SRH.dll
2016-11-08 23:32:17 ----A---- C:\WINDOWS\system32\wwansvc.dll
2016-11-08 23:32:17 ----A---- C:\WINDOWS\system32\ConhostV2.dll
2016-11-08 23:32:17 ----A---- C:\WINDOWS\system32\AppxApplicabilityEngine.dll
2016-11-08 23:32:15 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2016-11-08 23:32:15 ----A---- C:\WINDOWS\system32\ListSvc.dll
2016-11-08 23:32:14 ----A---- C:\WINDOWS\system32\netshell.dll
2016-11-08 23:32:13 ----A---- C:\WINDOWS\system32\wwanmm.dll
2016-11-08 23:32:13 ----A---- C:\WINDOWS\system32\wdc.dll
2016-11-08 23:32:12 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2016-11-08 23:32:12 ----A---- C:\WINDOWS\system32\werconcpl.dll
2016-11-08 23:32:11 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2016-11-08 23:32:11 ----A---- C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2016-11-08 23:32:10 ----A---- C:\WINDOWS\system32\wwanconn.dll
2016-11-08 23:32:10 ----A---- C:\WINDOWS\system32\WUDFPlatform.dll
2016-11-08 23:32:10 ----A---- C:\WINDOWS\system32\WFS.exe
2016-11-08 23:32:10 ----A---- C:\WINDOWS\system32\pnidui.dll
2016-11-08 23:32:09 ----A---- C:\WINDOWS\system32\wpr.exe
2016-11-08 23:32:09 ----A---- C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2016-11-08 23:32:08 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2016-11-08 23:32:08 ----A---- C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-08 23:32:08 ----A---- C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2016-11-08 23:32:08 ----A---- C:\WINDOWS\system32\bisrv.dll
2016-11-08 23:32:07 ----A---- C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2016-11-08 23:32:07 ----A---- C:\WINDOWS\system32\webcheck.dll
2016-11-08 23:32:07 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2016-11-08 23:32:06 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2016-11-08 23:32:06 ----A---- C:\WINDOWS\system32\iepeers.dll
2016-11-08 23:32:05 ----A---- C:\WINDOWS\system32\WSSync.dll
2016-11-08 23:32:05 ----A---- C:\WINDOWS\system32\PlayToReceiver.dll
2016-11-08 23:32:05 ----A---- C:\WINDOWS\system32\credprovs.dll
2016-11-08 23:32:05 ----A---- C:\WINDOWS\system32\browserbroker.dll
2016-11-08 23:32:04 ----A---- C:\WINDOWS\system32\mshtmled.dll
2016-11-08 23:32:04 ----A---- C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2016-11-08 23:32:04 ----A---- C:\WINDOWS\system32\dot3ui.dll
2016-11-08 23:32:04 ----A---- C:\WINDOWS\system32\domgmt.dll
2016-11-08 23:32:04 ----A---- C:\WINDOWS\system32\CellularAPI.dll
2016-11-08 23:32:04 ----A---- C:\WINDOWS\system32\aadtb.dll
2016-11-08 23:31:57 ----A---- C:\WINDOWS\system32\ApplicationFrame.dll
2016-11-08 23:31:56 ----A---- C:\WINDOWS\system32\MSVidCtl.dll
2016-11-08 23:31:56 ----A---- C:\WINDOWS\system32\d2d1.dll
2016-11-08 23:31:54 ----A---- C:\WINDOWS\system32\winhttp.dll
2016-11-08 23:31:52 ----A---- C:\WINDOWS\system32\twinui.dll
2016-11-08 23:31:49 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2016-11-08 23:31:49 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2016-11-08 23:31:49 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2016-11-08 23:31:48 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-11-08 23:31:46 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-11-08 23:31:43 ----A---- C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-11-08 23:31:43 ----A---- C:\WINDOWS\system32\msctf.dll
2016-11-08 23:31:41 ----A---- C:\WINDOWS\system32\fveapibase.dll
2016-11-08 23:31:40 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-11-08 23:31:40 ----A---- C:\WINDOWS\system32\fveapi.dll
2016-11-08 23:31:38 ----A---- C:\WINDOWS\SYSWOW64\UIRibbon.dll
2016-11-08 23:31:38 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2016-11-08 23:31:37 ----A---- C:\WINDOWS\system32\MessagingDataModel2.dll
2016-11-08 23:31:36 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-08 23:31:35 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-11-08 23:31:34 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-08 23:31:33 ----A---- C:\WINDOWS\system32\diagtrack_win.dll
2016-11-08 23:31:32 ----A---- C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-08 23:31:31 ----A---- C:\WINDOWS\system32\winresume.exe
2016-11-08 23:31:30 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2016-11-08 23:31:29 ----A---- C:\WINDOWS\system32\UIRibbon.dll
2016-11-08 23:31:29 ----A---- C:\WINDOWS\system32\LockAppHost.exe
2016-11-08 23:31:28 ----A---- C:\WINDOWS\system32\comdlg32.dll
2016-11-08 23:31:26 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-08 23:31:26 ----A---- C:\WINDOWS\explorer.exe
2016-11-08 23:31:24 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-08 23:31:23 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-11-08 23:31:22 ----A---- C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-11-08 23:31:21 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-11-08 23:31:21 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2016-11-08 23:31:21 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2016-11-08 23:31:20 ----A---- C:\WINDOWS\system32\audiosrv.dll
2016-11-08 23:31:19 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2016-11-08 23:31:19 ----A---- C:\WINDOWS\system32\atmfd.dll
2016-11-08 23:31:17 ----A---- C:\WINDOWS\system32\Taskmgr.exe
2016-11-08 23:31:16 ----A---- C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-11-08 23:31:16 ----A---- C:\WINDOWS\system32\NgcCtnrGidsHandler.dll
2016-11-08 23:31:15 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-08 23:31:15 ----A---- C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-08 23:31:13 ----A---- C:\WINDOWS\system32\wintrust.dll
2016-11-08 23:31:13 ----A---- C:\WINDOWS\system32\authui.dll
2016-11-08 23:31:12 ----A---- C:\WINDOWS\system32\propsys.dll
2016-11-08 23:31:11 ----A---- C:\WINDOWS\system32\wsecedit.dll
2016-11-08 23:31:11 ----A---- C:\WINDOWS\system32\ShareHost.dll
2016-11-08 23:31:11 ----A---- C:\WINDOWS\system32\GamePanel.exe
2016-11-08 23:31:10 ----A---- C:\WINDOWS\system32\RDXService.dll
2016-11-08 23:31:10 ----A---- C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-08 23:31:10 ----A---- C:\WINDOWS\system32\DXP.dll
2016-11-08 23:31:09 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-08 23:31:09 ----A---- C:\WINDOWS\system32\HttpsDataSource.dll
2016-11-08 23:31:08 ----A---- C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-11-08 23:31:08 ----A---- C:\WINDOWS\system32\SHCore.dll
2016-11-08 23:31:07 ----A---- C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-11-08 23:31:07 ----A---- C:\WINDOWS\system32\internetmail.dll
2016-11-08 23:31:07 ----A---- C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-08 23:31:06 ----A---- C:\WINDOWS\system32\ClipUp.exe
2016-11-08 23:31:06 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2016-11-08 23:31:05 ----A---- C:\WINDOWS\system32\wldp.dll
2016-11-08 23:31:05 ----A---- C:\WINDOWS\system32\vss_ps.dll
2016-11-08 23:31:05 ----A---- C:\WINDOWS\system32\RDXTaskFactory.dll
2016-11-08 23:31:05 ----A---- C:\WINDOWS\system32\input.dll
2016-11-08 23:31:04 ----A---- C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-11-08 23:31:04 ----A---- C:\WINDOWS\system32\phoneactivate.exe
2016-11-08 23:31:04 ----A---- C:\WINDOWS\system32\NPSM.dll
2016-11-08 23:31:04 ----A---- C:\WINDOWS\system32\DevicePairing.dll
2016-11-08 23:31:03 ----A---- C:\WINDOWS\system32\sppwinob.dll
2016-11-08 23:31:03 ----A---- C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-11-08 23:31:03 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2016-11-08 23:31:02 ----A---- C:\WINDOWS\system32\sppobjs.dll
2016-11-08 23:31:01 ----A---- C:\WINDOWS\system32\gameux.dll
2016-11-08 23:31:00 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-08 23:31:00 ----A---- C:\WINDOWS\system32\pcasvc.dll
2016-11-08 23:30:59 ----A---- C:\WINDOWS\system32\wbengine.exe
2016-11-08 23:30:59 ----A---- C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-08 23:30:59 ----A---- C:\WINDOWS\system32\AppReadiness.dll
2016-11-08 23:30:54 ----A---- C:\WINDOWS\system32\themecpl.dll
2016-11-08 23:30:53 ----A---- C:\WINDOWS\system32\SyncCenter.dll
2016-11-08 23:30:53 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2016-11-08 23:30:52 ----A---- C:\WINDOWS\system32\SharedStartModel.dll
2016-11-08 23:30:52 ----A---- C:\WINDOWS\system32\reseteng.dll
2016-11-08 23:30:51 ----A---- C:\WINDOWS\system32\twinapi.dll
2016-11-08 23:30:51 ----A---- C:\WINDOWS\system32\syncutil.dll
2016-11-08 23:30:51 ----A---- C:\WINDOWS\system32\SCardDlg.dll
2016-11-08 23:30:51 ----A---- C:\WINDOWS\system32\certprop.dll
2016-11-08 23:30:50 ----A---- C:\WINDOWS\system32\UXInit.dll
2016-11-08 23:30:50 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2016-11-08 23:30:50 ----A---- C:\WINDOWS\system32\ExecModelClient.dll
2016-11-08 23:30:50 ----A---- C:\WINDOWS\system32\certreq.exe
2016-11-08 23:30:49 ----A---- C:\WINDOWS\system32\msftedit.dll
2016-11-08 23:30:49 ----A---- C:\WINDOWS\system32\hgcpl.dll
2016-11-08 23:30:48 ----A---- C:\WINDOWS\system32\cryptui.dll
2016-11-08 23:30:48 ----A---- C:\WINDOWS\system32\APHostService.dll
2016-11-08 23:30:47 ----A---- C:\WINDOWS\system32\fhsvc.dll
2016-11-08 23:30:46 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-08 23:30:46 ----A---- C:\WINDOWS\system32\themeui.dll
2016-11-08 23:30:45 ----A---- C:\WINDOWS\system32\dui70.dll
2016-11-08 23:30:45 ----A---- C:\WINDOWS\system32\certcli.dll
2016-11-08 23:30:45 ----A---- C:\WINDOWS\system32\AdmTmpl.dll
2016-11-08 23:30:44 ----A---- C:\WINDOWS\SYSWOW64\AdmTmpl.dll
2016-11-08 23:30:44 ----A---- C:\WINDOWS\system32\oemlicense.dll
2016-11-08 23:30:44 ----A---- C:\WINDOWS\system32\fhsettingsprovider.dll
2016-11-08 23:30:43 ----A---- C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2016-11-08 23:30:43 ----A---- C:\WINDOWS\system32\Display.dll
2016-11-08 23:30:42 ----A---- C:\WINDOWS\system32\msctfp.dll
2016-11-08 23:30:42 ----A---- C:\WINDOWS\system32\Dxpserver.exe
2016-11-08 23:30:40 ----A---- C:\WINDOWS\system32\zipfldr.dll
2016-11-08 23:30:40 ----A---- C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-11-08 23:30:40 ----A---- C:\WINDOWS\system32\NPSMDesktopProvider.dll
2016-11-08 23:30:40 ----A---- C:\WINDOWS\system32\ActivationManager.dll
2016-11-08 23:30:39 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2016-11-08 23:30:39 ----A---- C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-11-08 23:30:39 ----A---- C:\WINDOWS\system32\edputil.dll
2016-11-08 23:30:38 ----A---- C:\WINDOWS\system32\mspaint.exe
2016-11-08 23:30:36 ----A---- C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2016-11-08 23:30:36 ----A---- C:\WINDOWS\system32\licensingdiag.exe
2016-11-08 23:30:36 ----A---- C:\WINDOWS\system32\FingerprintEnrollment.dll
2016-11-08 23:30:36 ----A---- C:\WINDOWS\system32\drivers\scfilter.sys
2016-11-08 23:30:36 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-11-08 23:30:35 ----A---- C:\WINDOWS\system32\winsrv.dll
2016-11-08 23:30:35 ----A---- C:\WINDOWS\system32\UIRibbonRes.dll
2016-11-08 23:30:35 ----A---- C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-08 23:30:35 ----A---- C:\WINDOWS\system32\IdCtrls.dll
2016-11-08 23:30:35 ----A---- C:\WINDOWS\system32\apprepsync.dll
2016-11-08 23:30:35 ----A---- C:\WINDOWS\system32\apprepapi.dll
2016-11-08 23:30:34 ----A---- C:\WINDOWS\SYSWOW64\UIRibbonRes.dll
2016-11-08 23:30:34 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2016-11-08 23:30:33 ----A---- C:\WINDOWS\system32\sud.dll
2016-11-08 23:30:32 ----A---- C:\WINDOWS\system32\atmlib.dll

======List of files/folders modified in the last 1 month======

2016-12-04 06:25:17 ----D---- C:\WINDOWS\AppReadiness
2016-12-04 06:25:06 ----D---- C:\WINDOWS\Prefetch
2016-12-04 06:24:59 ----HD---- C:\Program Files\WindowsApps
2016-12-04 06:24:54 ----RD---- C:\Program Files
2016-12-04 06:24:50 ----D---- C:\WINDOWS\Temp
2016-12-04 06:24:05 ----D---- C:\WINDOWS\system32\sru
2016-12-04 06:22:39 ----AD---- C:\Program Files (x86)\Steam
2016-12-01 06:05:55 ----D---- C:\Windows
2016-12-01 06:05:52 ----D---- C:\Users\jj\AppData\Roaming\MPC-HC
2016-12-01 06:04:20 ----D---- C:\Users\jj\AppData\Roaming\Seznam.cz
2016-12-01 06:00:04 ----D---- C:\WINDOWS\INF
2016-11-14 18:08:05 ----D---- C:\WINDOWS\Logs
2016-11-14 18:08:05 ----D---- C:\WINDOWS\debug
2016-11-14 18:08:04 ----D---- C:\WINDOWS\Minidump
2016-11-14 14:16:41 ----D---- C:\WINDOWS\System32
2016-11-14 14:16:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-14 13:56:55 ----AD---- C:\KMPlayer
2016-11-12 16:56:20 ----D---- C:\WINDOWS\Microsoft.NET
2016-11-11 19:50:35 ----D---- C:\WINDOWS\system32\config
2016-11-11 17:22:03 ----D---- C:\ProgramData\{1446b617-412c-1}
2016-11-10 19:42:40 ----D---- C:\WINDOWS\WinSxS
2016-11-10 19:36:35 ----D---- C:\WINDOWS\CbsTemp
2016-11-10 19:36:31 ----D---- C:\WINDOWS\system32\appraiser
2016-11-10 13:55:05 ----D---- C:\Games
2016-11-09 21:43:46 ----D---- C:\WINDOWS\rescache
2016-11-09 21:40:31 ----SHD---- C:\System Volume Information
2016-11-09 21:35:36 ----RSD---- C:\WINDOWS\assembly
2016-11-09 20:37:16 ----D---- C:\WINDOWS\system32\DriverStore
2016-11-09 20:32:36 ----D---- C:\WINDOWS\system32\catroot2
2016-11-09 18:14:55 ----HD---- C:\$WINDOWS.~BT
2016-11-09 18:11:39 ----D---- C:\WINDOWS\system32\Tasks
2016-11-09 18:10:55 ----D---- C:\WINDOWS\system32\drivers
2016-11-09 14:23:35 ----SD---- C:\WINDOWS\SYSWOW64\F12
2016-11-09 14:23:35 ----D---- C:\WINDOWS\SYSWOW64\migration
2016-11-09 14:23:35 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-11-09 14:23:35 ----D---- C:\WINDOWS\SysWOW64
2016-11-09 14:23:31 ----D---- C:\WINDOWS\system32\wbem
2016-11-09 14:23:31 ----D---- C:\WINDOWS\system32\oobe
2016-11-09 14:23:30 ----SD---- C:\WINDOWS\system32\F12
2016-11-09 14:23:30 ----D---- C:\WINDOWS\system32\migwiz
2016-11-09 14:23:30 ----D---- C:\WINDOWS\system32\migration
2016-11-09 14:23:30 ----D---- C:\WINDOWS\system32\cs-CZ
2016-11-09 14:23:30 ----D---- C:\WINDOWS\system32\Boot
2016-11-09 14:23:26 ----RD---- C:\WINDOWS\PrintDialog
2016-11-09 14:23:26 ----D---- C:\WINDOWS\Provisioning
2016-11-09 14:23:25 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-11-09 14:23:25 ----RD---- C:\WINDOWS\DevicesFlow
2016-11-09 14:23:23 ----D---- C:\WINDOWS\AppPatch
2016-11-09 14:23:23 ----D---- C:\Program Files\Windows Photo Viewer
2016-11-09 14:23:23 ----D---- C:\Program Files\Windows Media Player
2016-11-09 14:23:23 ----D---- C:\Program Files\Windows Mail
2016-11-09 14:23:23 ----D---- C:\Program Files\Windows Defender
2016-11-09 14:23:23 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2016-11-09 14:23:23 ----D---- C:\Program Files (x86)\Windows Mail
2016-11-09 14:23:23 ----D---- C:\Program Files (x86)\Windows Defender
2016-11-09 14:23:23 ----D---- C:\Program Files (x86)\Internet Explorer
2016-11-09 14:23:22 ----D---- C:\Program Files\Internet Explorer
2016-11-09 14:19:59 ----DC---- C:\WINDOWS\Panther
2016-11-09 14:15:05 ----D---- C:\WINDOWS\Registration
2016-11-09 13:21:57 ----D---- C:\WINDOWS\system32\MRT
2016-11-09 13:17:48 ----AC---- C:\WINDOWS\system32\MRT.exe
2016-11-08 23:06:50 ----A---- C:\WINDOWS\system32\facecredentialprovider.dll
2016-11-08 22:37:26 ----D---- C:\WINDOWS\system32\Macromed
2016-11-08 22:37:15 ----D---- C:\WINDOWS\SYSWOW64\Macromed

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2016-03-01 175616]
R3 NVNET;@netnvm64.inf,%NVENETFD.Service.DispName%;NVIDIA nForce Ethernet Driver; C:\WINDOWS\System32\drivers\nvmf6264.sys [2015-10-30 344192]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2000-01-01 29800]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-04-05 28216]
R3 P17;@oem6.inf,%CTAudio_Device.Dev.amd64%;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-02-05 1529856]
S2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\WINDOWS\nvflsh64.sys []
S3 nvvad_WaveExtensible;@oem0.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2016-03-21 56384]
S4 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; %windir%\system32\svchost.exe -k apphost;"ServiceDll"=%windir%\system32\inetsrv\apphostsvc.dll
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-04-05 1164856]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2016-03-01 26624]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-04-05 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-04-05 2522680]
R2 OneSyncSvc_249249;Hostitel synchronizace_249249; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-04-05 3634232]
R3 PimIndexMaintenanceSvc_249249;Data kontaktů_249249; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
S2 OneSyncSvc_1041e6;Hostitel synchronizace_1041e6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_11ccb9f;Hostitel synchronizace_11ccb9f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_18959ed1f;Hostitel synchronizace_18959ed1f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_1de54;Hostitel synchronizace_1de54; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_2246a;Hostitel synchronizace_2246a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_2439d;Hostitel synchronizace_2439d; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_25b244;Hostitel synchronizace_25b244; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_274dc;Hostitel synchronizace_274dc; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_27abf;Hostitel synchronizace_27abf; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_3aa3e0af6;Hostitel synchronizace_3aa3e0af6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_5f04fe;Hostitel synchronizace_5f04fe; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 OneSyncSvc_6594eb;Hostitel synchronizace_6594eb; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [2016-10-13 329480]
S3 MessagingService_1041e6;Služba zasílání zpráv_1041e6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_11ccb9f;Služba zasílání zpráv_11ccb9f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_18959ed1f;Služba zasílání zpráv_18959ed1f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_1de54;Služba zasílání zpráv_1de54; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_2246a;Služba zasílání zpráv_2246a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_2439d;Služba zasílání zpráv_2439d; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_249249;Služba zasílání zpráv_249249; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_25b244;Služba zasílání zpráv_25b244; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_274dc;Služba zasílání zpráv_274dc; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_27abf;Služba zasílání zpráv_27abf; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_3aa3e0af6;Služba zasílání zpráv_3aa3e0af6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_5f04fe;Služba zasílání zpráv_5f04fe; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MessagingService_6594eb;Služba zasílání zpráv_6594eb; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-06-05 146888]
S3 PimIndexMaintenanceSvc_1041e6;Data kontaktů_1041e6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_11ccb9f;Data kontaktů_11ccb9f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_18959ed1f;Data kontaktů_18959ed1f; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_1de54;Data kontaktů_1de54; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_2246a;Data kontaktů_2246a; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_2439d;Data kontaktů_2439d; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_25b244;Data kontaktů_25b244; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_274dc;Data kontaktů_274dc; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_27abf;Data kontaktů_27abf; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_3aa3e0af6;Data kontaktů_3aa3e0af6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_5f04fe;Data kontaktů_5f04fe; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_6594eb;Data kontaktů_6594eb; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-10-13 1459488]
S4 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-10-30 51376]

-----------------EOF-----------------

[Márty84]

Zdravim

Podle http://www.koutas.cz/geospy/ tam mate IP z Tel Avivu, to mate schvalne?

IP adresa: 82.163.143.176
82.163.143.176
Země: Israel Zeměpisná výška: 32.0809°
Kód země: IL Zeměpisná šířka: 34.7806°
Region: Tel-Aviv Časová zóna: +02:00
Město: Tel Aviv GMT offset: 0hod.

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[Peky]

Dobry den, to nevim znamy koupil celou masinu i s WIN na aukro

zatim ADW

# AdwCleaner v6.040 - Log vytvořen 05/12/2016 v 17:10:05
# Aktualizováno dne 02/12/2016 z Malwarebytes
# Databáze : 2016-12-04.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : jj - JJ-PC
# Spuštěno z : C:\Users\jj\Downloads\adwcleaner_6.040.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Program Files (x86)\Search Expanse
[-] Složka smazána: C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\Extensions
[-] Složka smazána: C:\ProgramData\05a1ef3b-0117-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-0337-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-0683-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-0853-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-0991-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-09a3-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-09c5-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-0d91-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-12d5-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-1431-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-16e5-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-16f5-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-1737-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-1883-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-1983-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-1b11-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-1c21-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-1cb5-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-1cc5-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-1d23-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-1fa5-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-20f1-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-22a1-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-22e7-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-2421-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-2493-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-2953-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-2a45-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-2b57-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-2c73-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-2ca7-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-2cf3-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-2d43-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-2d87-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-2de1-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-2f15-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-3181-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-3235-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-3577-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-3577-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-35f1-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-3637-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-3695-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-3711-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-3831-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-39f3-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-3af5-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-3b51-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-3bf1-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-3ed1-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-3f25-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-4095-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-4931-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-4945-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-49a7-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-4c25-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-4e47-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-50c7-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-5175-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-51d5-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-5275-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-5311-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-5655-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-5ad3-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-5af3-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-5cf5-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-5e61-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-5ef3-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-5ff5-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-6331-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-63b3-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-63b3-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-66f1-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-6727-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-6777-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-6787-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-6915-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-6983-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-6b97-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-6f57-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-6fc3-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-7073-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-70b3-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-7205-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-73d5-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-75f3-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-76f1-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-77a1-0
[-] Složka smazána: C:\ProgramData\05a1ef3b-7975-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-7a71-1
[-] Složka smazána: C:\ProgramData\05a1ef3b-7e45-0
[-] Složka smazána: C:\ProgramData\98700878
[-] Složka smazána: C:\ProgramData\fba2e90d-40f1-1
[-] Složka smazána: C:\ProgramData\fba2e90d-6415-0
[-] Složka smazána: C:\ProgramData\{0068e4d0-112c-1}
[-] Složka smazána: C:\ProgramData\{00c7968f-612c-1}
[-] Složka smazána: C:\ProgramData\{0173d869-412c-1}
[-] Složka smazána: C:\ProgramData\{018c9329-312c-0}
[-] Složka smazána: C:\ProgramData\{035e0026-112c-0}
[-] Složka smazána: C:\ProgramData\{043368d3-612c-0}
[-] Složka smazána: C:\ProgramData\{04e951fd-012c-0}
[-] Složka smazána: C:\ProgramData\{05f6f4f6-212c-1}
[-] Složka smazána: C:\ProgramData\{07659610-612c-0}
[-] Složka smazána: C:\ProgramData\{078834d2-012c-1}
[-] Složka smazána: C:\ProgramData\{0c0ad19f-312c-1}
[-] Složka smazána: C:\ProgramData\{0e69a7f8-112c-0}
[-] Složka smazána: C:\ProgramData\{0e9a62a8-212c-1}
[-] Složka smazána: C:\ProgramData\{0f80ead2-312c-0}
[-] Složka smazána: C:\ProgramData\{12e37570-412c-0}
[-] Složka smazána: C:\ProgramData\{1446b617-412c-1}
[-] Složka smazána: C:\ProgramData\{1489047c-712c-0}
[-] Složka smazána: C:\ProgramData\{1549047f-312c-0}
[-] Složka smazána: C:\ProgramData\{15ac9b9d-512c-1}
[-] Složka smazána: C:\ProgramData\{1778cd9c-312c-0}
[-] Složka smazána: C:\ProgramData\{17da73ce-612c-0}
[-] Složka smazána: C:\ProgramData\{19dd2265-712c-1}
[-] Složka smazána: C:\ProgramData\{1cf3407c-312c-0}
[-] Složka smazána: C:\ProgramData\{270ee3d2-112c-1}
[-] Složka smazána: C:\ProgramData\{27bd3052-312c-1}
[-] Složka smazána: C:\ProgramData\{298cad34-412c-1}
[-] Složka smazána: C:\ProgramData\{29dd9adf-712c-0}
[-] Složka smazána: C:\ProgramData\{3030803d-512c-0}
[-] Složka smazána: C:\ProgramData\{310834b0-412c-1}
[-] Složka smazána: C:\ProgramData\{49df6a3f-112c-0}
[-] Složka smazána: C:\ProgramData\{552964ea-712c-0}
[-] Složka smazána: C:\ProgramData\{61a84fcb-312c-1}
[-] Složka smazána: C:\ProgramData\{76ec0c47-312c-1}
[-] Složka smazána: C:\ProgramData\{7bc71d5f-412c-0}
[-] Složka smazána: C:\ProgramData\{7d8116ed-212c-0}
[#] Složka smazána po restartu: C:\Program Files (x86)\Search Expanse
[-] Složka smazána: C:\Users\jj\AppData\Local\UpdateAdmin
[-] Složka smazána: C:\ProgramData\SlimWare Utilities, Inc
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
[-] Složka smazána: C:\Users\Public\Documents\Downloaded Installers
[-] Složka smazána: C:\Program Files (x86)\OneSystemCare
[#] Složka smazána po restartu: C:\Program Files (x86)\Search Expanse
[-] Složka smazána: C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: UpdateAdmin


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Expanse
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Expanse_is1
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Expanse
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Expanse_is1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{99415057-7C50-439D-AA20-02D83C071B61}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Klíč smazán: HKU\S-1-5-21-2253141340-2309542035-3164301-1000\Software\DownloadAdmin
[-] Klíč smazán: HKU\S-1-5-21-2253141340-2309542035-3164301-1000\Software\One System Care
[-] Klíč smazán: HKU\S-1-5-21-2253141340-2309542035-3164301-1000\Software\TNT2
[#] Klíč smazán po restartu: HKCU\Software\DownloadAdmin
[#] Klíč smazán po restartu: HKCU\Software\One System Care
[#] Klíč smazán po restartu: HKCU\Software\TNT2
[-] Klíč smazán: HKLM\SOFTWARE\SearchExpanse
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}
[#] Klíč smazán po restartu: [x64] HKCU\Software\DownloadAdmin
[#] Klíč smazán po restartu: [x64] HKCU\Software\One System Care
[#] Klíč smazán po restartu: [x64] HKCU\Software\TNT2
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45B71F1875D5E58488CC6F2DD0665B0E
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45B71F1875D5E58488CC6F2DD0665B0E
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E
[-] Data obnovena: HKU\S-1-5-21-2253141340-2309542035-3164301-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Klíč smazán: HKU\S-1-5-21-2253141340-2309542035-3164301-1000\Software\Microsoft\Internet Explorer\SearchScopes\{80E8967E-AAD3-44D5-A2D0-0EEEC3DD814A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{80E8967E-AAD3-44D5-A2D0-0EEEC3DD814A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{80E8967E-AAD3-44D5-A2D0-0EEEC3DD814A}
[-] Data obnovena: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{336ccda5-3d46-468a-b8b5-10dfce35e50b} [NameServer]
[-] Data obnovena: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{336ccda5-3d46-468a-b8b5-10dfce35e50b} [NameServer]
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\eshopcomp.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.eshopcomp.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\eshopcomp.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\eshopcomp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.eshopcomp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\eshopcomp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
[-] Hodnota smazána: HKU\S-1-5-21-2253141340-2309542035-3164301-1000\Software\Microsoft\Windows\CurrentVersion\Run [UpdateAdmin]
[#] Hodnota smazána po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [UpdateAdmin]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [UpdateAdmin]
[-] Klíč smazán: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Klíč smazán po restartu: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Klíč smazán po restartu: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp
[-] Klíč smazán: HKCU\Software\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd
[#] Klíč smazán po restartu: [x64] HKCU\Software\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd


***** [ Prohlížeče ] *****

[-] Firefox předvolby vyčištěny: "browser.search.defaultenginename" - "eShield Safe Web"
[-] Firefox předvolby vyčištěny: "browser.search.selectedEngine" - "eShield Safe Web"
[-] Firefox předvolby vyčištěny: "browser.startup.homepage" - "hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={32B142AA-F7B4-4785-ABAD-3911865B3AD4}&i="
[-] Firefox předvolby vyčištěny: "extensions.eshield.SearchEngineName" - "eShield Safe Web"
[-] Firefox předvolby vyčištěny: "extensions.eshield.SearchEngineUrl" - "hxxp://search.eshield.com/serp?guid={32B142AA-F7B4-4785-ABAD-3911865B3AD4}&action=default_search&k={searchTerms}"
[-] Firefox předvolby vyčištěny:
[-] Firefox předvolby vyčištěny: "extensions.tnt.engine.name" - "eShield Safe Web"
[-] Firefox předvolby vyčištěny: "extensions.tnt.engine.url" - "hxxp://search.eshield.com/serp?guid={32B142AA-F7B4-4785-ABAD-3911865B3AD4}&action=default_search&k={searchTerms}"
[-] Firefox předvolby vyčištěny: "extensions.tnt.newtaburl" - "hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11467&guid={32B142AA-F7B4-4785-ABAD-3911865B3AD4}&i="
[-] Firefox předvolby vyčištěny: "keyword.URL" - "hxxp://search.eshield.com/serp?guid={32B142AA-F7B4-4785-ABAD-3911865B3AD4}&action=default_search&k="
[-] Firefox předvolby vyčištěny: "plugin.state.npconduitfirefoxplugin" - 0
[-] Firefox předvolby vyčištěny: "plugin.state.npconduitfirefoxplugin" - 0
[-] [C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: dkmjljdbbgogihjcapfhgkonfmccbffp


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [23727 Bajty] - [05/12/2016 17:10:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [24145 Bajty] - [05/12/2016 17:07:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [23875 Bajty] ##########

[Peky]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 5.12.2016
Čas skenování: 19:02
Protokol: ííuiíií.txt
Správce: Ano

Verze: 0.0.0.0000
Databáze malwaru: v2016.12.05.12
Databáze rootkitů: v2016.11.20.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: jj

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 333477
Uplynulý čas: 19 min, 51 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

Test s MBAM zopakujte (ale tentokrat opravdu se spravnym nastavenim - tohle byl jen Sken hrozeb, ten nekontroluje cely pocitac, ja chtel Vlastni sken). Napiste vysledek testu a podle nej zvolim dalsi postup.

[Peky]

docela pekna sbirka

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 8.12.2016
Čas skenování: 19:11
Protokol: log.txt
Správce: Ano

Verze: 0.0.0.0000
Databáze malwaru: v2016.12.08.12
Databáze rootkitů: v2016.11.20.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: jj

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 501940
Uplynulý čas: 4 hod, 10 min, 5 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

docela pekna sbirka

Nevim ted jiste, jak jste to myslel, jestli jako ironii, nebo v testu neco nasel, ale log ukazuje cisty. Ono uz se to totiz nekolikrat stalo, ze tam nalezy byly,a le v logu psal 0.


Pokud tedy bylo cisto, MBAM odinstalujte.

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach
(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

[Peky]

Dobry den, ne skutecne jsem si myslel, ze je to plne viru. MBAM je pryc, ale stahnout FRSt se mne nedari.

[Márty84]

Zkuste FRST stahnout zde http://leteckaposta.cz/350418970

Kdyz nepujde, dejte aspon novy log z RSIT.

[Peky]

ok, diky. tady je log z FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by jj (administrator) on JJ-PC (11-12-2016 10:24:58)
Running from C:\Users\jj\Desktop
Loaded Profiles: jj (Available Profiles: jj & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Users\jj\AppData\Roaming\Seznam.cz\szninstall.exe
(Wargaming.net) C:\Games\WargamingGameUpdater.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
() C:\Users\jj\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\jj\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-04-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\jj\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\jj\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\...\Run: [World of Tanks] => C:\Games\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-10-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2253141340-2309542035-3164301-1000] => 127.0.0.1:8013
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.33.5 192.168.33.1
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{336ccda5-3d46-468a-b8b5-10dfce35e50b}: [DhcpNameServer] 192.168.1.254 192.168.33.5 192.168.33.1

Internet Explorer:
==================
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
SearchScopes: HKU\S-1-5-21-2253141340-2309542035-3164301-1000 -> {071B25C8-C84C-49DE-9F21-26AC9A1B5D23} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-2253141340-2309542035-3164301-1000 -> {5AE16BF9-ECB2-4B69-B7A1-24DD0C2A8FD1} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-2253141340-2309542035-3164301-1000 -> {81A7960D-A9DA-491E-8A0D-2A5E371E7F3B} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_27368
SearchScopes: HKU\S-1-5-21-2253141340-2309542035-3164301-1000 -> {89479F74-9F10-4306-8956-7A679F2E3170} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-2253141340-2309542035-3164301-1000 -> {8FB6F0FD-B917-4736-96BC-1B6DE345084E} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_27368
SearchScopes: HKU\S-1-5-21-2253141340-2309542035-3164301-1000 -> {934149A9-159A-49FE-AD43-974DFB7C599D} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_27368
SearchScopes: HKU\S-1-5-21-2253141340-2309542035-3164301-1000 -> {A9BA5032-403F-4F00-B081-DEBEF746130E} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_27368
SearchScopes: HKU\S-1-5-21-2253141340-2309542035-3164301-1000 -> {B982D483-D541-4A08-9196-84F73E7AE9F6} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-2253141340-2309542035-3164301-1000 -> {D797EEF0-ABF5-4E39-887B-2EED31CB4DB5} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-2253141340-2309542035-3164301-1000 -> {DBF78637-87EA-422A-A674-9DC9EF4381C7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF DefaultProfile: fr1uthbk.default
FF ProfilePath: C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default [2016-12-11]
FF user.js: detected! => C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\user.js [2016-12-05]
FF NewTab: Mozilla\Firefox\Profiles\fr1uthbk.default ->
FF Extension: (No Name) - C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2253141340-2309542035-3164301-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-02-19] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2253141340-2309542035-3164301-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll [2007-04-30] (Adobe Systems, Inc.)

Chrome:
=======
CHR Profile: C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default [2016-12-11]
CHR Extension: (Prezentace Google) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-25]
CHR Extension: (Dokumenty Google) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-25]
CHR Extension: (Disk Google) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-25]
CHR Extension: (Seznam Lištička - Email) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-10]
CHR Extension: (YouTube) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-25]
CHR Extension: (Online Football Manager) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpmnhbncebjjpeligahihhphgkkblldl [2016-09-01]
CHR Extension: (MyStart New Tab) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogdoihocdkadpalbghcpfafbojcfofa [2016-12-04]
CHR Extension: (Tabulky Google) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-25]
CHR Extension: (Penaltovém Rozstřelu 2010) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\heglpchjbjmchcmenfopoohbdibnnfap [2016-09-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-25]
CHR Extension: (Gmail) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-25]
CHR Extension: (Chrome Media Router) - C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM-x32\...\Chrome\Extension: [dogdoihocdkadpalbghcpfafbojcfofa] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-04-05] (NVIDIA Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-04-05] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-04-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-04-05] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-04-05] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]
S2 NVR0FLASHDev; \??\C:\WINDOWS\nvflsh64.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 10:24 - 2016-12-11 10:25 - 00012818 _____ C:\Users\jj\Desktop\FRST.txt
2016-12-11 10:24 - 2016-12-11 10:24 - 00000000 ____D C:\FRST
2016-12-11 10:21 - 2016-12-11 10:20 - 02420224 _____ (Farbar) C:\Users\jj\Desktop\FRST64.exe
2016-12-05 17:23 - 2016-12-11 08:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-05 17:23 - 2016-12-05 17:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-05 17:04 - 2016-12-05 17:10 - 00000000 ____D C:\AdwCleaner
2016-12-05 17:04 - 2016-12-05 17:04 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-12-05 17:04 - 2016-12-05 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-12-05 17:00 - 2016-12-05 17:04 - 03968464 _____ C:\Users\jj\Downloads\adwcleaner_6.040.exe
2016-12-04 06:24 - 2016-12-04 06:25 - 00000000 ____D C:\rsit
2016-12-04 06:24 - 2016-12-04 06:25 - 00000000 ____D C:\Program Files\trend micro
2016-12-04 06:24 - 2016-12-04 06:24 - 01323520 _____ C:\Users\jj\Downloads\RSITx64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 10:25 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-11 10:24 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-11 10:22 - 2016-07-19 20:53 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-11 10:21 - 2016-05-11 20:09 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-11 08:44 - 2016-02-12 18:34 - 00000000 ____D C:\Users\jj\AppData\Roaming\Seznam.cz
2016-12-11 08:41 - 2016-04-16 09:20 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7E34E83C-E88E-40EE-A69A-B74A0FA3F2FA}
2016-12-11 08:37 - 2016-03-01 16:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-08 20:12 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-08 19:37 - 2016-04-16 09:04 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-08 19:20 - 2016-05-11 20:09 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-08 14:52 - 2016-01-26 18:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-05 17:49 - 2016-03-01 16:35 - 00000000 ____D C:\Users\jj\AppData\Local\Packages
2016-12-05 17:38 - 2016-02-22 19:47 - 00000000 ____D C:\Games
2016-12-05 17:28 - 2016-03-01 16:22 - 02039710 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-05 17:28 - 2015-10-30 19:31 - 00843594 _____ C:\WINDOWS\system32\perfh005.dat
2016-12-05 17:28 - 2015-10-30 19:31 - 00192608 _____ C:\WINDOWS\system32\perfc005.dat
2016-12-05 17:28 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-12-05 17:09 - 2016-04-17 12:17 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-12-05 17:03 - 2016-01-25 21:54 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-01 06:10 - 2016-01-25 21:55 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-01 06:10 - 2016-01-25 21:55 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-01 06:05 - 2016-02-12 20:53 - 00000000 ____D C:\Users\jj\AppData\Roaming\MPC-HC
2016-11-14 18:08 - 2016-05-01 10:06 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-14 18:08 - 2016-04-27 17:21 - 00000000 ____D C:\Users\jj\AppData\Local\CrashDumps
2016-11-14 13:56 - 2016-02-23 22:50 - 00000000 ____D C:\KMPlayer

==================== Files in the root of some directories =======

2016-02-16 19:01 - 2016-02-16 19:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\jj\AppData\Local\Temp\libeay32.dll
C:\Users\jj\AppData\Local\Temp\msvcr120.dll
C:\Users\jj\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-11 08:48

==================== End of FRST.txt ============================

[Márty84]

Pokud nepouzivate, odinstalujte Seznam Software.

Odinstalujte McAfee Security Scan.


Napiste mi velikost adresare plochy (C:\Users\jj\Plocha)



Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\jj\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\jj\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\...\Run: [World of Tanks] => C:\Games\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-10-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-21-2253141340-2309542035-3164301-1000 -> {DBF78637-87EA-422A-A674-9DC9EF4381C7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467

FF user.js: detected! => C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\user.js [2016-12-05]
FF Extension: (No Name) - C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)

2016-12-05 17:23 - 2016-12-11 08:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-05 17:23 - 2016-12-05 17:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-11 10:21 - 2016-05-11 20:09 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-08 19:37 - 2016-04-16 09:04 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-08 19:20 - 2016-05-11 20:09 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[Peky]

seznam i Mcafee je fuc, plocha cca. 3.17 MB, log za chvili

[Peky]

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by jj (12-12-2016 17:35:36) Run:1
Running from C:\Users\jj\Desktop
Loaded Profiles: jj (Available Profiles: jj & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\jj\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\jj\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\...\Run: [World of Tanks] => C:\Games\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-10-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-21-2253141340-2309542035-3164301-1000 -> {DBF78637-87EA-422A-A674-9DC9EF4381C7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467

FF user.js: detected! => C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\user.js [2016-12-05]
FF Extension: (No Name) - C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)

2016-12-05 17:23 - 2016-12-11 08:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-05 17:23 - 2016-12-05 17:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-11 10:21 - 2016-05-11 20:09 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-08 19:37 - 2016-04-16 09:04 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-08 19:20 - 2016-05-11 20:09 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value not found.
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value removed successfully
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value not found.
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value not found.
HKU\S-1-5-21-2253141340-2309542035-3164301-1000\Software\Microsoft\Windows\CurrentVersion\Run\\World of Tanks => value removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => not found.
C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe => not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2253141340-2309542035-3164301-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DBF78637-87EA-422A-A674-9DC9EF4381C7}" => key removed successfully
HKCR\CLSID\{DBF78637-87EA-422A-A674-9DC9EF4381C7} => key not found.
C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\user.js => moved successfully
C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\user.js => not found.
C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\fr1uthbk.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully
McComponentHostService => service not found.
"C:\Program Files (x86)\Malwarebytes Anti-Malware" => not found.
C:\ProgramData\Malwarebytes => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 155899 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12817213 B
Java, Flash, Steam htmlcache => 30876656 B
Windows/system/drivers => 34822660 B
Edge => 1262741 B
Chrome => 59264959 B
Firefox => 6688338 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7024 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 1280124 B
jj => 33958771 B
DefaultAppPool => 0 B

RecycleBin => 605036 B
EmptyTemp: => 173.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:36:42 ====

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.