VIRY.CZ

Zdravím. Při spuštění počítače se mi spouští okno PowerShellu, které chvíli na mě bliká textovým kurzorem, nejde do něj psát, po pár minutách se zase zavře. Mám podezření ma virus, Eset Online Scanner jich našel 6 (mezi instalačkama, pravděpodobně PUP). Ten ale před koncem skenu neočekávaně spadl Co může toto okno PowerShellu vyvolávat? Předtím se neukazovalo.

Logfile of random's system information tool 1.10 (written by random/random)
Run by nimrod at 2016-11-28 17:14:48
Microsoft Windows 10 Home
System drive C: has 622 GB (66%) free of 937 GB
Total RAM: 3288 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:15:07, on 28. 11. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
C:\Users\nimrod\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\nimrod\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Users\nimrod\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Users\nimrod\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\nimrod.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 wp-dev
O1 - Hosts: ::1 utilities
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
O4 - HKLM\..\Run: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [OneDrive] "C:\Users\nimrod\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_D666053EBBCBECDDF302E5B8C0D21F88] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Xvid] powershell.exe -nologo -WindowStyle hidden -Noninteractive -NoProfile -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Xvid\CheckUpdate.ps1"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
O23 - Service: Xamarin Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: tbaseprovisioning - Advanced Micro Devices, Inc. - C:\WINDOWS\SysWOW64\tbaseprovisioning.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater40.3.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe
O23 - Service: wampapache64 - Apache Software Foundation - c:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe
O23 - Service: wampmysqld64 - Unknown owner - c:\wamp64\bin\mysql\mysql5.7.14\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

--
End of file - 11267 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AVG Driver Updater Scan.job - C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe scheduled
C:\WINDOWS\tasks\AVG Driver Updater Startup.job - C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe -boot
C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-09-13 163528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Web TuneUp - C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll [2016-09-30 2260040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2016-10-11 1743664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22 755392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [2016-09-13 218896]
"vProt"=C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2016-09-30 2180680]
"PlaysTV"=C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [2016-08-09 71440]
"AVG_UI"=C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [2016-09-13 218896]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2016-11-07 25673776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\nimrod\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-09-30 633024]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-11-15 9105112]
"GoogleChromeAutoLaunch_D666053EBBCBECDDF302E5B8C0D21F88"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2016-09-14 967496]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2016-10-12 23818712]
"Xvid"=powershell.exe -nologo -WindowStyle hidden -Noninteractive -NoProfile -ExecutionPolicy Bypass -File C:\Program Files (x86)\Xvid\CheckUpdate.ps1 []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\abdocs.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acerportal.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\carecenter.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\epowerui.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\playstv_launcher.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quickaccess.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setting.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=l3codecp.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.cvid"=iccvid.dll
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.zmbv"=zmbv.dll
"vidc.ffds"=C:\Program Files (x86)\ffdshow\ffdshow.ax
"vidc.XVID"=xvidvfw.dll
"vidc.x264"=x264vfw.dll

======File associations======

.inf - open - "C:\Program Files\Notepad++\notepad++.exe" "%1"
.inf - install -
.ini - open - "C:\Program Files\Notepad++\notepad++.exe" "%1"
.js - edit -
.js - open - "C:\Program Files\Notepad++\notepad++.exe" "%1"

======List of files/folders created in the last 1 month======

2016-11-28 17:14:50 ----D---- C:\Program Files (x86)\trend micro
2016-11-28 17:14:48 ----D---- C:\rsit
2016-11-26 11:07:10 ----D---- C:\WINDOWS\Panther
2016-11-19 14:31:33 ----D---- C:\ProgramData\Avg_Update_1116sp
2016-11-18 10:53:10 ----D---- C:\ProgramData\Avg_Update_1116tb
2016-11-17 12:05:38 ----D---- C:\Program Files (x86)\x264vfw
2016-11-16 14:52:06 ----A---- C:\WINDOWS\SysWoW64\xvidvfw.dll
2016-11-16 14:52:06 ----A---- C:\WINDOWS\SysWoW64\xvidcore.dll
2016-11-16 14:52:01 ----AD---- C:\Program Files (x86)\Xvid
2016-11-15 21:16:17 ----D---- C:\Program Files (x86)\VirtualDub
2016-11-15 20:53:34 ----D---- C:\videodvdmaker
2016-11-15 20:53:34 ----D---- C:\Users\nimrod\AppData\Roaming\Video DVD Maker FREE
2016-11-14 15:43:28 ----D---- C:\Users\nimrod\AppData\Roaming\vlc
2016-11-14 15:27:02 ----D---- C:\Program Files (x86)\VideoLAN
2016-11-14 15:20:05 ----D---- C:\Program Files (x86)\ffdshow
2016-11-14 15:08:33 ----D---- C:\Users\nimrod\AppData\Roaming\Subtitle Edit
2016-11-14 15:08:33 ----AD---- C:\Program Files (x86)\Subtitle Edit
2016-11-14 13:37:33 ----D---- C:\Users\nimrod\AppData\Roaming\FontForge
2016-11-14 13:35:56 ----AD---- C:\Program Files (x86)\FontForgeBuilds
2016-11-14 13:29:18 ----HD---- C:\Program Files (x86)\InstallJammer Registry
2016-11-14 13:28:32 ----AD---- C:\Program Files (x86)\MidiEditor
2016-11-12 14:53:19 ----D---- C:\Users\nimrod\AppData\Roaming\Brief
2016-11-12 14:47:57 ----AD---- C:\Program Files (x86)\Brief
2016-11-10 17:41:27 ----A---- C:\WINDOWS\SysWoW64\openglv5.dll
2016-11-10 17:41:26 ----A---- C:\WINDOWS\SysWoW64\openglv3.dll
2016-11-09 22:11:14 ----AD---- C:\Program Files (x86)\Lame For Audacity
2016-11-09 22:10:55 ----AD---- C:\Program Files (x86)\FFmpeg for Audacity
2016-11-09 22:02:52 ----AD---- C:\Program Files (x86)\Audacity
2016-11-09 11:54:07 ----A---- C:\WINDOWS\SysWoW64\usercpl.dll
2016-11-09 11:54:07 ----A---- C:\WINDOWS\SysWoW64\themecpl.dll
2016-11-09 11:54:07 ----A---- C:\WINDOWS\SysWoW64\input.dll
2016-11-09 11:54:06 ----A---- C:\WINDOWS\SysWoW64\TSpkg.dll
2016-11-09 11:54:06 ----A---- C:\WINDOWS\SysWoW64\sud.dll
2016-11-09 11:54:06 ----A---- C:\WINDOWS\SysWoW64\stobject.dll
2016-11-09 11:54:06 ----A---- C:\WINDOWS\SysWoW64\mstscax.dll
2016-11-09 11:54:06 ----A---- C:\WINDOWS\SysWoW64\msctf.dll
2016-11-09 11:54:06 ----A---- C:\WINDOWS\SysWoW64\comctl32.dll
2016-11-09 11:54:03 ----A---- C:\WINDOWS\SysWoW64\olepro32.dll
2016-11-09 11:54:03 ----A---- C:\WINDOWS\SysWoW64\asycfilt.dll
2016-11-09 11:54:00 ----A---- C:\WINDOWS\SysWoW64\inetcomm.dll
2016-11-09 11:53:56 ----A---- C:\WINDOWS\SysWoW64\iertutil.dll
2016-11-09 11:53:55 ----A---- C:\WINDOWS\SysWoW64\ieproxy.dll
2016-11-09 11:53:55 ----A---- C:\WINDOWS\SysWoW64\ieapfltr.dll
2016-11-09 11:53:54 ----A---- C:\WINDOWS\SysWoW64\wininet.dll
2016-11-09 11:53:50 ----A---- C:\WINDOWS\SysWoW64\wininetlui.dll
2016-11-09 11:53:50 ----A---- C:\WINDOWS\SysWoW64\urlmon.dll
2016-11-09 11:53:49 ----A---- C:\WINDOWS\SysWoW64\VSD3DWARPDebug.dll
2016-11-09 11:53:49 ----A---- C:\WINDOWS\SysWoW64\hgcpl.dll
2016-11-09 11:53:49 ----A---- C:\WINDOWS\SysWoW64\ddraw.dll
2016-11-09 11:53:49 ----A---- C:\WINDOWS\SysWoW64\d3d9.dll
2016-11-09 11:53:49 ----A---- C:\WINDOWS\SysWoW64\d3d8.dll
2016-11-09 11:53:49 ----A---- C:\WINDOWS\SysWoW64\d3d12warp.dll
2016-11-09 11:53:49 ----A---- C:\WINDOWS\SysWoW64\ActionCenterCPL.dll
2016-11-09 11:53:48 ----A---- C:\WINDOWS\SysWoW64\VSD3DWARP12Debug.dll
2016-11-09 11:53:48 ----A---- C:\WINDOWS\SysWoW64\DevicePairing.dll
2016-11-09 11:53:45 ----A---- C:\WINDOWS\SysWoW64\comdlg32.dll
2016-11-09 11:53:42 ----A---- C:\WINDOWS\SysWoW64\AuthExt.dll
2016-11-09 11:53:39 ----A---- C:\WINDOWS\SysWoW64\authui.dll
2016-11-09 11:53:38 ----A---- C:\WINDOWS\SysWoW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 11:53:35 ----A---- C:\WINDOWS\SysWoW64\zipfldr.dll
2016-11-09 11:53:33 ----A---- C:\WINDOWS\SysWoW64\Windows.UI.Immersive.dll
2016-11-09 11:53:32 ----A---- C:\WINDOWS\SysWoW64\win32kfull.sys
2016-11-09 11:53:32 ----A---- C:\WINDOWS\SysWoW64\win32k.sys
2016-11-09 11:53:29 ----A---- C:\WINDOWS\SysWoW64\UIAnimation.dll
2016-11-09 11:53:29 ----A---- C:\WINDOWS\SysWoW64\StoreAgent.dll
2016-11-09 11:53:29 ----A---- C:\WINDOWS\SysWoW64\MSVidCtl.dll
2016-11-09 11:53:29 ----A---- C:\WINDOWS\SysWoW64\InstallAgentUserBroker.exe
2016-11-09 11:53:29 ----A---- C:\WINDOWS\SysWoW64\InstallAgent.exe
2016-11-09 11:53:28 ----A---- C:\WINDOWS\SysWoW64\Windows.UI.Search.dll
2016-11-09 11:53:28 ----A---- C:\WINDOWS\SysWoW64\Windows.UI.Logon.dll
2016-11-09 11:53:28 ----A---- C:\WINDOWS\SysWoW64\Windows.UI.Cred.dll
2016-11-09 11:53:28 ----A---- C:\WINDOWS\SysWoW64\Windows.UI.BlockedShutdown.dll
2016-11-09 11:53:28 ----A---- C:\WINDOWS\SysWoW64\Windows.UI.BioFeedback.dll
2016-11-09 11:53:28 ----A---- C:\WINDOWS\SysWoW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 11:53:28 ----A---- C:\WINDOWS\SysWoW64\twinui.dll
2016-11-09 11:53:28 ----A---- C:\WINDOWS\SysWoW64\LaunchWinApp.exe
2016-11-09 11:53:27 ----A---- C:\WINDOWS\SysWoW64\twinapi.dll
2016-11-09 11:53:27 ----A---- C:\WINDOWS\SysWoW64\rdpcore.dll
2016-11-09 11:53:27 ----A---- C:\WINDOWS\SysWoW64\mstsc.exe
2016-11-09 11:53:26 ----A---- C:\WINDOWS\SysWoW64\shell32.dll
2016-11-09 11:53:26 ----A---- C:\WINDOWS\SysWoW64\msv1_0.dll
2016-11-09 11:53:26 ----A---- C:\WINDOWS\SysWoW64\jscript9diag.dll
2016-11-09 11:53:25 ----A---- C:\WINDOWS\SysWoW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 11:53:25 ----A---- C:\WINDOWS\SysWoW64\jscript9.dll
2016-11-09 11:53:25 ----A---- C:\WINDOWS\SysWoW64\Chakradiag.dll
2016-11-09 11:53:25 ----A---- C:\WINDOWS\SysWoW64\Chakra.dll
2016-11-09 11:53:19 ----A---- C:\WINDOWS\SysWoW64\oleaut32.dll
2016-11-09 11:53:19 ----A---- C:\WINDOWS\SysWoW64\ntshrui.dll
2016-11-09 11:53:19 ----A---- C:\WINDOWS\SysWoW64\ntdll.dll
2016-11-09 11:53:16 ----A---- C:\WINDOWS\SysWoW64\NetSetupEngine.dll
2016-11-09 11:53:16 ----A---- C:\WINDOWS\SysWoW64\NetSetupApi.dll
2016-11-09 11:53:14 ----A---- C:\WINDOWS\SysWoW64\NPSM.dll
2016-11-09 11:53:13 ----A---- C:\WINDOWS\SysWoW64\msinfo32.exe
2016-11-09 11:53:13 ----A---- C:\WINDOWS\SysWoW64\mfcore.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\SysWoW64\wmp.dll
2016-11-09 11:53:11 ----A---- C:\WINDOWS\SysWoW64\mfsvr.dll
2016-11-09 11:53:11 ----A---- C:\WINDOWS\SysWoW64\mfsensorgroup.dll
2016-11-09 11:53:10 ----A---- C:\WINDOWS\SysWoW64\MFMediaEngine.dll
2016-11-09 11:53:10 ----A---- C:\WINDOWS\SysWoW64\FSClient.dll
2016-11-09 11:53:09 ----A---- C:\WINDOWS\SysWoW64\LockAppBroker.dll
2016-11-09 11:53:04 ----A---- C:\WINDOWS\SysWoW64\ieframe.dll
2016-11-09 11:53:01 ----A---- C:\WINDOWS\SysWoW64\indexeddbserver.dll
2016-11-09 11:53:00 ----A---- C:\WINDOWS\SysWoW64\mshtmled.dll
2016-11-09 11:53:00 ----A---- C:\WINDOWS\SysWoW64\edgehtml.dll
2016-11-09 11:53:00 ----A---- C:\WINDOWS\SysWoW64\dxtrans.dll
2016-11-09 11:52:59 ----A---- C:\WINDOWS\SysWoW64\iepeers.dll
2016-11-09 11:52:58 ----A---- C:\WINDOWS\SysWoW64\mshtml.dll
2016-11-09 11:52:51 ----A---- C:\WINDOWS\SysWoW64\Windows.Globalization.dll
2016-11-09 11:52:51 ----A---- C:\WINDOWS\SysWoW64\GlobCollationHost.dll
2016-11-09 11:52:50 ----A---- C:\WINDOWS\SysWoW64\gdi32full.dll
2016-11-09 11:52:50 ----A---- C:\WINDOWS\SysWoW64\gameux.dll
2016-11-09 11:52:50 ----A---- C:\WINDOWS\SysWoW64\fontdrvhost.exe
2016-11-09 11:52:50 ----A---- C:\WINDOWS\SysWoW64\atmlib.dll
2016-11-09 11:52:50 ----A---- C:\WINDOWS\SysWoW64\atmfd.dll
2016-11-09 11:52:49 ----A---- C:\WINDOWS\SysWoW64\fontext.dll
2016-11-09 11:52:48 ----A---- C:\WINDOWS\SysWoW64\weretw.dll
2016-11-09 11:52:48 ----A---- C:\WINDOWS\SysWoW64\wer.dll
2016-11-09 11:52:48 ----A---- C:\WINDOWS\SysWoW64\ExplorerFrame.dll
2016-11-09 11:52:48 ----A---- C:\WINDOWS\SysWoW64\explorer.exe
2016-11-09 11:52:47 ----A---- C:\WINDOWS\SysWoW64\efsext.dll
2016-11-09 11:52:46 ----A---- C:\WINDOWS\SysWoW64\d3d10warp.dll
2016-11-09 11:52:45 ----A---- C:\WINDOWS\SysWoW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 11:52:43 ----A---- C:\WINDOWS\SysWoW64\ole32.dll
2016-11-09 11:52:43 ----A---- C:\WINDOWS\SysWoW64\chartv.dll
2016-11-09 11:52:43 ----A---- C:\WINDOWS\SysWoW64\cdp.dll
2016-11-09 11:52:42 ----A---- C:\WINDOWS\SysWoW64\AudioSes.dll
2016-11-09 11:52:41 ----A---- C:\WINDOWS\SysWoW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 11:52:40 ----A---- C:\WINDOWS\SysWoW64\BcastDVRHelper.dll
2016-11-09 11:52:39 ----A---- C:\WINDOWS\SysWoW64\ErrorDetailsUpdate.dll
2016-11-09 11:52:39 ----A---- C:\WINDOWS\SysWoW64\ErrorDetails.dll
2016-11-09 11:52:39 ----A---- C:\WINDOWS\SysWoW64\bcastdvr.exe
2016-11-09 11:52:39 ----A---- C:\WINDOWS\SysWoW64\AppCapture.dll
2016-11-09 11:43:33 ----A---- C:\WINDOWS\explorer.exe
2016-11-08 13:49:21 ----D---- C:\Games
2016-11-08 13:46:03 ----D---- C:\GameDev
2016-11-07 18:07:25 ----D---- C:\Users\nimrod\AppData\Roaming\obs-studio
2016-11-07 18:00:27 ----D---- C:\Program Files (x86)\obs-studio
2016-11-06 15:38:25 ----A---- C:\Users\nimrod\AppData\Roaming\mclip.dat
2016-11-06 15:38:25 ----A---- C:\Users\nimrod\AppData\Roaming\hexplorer.dat
2016-11-06 15:35:49 ----D---- C:\Program Files (x86)\hexplorer
2016-11-01 18:41:34 ----D---- C:\Users\nimrod\AppData\Roaming\inkscape
2016-11-01 18:27:43 ----AD---- C:\Program Files (x86)\Inkscape
2016-10-31 17:23:45 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2016-10-31 17:23:43 ----D---- C:\ProgramData\Adobe
2016-10-31 17:23:43 ----D---- C:\Program Files (x86)\Common Files\Adobe
2016-10-31 16:51:38 ----D---- C:\Users\nimrod\AppData\Roaming\Poedit
2016-10-31 16:51:15 ----AD---- C:\Program Files (x86)\Poedit
2016-10-30 11:14:07 ----D---- C:\ONION
2016-10-30 09:14:27 ----D---- C:\Program Files (x86)\Adobe Photoshop

======List of files/folders modified in the last 1 month======

2016-11-28 17:14:52 ----D---- C:\WINDOWS\Prefetch
2016-11-28 17:14:50 ----RD---- C:\Program Files (x86)
2016-11-28 17:10:35 ----D---- C:\WINDOWS\Temp
2016-11-28 11:52:33 ----D---- C:\WINDOWS\System32
2016-11-27 11:34:55 ----D---- C:\ProgramData\MFAData
2016-11-27 10:43:58 ----RD---- C:\WINDOWS\Microsoft.NET
2016-11-27 10:40:21 ----SHD---- C:\System Volume Information
2016-11-26 11:27:22 ----SHD---- C:\WINDOWS\Installer
2016-11-26 11:07:10 ----D---- C:\Windows
2016-11-25 23:58:34 ----D---- C:\Users\nimrod\AppData\Roaming\Audacity
2016-11-24 16:10:09 ----D---- C:\WINDOWS\INF
2016-11-24 16:09:47 ----RD---- C:\Program Files
2016-11-24 16:07:32 ----D---- C:\WINDOWS\AppReadiness
2016-11-22 10:04:10 ----D---- C:\WINDOWS\debug
2016-11-20 18:44:38 ----SD---- C:\Users\nimrod\AppData\Roaming\Microsoft
2016-11-20 18:28:26 ----RSD---- C:\WINDOWS\Fonts
2016-11-19 14:31:33 ----HD---- C:\ProgramData
2016-11-17 12:20:56 ----D---- C:\WINDOWS\SoftwareDistribution
2016-11-17 12:05:38 ----D---- C:\WINDOWS\SysWOW64
2016-11-13 13:49:22 ----D---- C:\WINDOWS\rescache
2016-11-12 15:35:01 ----D---- C:\WINDOWS\WinSxS
2016-11-12 11:04:17 ----RD---- C:\WINDOWS\assembly
2016-11-12 06:16:51 ----D---- C:\Program Files (x86)\Dropbox
2016-11-11 19:01:36 ----D---- C:\ProgramData\Package Cache
2016-11-10 17:52:48 ----D---- C:\WINDOWS\CbsTemp
2016-11-10 09:07:19 ----D---- C:\WINDOWS\LiveKernelReports
2016-11-10 01:15:26 ----D---- C:\WINDOWS\SysWoW64\migration
2016-11-10 01:15:11 ----D---- C:\WINDOWS\SysWoW64\cs-CZ
2016-11-10 01:14:14 ----D---- C:\WINDOWS\ShellExperiences
2016-11-10 01:14:12 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-11-10 01:14:11 ----D---- C:\WINDOWS\bcastdvr
2016-11-10 01:14:11 ----D---- C:\WINDOWS\AppPatch
2016-11-09 16:35:59 ----D---- C:\ProgramData\Microsoft Help
2016-11-09 16:25:33 ----A---- C:\WINDOWS\win.ini
2016-11-01 08:49:54 ----D---- C:\Program Files (x86)\Google
2016-10-31 19:00:04 ----D---- C:\WWW
2016-10-31 17:28:36 ----D---- C:\Users\nimrod\AppData\Roaming\Adobe
2016-10-31 17:23:43 ----D---- C:\Program Files (x86)\Common Files
2016-10-30 09:13:47 ----D---- C:\DOSBOX
2016-10-29 00:56:11 ----A---- C:\WINDOWS\SysWoW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;@oem29.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\WINDOWS\System32\drivers\amdkmpfd.sys []
R0 amdpsp;@oem32.inf,%amdpsp.SVCDESC%;AMD PSP Service; C:\WINDOWS\system32\DRIVERS\amdpsp.sys []
R0 AVGIDSHA;AVGIDSHA; C:\WINDOWS\system32\DRIVERS\avgidsha.sys []
R0 Avgloga;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avgloga.sys []
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx64.sys []
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx64.sys []
R0 Avguniva;AVG Universal Driver; C:\WINDOWS\system32\DRIVERS\avguniva.sys []
R0 BTATH_BUS;@oem15.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys []
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys []
R1 Avgdiska;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiska.sys []
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys []
R1 Avgldx64;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx64.sys []
R1 Avgwfpa;AVG Firewall Driver; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys []
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys []
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys []
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys []
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys []
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys []
R3 amdkmdag;amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0307329.inf_amd64_55b6bd3e40065979\atikmdag.sys [2016-10-01 26559504]
R3 amdkmdap;amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0307329.inf_amd64_55b6bd3e40065979\atikmpag.sys [2016-10-01 527264]
R3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\drivers\athw8x.sys []
R3 AtiHDAudioService;@oem30.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWT6.sys []
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys []
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys []
R3 LMDriver;@oem18.inf,%LMDriver.SVCDESC%;Launch Manager Wireless Driver; C:\WINDOWS\System32\drivers\LMDriver.sys []
R3 RadioShim;@oem18.inf,%RadioShim.SVCDESC%;Shim for HID-KMDF Interface layer; C:\WINDOWS\System32\drivers\RadioShim.sys []
R3 rt640x64;@oem13.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys []
R3 RTSPER;@oem9.inf,%Rts5227PER%;Realtek PCIE Card Reader - PER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys []
R3 SensorsSimulatorDriver;@oem26.inf,%WudfSensorsSimulatorDriverDisplayName%;UMDF Reflector service for SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys []
R3 SynRMIHID;@oem6.inf,%SynRMIHID.SVCDESC%;Synaptics HID Service; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys []
S0 amdkmafd;@oem27.inf,%AMDKMAFD_svcdesc%;AMD Audio Bus Lower Filter; C:\WINDOWS\System32\drivers\amdkmafd.sys []
S0 Avgboota;AVG Early Launch Anti-Malware Driver; C:\WINDOWS\system32\DRIVERS\avgboota.sys []
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys []
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys []
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys []
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys []
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys []
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys []
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys []
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys []
S3 amdkmcsp;@oem32.inf,%amdkmcsp.SVCDESC%;AMD Kernel Mode CSP Service; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys []
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys []
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys []
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys []
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys []
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys []
S3 dbx;dbx; C:\WINDOWS\system32\DRIVERS\dbx.sys []
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys []
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys []
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys []
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys []
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys []
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys []
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys []
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys []
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys []
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys []
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys []
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys []
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys []
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys []
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys []
S3 ReFSv1;ReFSv1; C:\WINDOWS\SysWoW64\drivers\ReFSv1.sys []
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys []
S3 scvad_simple;@oem34.inf,%scvad_simple.SvcDesc%;SplitCam Virtual Microphone (WDM); C:\WINDOWS\system32\drivers\SplitCamAudio.sys []
S3 splitcam_hd_driver;@oem33.inf,%splitcam_hd_driver.DeviceDesc%;SplitCam Virtual Video Driver; C:\WINDOWS\system32\DRIVERS\splitcam_hd_driver.sys []
S3 SWDUMon;SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe []
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [2016-11-02 5337696]
R2 avgsvc;AVG Service; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-09-13 1149712]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2016-11-02 727512]
R2 Bonjour Service;Xamarin Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [2015-07-15 394752]
R2 CDPUserSvc_1fd2d75;CDPUserSvc_1fd2d75; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 DbxSvc;DbxSvc; C:\WINDOWS\system32\DbxSvc.exe []
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc); C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2015-02-05 22744]
R2 OneSyncSvc_1fd2d75;Hostitel synchronizace_1fd2d75; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2012-04-24 254512]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2016-04-30 131776]
R2 tbaseprovisioning;tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [2016-08-23 51224]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
R3 PimIndexMaintenanceSvc_1fd2d75;Data kontaktů_1fd2d75; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-17 143144]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-07-16 52920]
S3 AvgAMPS;AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [2016-11-02 647864]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-17 143144]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe []
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [2014-02-19 142336]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 MessagingService_1fd2d75;Služba zasílání zpráv_1fd2d75; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 178760]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe []
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2016-07-16 38792]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-22 119808]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe []
S4 CCDMonitorService;CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2016-07-14 2267352]
S4 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2014-06-12 2573032]
S4 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2015-12-22 349728]
S4 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2015-12-22 209952]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-23 153752]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-23 153752]
S4 LMSvc;Launch Manager Service; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [2014-06-10 466664]
S4 PlaysService;Plays.tv Update Service; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [2016-08-09 32528]
S4 QASvc;Quick Access Service; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [2014-06-26 458984]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 38792]

-----------------EOF-----------------

Zdarvím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v6.030 - Log soubor vytvořen 28/11/2016 na 18:26:37
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-28.2 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : nimrod - ZBYNEK
# Beží od : C:\Users\nimrod\Desktop\adwcleaner_6.030.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

SLužba nalezena: vToolbarUpdater40.3.6
SLužba nalezena: swdumon
SLužba nalezena: WtuSystemSupport


***** [ Adresáře ] *****

Složka nalezena: C:\ProgramData\Avg_Update_0116av
Složka nalezena: C:\ProgramData\Avg_Update_0116tb
Složka nalezena: C:\ProgramData\Avg_Update_0316av
Složka nalezena: C:\ProgramData\Avg_Update_1016tb
Složka nalezena: C:\ProgramData\Avg_Update_1116tb
Složka nalezena: C:\Users\nimrod\AppData\Local\SweetLabs App Platform
Složka nalezena: C:\Users\nimrod\AppData\Local\avg web tuneup
Složka nalezena: C:\Program Files\avg web tuneup
Složka nalezena: C:\Program Files\Booking.com
Složka nalezena: C:\Program Files\Common Files\AVG Secure Search
Složka nalezena: C:\ProgramData\AVG Secure Search
Složka nalezena: C:\ProgramData\AVG Security Toolbar
Složka nalezena: C:\ProgramData\pokki
Složka nalezena: C:\ProgramData\avg web tuneup
Složka nalezena: C:\ProgramData\Pokki
Složka nalezena: C:\Users\Public\Documents\Downloaded Installers
Složka nalezena: C:\Program Files (x86)\avg web tuneup
Složka nalezena: C:\Program Files (x86)\Common Files\AVG Secure Search
Složka nalezena: C:\Users\Default User\AppData\Local\Pokki
Složka nalezena: C:\Users\Default\AppData\Local\Pokki
Složka nalezena: C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Soubory ] *****

Soubor nalezen: C:\Users\nimrod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
Soubor nalezen: C:\Users\nimrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
Soubor nalezen: C:\Users\nimrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
Soubor nalezen: C:\WINDOWS\SysNative\drivers\swdumon.sys
Soubor nalezen: C:\Users\Public\Desktop\Booking.com.lnk
Soubor nalezen: C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL soubory.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupce ] *****

Žádné infikovaný zástupce nenalezen.


***** [ Plánovač úloh ] *****

Úkol nalezen: SweetLabs App Platform
Úkol nalezen: ACC
Úkol nalezen: Software Update Application


***** [ Registry ] *****

Klíč nalezen: HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\Classes\pokki
Klíč nalezen: HKCU\Software\Classes\pokki
Klíč nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Klíč nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Klíč nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Klíč nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Klíč nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Klíč nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Klíč nalezen: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
Klíč nalezen: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
Klíč nalezen: [x64] HKCU\Software\Classes\pokki
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Klíč nalezen: HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\SlimWare Utilities Inc
Klíč nalezen: HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\SweetLabs App Platform
Klíč nalezen: HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Klíč nalezen: HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Klíč nalezen: HKCU\Software\SlimWare Utilities Inc
Klíč nalezen: HKCU\Software\SweetLabs App Platform
Klíč nalezen: HKLM\SOFTWARE\SlimWare Utilities Inc
Klíč nalezen: HKLM\SOFTWARE\AVG Tuneup
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Klíč nalezen: [x64] HKCU\Software\SlimWare Utilities Inc
Klíč nalezen: [x64] HKCU\Software\SweetLabs App Platform
Klíč nalezen: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Klíč nalezen: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Klíč nalezen: HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\narodnipokladnice
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\srovnanicen.cz
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\vtipnice.eu
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.narodnipoklad
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.srovnanicen.c
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.vtipnice.eu
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\narodnipokladnice.cz
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srovnanicen.cz
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\vtipnice.eu
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.narodnipokladnic
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.srovnanicen.cz
Klíč nalezen: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.vtipnice.eu
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\narodnipokladni
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\srovnanicen.cz
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\vtipnice.eu
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.narodnipokl
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.srovnanicen
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.vtipnice.eu
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\narodnipokladnice.
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srovnanicen.cz
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\vtipnice.eu
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.narodnipokladn
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.srovnanicen.cz
Klíč nalezen: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.vtipnice.eu
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Hodnota nalezena: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
Klíč nalezen: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Klíč nalezen: HKCU\Software\Classes\Directory\shell\pokki
Klíč nalezen: HKCU\Software\Classes\Drive\shell\pokki
Klíč nalezen: HKCU\Software\Classes\lnkfile\shell\pokki
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Klíč nalezen: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Klíč nalezen: HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
Klíč nalezen: [x64] HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox báze.
Chromium nastavení nalezeno: [C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - chfdnecihphmhljaaejmgoiahnihplgn

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [13640 Bajtů] - [28/11/2016 18:26:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13715 Bajtů] ##########

Ještě klikněte na mazání a bude to OK. Zkuste ještě jednou.

Provedeno, něco nešlo smazat:

# AdwCleaner v6.030 - Log soubor vytvořen 28/11/2016 na 18:40:25
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-28.2 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : nimrod - ZBYNEK
# Beží od : C:\Users\nimrod\Desktop\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služby smazány:vToolbarUpdater40.3.6
[-] Služby smazány:swdumon
[-] Služby smazány:WtuSystemSupport


***** [ Adresáře ] *****

[-] Adresář smazán:C:\ProgramData\Avg_Update_0116av
[-] Adresář smazán:C:\ProgramData\Avg_Update_0116tb
[-] Adresář smazán:C:\ProgramData\Avg_Update_0316av
[-] Adresář smazán:C:\ProgramData\Avg_Update_1016tb
[-] Adresář smazán:C:\ProgramData\Avg_Update_1116tb
[#] Adresář nelze smazat:C:\Users\nimrod\AppData\Local\SweetLabs App Platform
[-] Adresář smazán:C:\Users\nimrod\AppData\Local\avg web tuneup
[-] Adresář smazán:C:\Program Files\avg web tuneup
[-] Adresář smazán:C:\Program Files\Booking.com
[-] Adresář smazán:C:\Program Files\Common Files\AVG Secure Search
[-] Adresář smazán:C:\ProgramData\AVG Secure Search
[-] Adresář smazán:C:\ProgramData\AVG Security Toolbar
[-] Adresář smazán:C:\ProgramData\pokki
[-] Adresář smazán:C:\ProgramData\avg web tuneup
[#] Adresář nelze smazat:C:\ProgramData\Pokki
[-] Adresář smazán:C:\Users\Public\Documents\Downloaded Installers
[-] Adresář smazán:C:\Program Files (x86)\avg web tuneup
[-] Adresář smazán:C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Adresář smazán:C:\Users\Default User\AppData\Local\Pokki
[#] Adresář nelze smazat:C:\Users\Default\AppData\Local\Pokki
[-] Adresář smazán:C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Soubory ] *****

[-] Soubor smazán:C:\Users\nimrod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
[-] Soubor smazán:C:\Users\nimrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] Soubor smazán:C:\Users\nimrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] Soubor smazán:C:\WINDOWS\SysNative\drivers\swdumon.sys
[-] Soubor smazán:C:\Users\Public\Desktop\Booking.com.lnk
[-] Soubor smazán:C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupce ] *****



***** [ Plánovač úloh ] *****



***** [ Registry ] *****

[-] Klíč smazán:HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\Classes\pokki
[#] Klíč smazán po restartování:HKCU\Software\Classes\pokki
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\pokki
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Klíč smazán:HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\SlimWare Utilities Inc
[-] Klíč smazán:HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\SweetLabs App Platform
[-] Klíč smazán:HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Klíč smazán:HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Klíč smazán po restartování:HKCU\Software\SlimWare Utilities Inc
[#] Klíč smazán po restartování:HKCU\Software\SweetLabs App Platform
[-] Klíč smazán:HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Klíč smazán:HKLM\SOFTWARE\AVG Tuneup
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Klíč smazán po restartování:[x64] HKCU\Software\SlimWare Utilities Inc
[#] Klíč smazán po restartování:[x64] HKCU\Software\SweetLabs App Platform
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Klíč smazán:HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\narodnipokladnice.cz
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\srovnanicen.cz
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\vtipnice.eu
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.narodnipokladnice.cz
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.srovnanicen.cz
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.vtipnice.eu
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\narodnipokladnice.cz
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srovnanicen.cz
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\vtipnice.eu
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.narodnipokladnice.cz
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.srovnanicen.cz
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.vtipnice.eu
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\narodnipokladnice.cz
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\srovnanicen.cz
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\vtipnice.eu
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.narodnipokladnice.cz
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.srovnanicen.cz
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.vtipnice.eu
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\narodnipokladnice.cz
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srovnanicen.cz
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\vtipnice.eu
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.narodnipokladnice.cz
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.srovnanicen.cz
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.vtipnice.eu
[-] Hodnota smazána:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Hodnota smazána:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Klíč smazán:HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Klíč smazán:HKCU\Software\Classes\Directory\shell\pokki
[-] Klíč smazán:HKCU\Software\Classes\Drive\shell\pokki
[-] Klíč smazán:HKCU\Software\Classes\lnkfile\shell\pokki
[-] Klíč smazán:HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Klíč smazán:HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
[-] Klíč smazán:HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[#] Klíč smazán po restartování:[x64] HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Prohlížeče ] *****

[-] [C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazání:chfdnecihphmhljaaejmgoiahnihplgn


*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [14424 Bajtů] - [28/11/2016 18:40:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [13912 Bajtů] - [28/11/2016 18:26:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [14574 Bajtů] ##########

Jj, vidím. Dejte teď log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

FRSTLauncher mi nešlo spustit, spuštěn samotný FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
Ran by nimrod (administrator) on ZBYNEK (28-11-2016 19:20:42)
Running from C:\Users\nimrod\Desktop
Loaded Profiles: nimrod (Available Profiles: nimrod)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AMD) C:\Program Files\AMD\amdkmpfd_un\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
(AVG Netherlands B.V) C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\PickerHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-11-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-08-09] (Plays.tv, LLC)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-11-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25673776 2016-11-07] (Dropbox, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\...\Run: [GoogleChromeAutoLaunch_D666053EBBCBECDDF302E5B8C0D21F88] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [967496 2016-09-14] (Google Inc.)
HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818712 2016-10-12] (Google)
HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\...\Run: [Xvid] => powershell.exe -nologo -WindowStyle hidden -Noninteractive -NoProfile -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Xvid\CheckUpdate.ps1"
HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MATRIX~1.SCR [155648 2016-09-29] ()
IFEO\abdocs.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\acerportal.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\carecenter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\epowerui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\playstv_launcher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\quickaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setting.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 147.32.127.214 195.113.144.194
Tcpip\..\Interfaces\{47c8dba9-fd9c-4595-887d-36621aca62e8}: [DhcpNameServer] 147.32.127.218 195.113.144.194
Tcpip\..\Interfaces\{cca7b0f9-0322-4a77-be35-a6a1ee038eb8}: [DhcpNameServer] 147.32.127.214 195.113.144.194

Internet Explorer:
==================
HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.cz/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-3945679144-2704933019-1037968180-1001 -> DefaultScope {9DBF876A-CCD0-4F16-AAAD-E781B29531D8} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3945679144-2704933019-1037968180-1001 -> {36569CAA-E08C-455C-815E-2B793FE26305} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-3945679144-2704933019-1037968180-1001 -> {9DBF876A-CCD0-4F16-AAAD-E781B29531D8} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-10-11] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-09-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-10-11] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-08-16] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3945679144-2704933019-1037968180-1001 -> hxxp://www.seznam.cz/
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-11-20]

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-23] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-09-13] (Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default [2016-11-28]
CHR Extension: (Prezentace Google) - C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-23]
CHR Extension: (Dokumenty Google) - C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-23]
CHR Extension: (Disk Google) - C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-23]
CHR Extension: (YouTube) - C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-23]
CHR Extension: (Dropbox for Gmail) - C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-10-17]
CHR Extension: (Tabulky Google) - C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-23]
CHR Extension: (Gmail) - C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\nimrod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-20]
CHR HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337696 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-11-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [394752 2015-07-15] (Apple Inc.) [File not signed]
S4 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-07-14] (Acer Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-17] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-11-07] (Dropbox, Inc.)
S4 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation)
S4 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
S4 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-08-09] (Plays.tv, LLC)
S4 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51224 2016-08-23] (Advanced Micro Devices, Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4788496 2016-11-25] (AVG Technologies CZ, s.r.o.)
S4 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 wampapache64; c:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe [29696 2016-07-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp64\bin\mysql\mysql5.7.14\bin\mysqld.exe [39885824 2016-07-12] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [100752 2016-08-23] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0307329.inf_amd64_55b6bd3e40065979\atikmdag.sys [26559504 2016-10-01] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0307329.inf_amd64_55b6bd3e40065979\atikmpag.sys [527264 2016-10-01] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [87856 2016-10-01] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [254864 2016-08-23] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-24] (Advanced Micro Devices)
S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-10-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [267520 2016-10-19] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-24] (Realsil Semiconductor Corporation)
S3 scvad_simple; C:\WINDOWS\system32\drivers\SplitCamAudio.sys [23552 2016-08-02] (Windows (R) Win 7 DDK provider)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 splitcam_hd_driver; C:\WINDOWS\system32\DRIVERS\splitcam_hd_driver.sys [37600 2016-08-02] (Windows (R) Win 7 DDK provider)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2016-11-28] (SlimWare Utilities, Inc.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-06-01] (AVG Netherlands B.V.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-11-21] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-11-21] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [138896 2016-10-18] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-28 19:20 - 2016-11-28 19:22 - 00026718 _____ C:\Users\nimrod\Desktop\FRST.txt
2016-11-28 19:20 - 2016-11-28 19:20 - 00000000 ____D C:\FRST
2016-11-28 19:19 - 2016-11-28 19:19 - 00000000 _____ C:\Users\nimrod\Desktop\FRSTLauncher.exe.gzwkks5.partial
2016-11-28 19:19 - 2016-11-28 19:19 - 00000000 _____ C:\Users\nimrod\Desktop\FRSTLauncher.exe
2016-11-28 19:18 - 2016-11-28 19:20 - 02411520 _____ (Farbar) C:\Users\nimrod\Desktop\FRST64.exe
2016-11-28 19:05 - 2016-11-28 19:05 - 00000000 ____D C:\WINDOWS\system32\đĹź8Ç
2016-11-28 18:40 - 2016-11-28 18:40 - 00000000 ____D C:\WINDOWS\system32\`Ę×±Ç
2016-11-28 18:21 - 2016-11-28 18:40 - 00000000 ____D C:\AdwCleaner
2016-11-28 18:20 - 2016-11-28 18:21 - 03910208 _____ C:\Users\nimrod\Desktop\adwcleaner_6.030.exe
2016-11-28 17:14 - 2016-11-28 17:15 - 00000000 ____D C:\rsit
2016-11-28 17:14 - 2016-11-28 17:15 - 00000000 ____D C:\Program Files (x86)\trend micro
2016-11-28 17:14 - 2016-11-28 17:14 - 01107968 _____ C:\Users\nimrod\Downloads\RSIT.exe
2016-11-28 15:43 - 2016-11-28 15:44 - 00000000 ____D C:\Users\nimrod\Documents\Recenze lvlworld.com
2016-11-28 11:58 - 2016-11-28 11:58 - 06760064 _____ (ESET spol. s r.o.) C:\Users\nimrod\Downloads\ESETOnlineScanner_CSY (1).exe
2016-11-28 11:52 - 2016-11-28 11:52 - 00000000 ____D C:\WINDOWS\system32\ Ëç+ž
2016-11-28 06:07 - 2016-11-28 06:07 - 00000000 ____D C:\WINDOWS\system32\Ç_Ć…
2016-11-28 05:51 - 2016-11-28 05:51 - 00000000 ____D C:\WINDOWS\system32\ĐÄŹŢh
2016-11-27 19:39 - 2016-11-27 19:39 - 00000000 ____D C:\WINDOWS\system32\đŻĎ,µ
2016-11-27 19:34 - 2016-11-27 19:34 - 00000000 ____D C:\WINDOWS\system32\ŕÄÇ,µ
2016-11-27 19:34 - 2016-11-27 19:34 - 00000000 ____D C:\WINDOWS\system32\¸˙,µ
2016-11-27 19:08 - 2016-11-27 19:08 - 00000000 ____D C:\WINDOWS\system32\ŕ­‡l
2016-11-27 19:03 - 2016-11-27 19:03 - 00000000 ____D C:\WINDOWS\system32\ Äżl
2016-11-27 17:22 - 2016-11-27 17:22 - 00000000 ____D C:\WINDOWS\system32\ĆO„C
2016-11-27 17:08 - 2016-11-27 17:08 - 00000000 ____D C:\WINDOWS\system32\Ŕ­÷úY
2016-11-27 12:30 - 2016-11-27 12:30 - 00000000 ____D C:\WINDOWS\system32\0®ď Ë
2016-11-27 12:25 - 2016-11-27 12:25 - 00000000 ____D C:\WINDOWS\system32\ĐÇď Ë
2016-11-27 11:44 - 2016-11-27 11:44 - 06760064 _____ (ESET spol. s r.o.) C:\Users\nimrod\Downloads\ESETOnlineScanner_CSY.exe
2016-11-27 11:44 - 2016-11-27 11:44 - 00000000 ____D C:\Users\nimrod\AppData\Local\ESET
2016-11-27 11:31 - 2016-11-27 11:31 - 00000000 ____D C:\WINDOWS\system32\°ĆÇ}Ą
2016-11-27 11:20 - 2016-11-27 11:20 - 00000000 ____D C:\WINDOWS\system32\°°Gń
2016-11-27 11:15 - 2016-11-27 11:15 - 00000000 ____D C:\WINDOWS\system32\PĘGń
2016-11-27 11:15 - 2016-11-27 11:15 - 00000000 ____D C:\WINDOWS\system32\şoń
2016-11-27 11:04 - 2016-11-27 11:04 - 00000000 ____D C:\WINDOWS\system32\°Şďó©
2016-11-27 10:59 - 2016-11-27 10:59 - 00000000 ____D C:\WINDOWS\system32\đ·
2016-11-27 10:59 - 2016-11-27 10:59 - 00000000 ____D C:\WINDOWS\system32\ Ç÷ó©
2016-11-27 10:30 - 2016-11-27 10:30 - 00000000 ____D C:\WINDOWS\system32\ŔĹWyl
2016-11-27 10:30 - 2016-11-27 10:30 - 00000000 ____D C:\WINDOWS\system32\Đ
2016-11-27 10:30 - 2016-11-27 10:30 - 00000000 ____D C:\WINDOWS\system32\560b2b9c7dee1e270c..bin
2016-11-27 10:30 - 2016-11-27 10:30 - 00000000 ____D C:\WINDOWS\system32\°­Oyl
2016-11-26 20:07 - 2016-11-26 20:07 - 00000000 ____D C:\WINDOWS\system32\pË
2016-11-26 17:24 - 2016-11-26 17:24 - 02010633 _____ C:\Users\nimrod\Downloads\Grilovačka.mp4
2016-11-26 15:23 - 2016-11-26 15:50 - 818478243 _____ C:\Users\nimrod\Downloads\Y530-U051 V100R001C900B181CUSTC56D005_Firmware_New Zealand_Telecom NZ_Jelly Bean 4.3_EMUI 1.6_05012EAW.zip
2016-11-26 12:28 - 2016-11-26 12:28 - 00000000 ____D C:\WINDOWS\system32\ŔĆ_‘1
2016-11-26 12:28 - 2016-11-26 12:28 - 00000000 ____D C:\WINDOWS\system32\€ąg‘1
2016-11-26 11:34 - 2016-11-26 11:34 - 00000000 ____D C:\WINDOWS\system32\P®
2016-11-26 11:34 - 2016-11-26 11:34 - 00000000 ____D C:\WINDOWS\system32\f207f0aabc56947f60..bin
2016-11-26 11:34 - 2016-11-26 11:34 - 00000000 ____D C:\WINDOWS\system32\°Ç7_ƒ
2016-11-26 11:07 - 2016-11-26 11:07 - 00000000 ____D C:\WINDOWS\system32\m32
2016-11-26 11:07 - 2016-11-26 11:07 - 00000000 ____D C:\WINDOWS\Panther
2016-11-24 16:09 - 2016-11-24 16:09 - 00001153 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-11-24 16:09 - 2016-11-24 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-11-24 16:09 - 2016-11-24 16:09 - 00000000 ____D C:\Program Files\Oracle
2016-11-24 16:09 - 2016-11-21 17:45 - 00933088 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2016-11-24 16:09 - 2016-11-21 17:44 - 00150280 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2016-11-24 16:06 - 2016-11-24 16:06 - 123014112 _____ (Oracle Corporation) C:\Users\nimrod\Downloads\VirtualBox-5.1.10-112026-Win.exe
2016-11-21 21:46 - 2016-11-21 21:46 - 06088357 _____ C:\Users\nimrod\Downloads\Facebook video 892530040879776.mp4
2016-11-21 19:14 - 2016-11-21 19:14 - 01442329 _____ C:\Users\nimrod\Downloads\i mu��i cht��j�� m��t sv�� dny.mp4
2016-11-21 19:14 - 2016-11-21 19:14 - 01442329 _____ C:\Users\nimrod\Downloads\i mu��i cht��j�� m��t sv�� dny (1).mp4
2016-11-21 18:49 - 2016-11-21 18:49 - 00000164 _____ C:\Users\nimrod\Documents\strong_password_example.txt
2016-11-21 17:44 - 2016-11-21 17:44 - 00206416 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
2016-11-21 17:44 - 2016-11-21 17:44 - 00132120 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys
2016-11-21 10:52 - 2016-11-25 23:52 - 00049220 _____ C:\Users\nimrod\Documents\Chatbot Andrea.pptx
2016-11-20 19:34 - 2016-11-20 19:49 - 00000000 ____D C:\Users\nimrod\Documents\Vlastní šablony Office
2016-11-20 18:25 - 2016-11-20 18:25 - 02076629 _____ C:\Users\nimrod\Downloads\Ubuntu_Fonts.zip
2016-11-20 18:25 - 2016-11-20 18:25 - 00000000 ____D C:\Users\nimrod\Downloads\Ubuntu_Fonts
2016-11-19 20:39 - 2016-11-19 20:39 - 00005079 _____ C:\Users\nimrod\Documents\facebook_chatbot_kecalek.txt
2016-11-19 14:31 - 2016-11-19 14:31 - 00000000 ____D C:\ProgramData\Avg_Update_1116sp
2016-11-17 12:05 - 2016-11-17 12:05 - 02283873 _____ C:\Users\nimrod\Downloads\x264vfw_full_43_2694bm_43159_fix.exe
2016-11-17 12:05 - 2016-11-17 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw
2016-11-17 12:05 - 2016-11-17 12:05 - 00000000 ____D C:\Program Files (x86)\x264vfw
2016-11-17 10:05 - 2016-11-17 10:05 - 00000000 ____D C:\WINDOWS\system32\2b9c7dee1e270c..bin
2016-11-17 09:49 - 2016-11-17 09:49 - 08576448 _____ (Piriform Ltd) C:\Users\nimrod\Downloads\ccsetup524.exe
2016-11-16 21:25 - 2016-11-16 21:25 - 06381113 _____ C:\Users\nimrod\Downloads\Nohavica.mp4
2016-11-16 20:39 - 2016-11-16 20:39 - 00000328 _____ C:\Users\nimrod\Desktop\torrent_requiem_for_a_dream_magnetlink.txt
2016-11-16 14:58 - 2016-11-16 14:58 - 00001547 _____ C:\Users\nimrod\Desktop\VirtualDub.lnk
2016-11-16 14:52 - 2016-11-16 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2016-11-16 14:52 - 2016-11-16 14:52 - 00000000 ____D C:\Program Files (x86)\Xvid
2016-11-16 14:52 - 2015-06-21 16:09 - 00713216 _____ C:\WINDOWS\system32\xvidcore.dll
2016-11-16 14:52 - 2015-06-21 16:09 - 00251392 _____ C:\WINDOWS\system32\xvidvfw.dll
2016-11-16 14:52 - 2015-06-21 16:09 - 00171520 _____ C:\WINDOWS\system32\xvid.ax
2016-11-16 14:52 - 2015-06-21 16:09 - 00147968 _____ C:\WINDOWS\SysWOW64\xvid.ax
2016-11-16 14:52 - 2015-06-21 16:08 - 00638976 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2016-11-16 14:52 - 2015-06-21 16:08 - 00235520 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2016-11-16 14:50 - 2016-11-16 14:51 - 11854272 _____ (Xvid Team) C:\Users\nimrod\Downloads\Xvid-1.3.4-20150621.exe
2016-11-15 22:23 - 2016-11-15 22:24 - 00318456 _____ C:\Users\nimrod\Downloads\delogo132.zip
2016-11-15 21:16 - 2016-11-15 21:16 - 00000000 ____D C:\Program Files (x86)\VirtualDub
2016-11-15 21:15 - 2016-11-15 21:15 - 01908225 _____ C:\Users\nimrod\Downloads\VirtualDub-1.10.4.zip
2016-11-15 21:06 - 2016-11-16 09:59 - 00001071 _____ C:\Users\nimrod\Desktop\DVDStyler.lnk
2016-11-15 21:06 - 2016-11-15 21:06 - 00000000 ____D C:\Users\nimrod\.thumb
2016-11-15 21:06 - 2016-11-15 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler
2016-11-15 21:06 - 2016-11-15 21:06 - 00000000 ____D C:\Program Files\DVDStyler
2016-11-15 21:03 - 2016-11-15 21:05 - 42062499 _____ (Thüring IT-Consulting ) C:\Users\nimrod\Downloads\DVDStyler-3.0.2-win64.exe
2016-11-15 20:54 - 2016-11-15 20:54 - 00003584 _____ C:\Users\nimrod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-15 20:53 - 2016-11-15 20:53 - 00000000 ____D C:\videodvdmaker
2016-11-15 20:53 - 2016-11-15 20:53 - 00000000 ____D C:\Users\nimrod\AppData\Roaming\Video DVD Maker FREE
2016-11-15 20:50 - 2016-11-15 20:51 - 08404286 _____ C:\Users\nimrod\Downloads\vdm_free.exe
2016-11-15 14:17 - 2016-11-15 21:11 - 00008101 _____ C:\Users\nimrod\Documents\reversi_strategie.txt
2016-11-14 16:09 - 2016-11-14 16:09 - 00000920 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-11-14 16:09 - 2016-11-14 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-11-14 16:01 - 2016-11-14 16:01 - 00000000 ____D C:\Program Files\VideoLAN
2016-11-14 15:53 - 2016-11-14 15:59 - 31717016 _____ C:\Users\nimrod\Downloads\vlc-2.2.4-win64.exe
2016-11-14 15:43 - 2016-11-26 17:25 - 00000000 ____D C:\Users\nimrod\AppData\Roaming\vlc
2016-11-14 15:27 - 2016-11-14 15:58 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-11-14 15:20 - 2016-11-14 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2016-11-14 15:20 - 2016-11-14 15:20 - 00000000 ____D C:\Program Files (x86)\ffdshow
2016-11-14 15:18 - 2016-11-14 15:19 - 02030080 _____ C:\Users\nimrod\Downloads\ffdshow-20041012.exe
2016-11-14 15:08 - 2016-11-14 17:00 - 00000000 ____D C:\Users\nimrod\AppData\Roaming\Subtitle Edit
2016-11-14 15:08 - 2016-11-14 15:08 - 00001368 _____ C:\Users\nimrod\Desktop\Subtitle Edit.lnk
2016-11-14 15:08 - 2016-11-14 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit
2016-11-14 15:08 - 2016-11-14 15:08 - 00000000 ____D C:\Program Files (x86)\Subtitle Edit
2016-11-14 15:02 - 2016-11-14 15:02 - 00000000 ____D C:\Users\nimrod\Downloads\SubtitleEdit-3.4.12-Setup
2016-11-14 15:01 - 2016-11-14 15:01 - 05589473 _____ C:\Users\nimrod\Downloads\SubtitleEdit-3.4.12-Setup.zip
2016-11-14 13:50 - 2016-11-14 13:51 - 00000000 ____D C:\Users\nimrod\Documents\Fonts Creation
2016-11-14 13:37 - 2016-11-16 10:56 - 00000000 ____D C:\Users\nimrod\AppData\Roaming\FontForge
2016-11-14 13:36 - 2016-11-14 13:36 - 00001158 _____ C:\Users\Public\Desktop\FontForge.lnk
2016-11-14 13:36 - 2016-11-14 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontForge
2016-11-14 13:35 - 2016-11-14 13:36 - 00000000 ____D C:\Program Files (x86)\FontForgeBuilds
2016-11-14 13:34 - 2016-11-14 13:35 - 18581814 _____ (FontForgeBuilds ) C:\Users\nimrod\Downloads\FontForge-2016-10-04-Windows.exe
2016-11-14 13:29 - 2016-11-14 13:29 - 00001096 _____ C:\Users\nimrod\Desktop\MidiEditor.lnk
2016-11-14 13:29 - 2016-11-14 13:29 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2016-11-14 13:28 - 2016-11-14 13:28 - 00000000 ____D C:\Users\nimrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MidiEditor
2016-11-14 13:28 - 2016-11-14 13:28 - 00000000 ____D C:\Program Files (x86)\MidiEditor
2016-11-14 13:27 - 2016-11-14 13:27 - 23402545 _____ (Markus Schwenk) C:\Users\nimrod\Downloads\MidiEditor-3.0.0-Setup.exe
2016-11-14 10:41 - 2016-11-14 10:41 - 00000000 ____D C:\Users\nimrod\Documents\SNDTMP
2016-11-12 20:09 - 2016-11-12 20:09 - 01381582 _____ (Igor Pavlov) C:\Users\nimrod\Downloads\7z1604-x64.exe
2016-11-12 20:09 - 2016-11-12 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-11-12 20:09 - 2016-11-12 20:09 - 00000000 ____D C:\Program Files\7-Zip
2016-11-12 14:53 - 2016-11-12 14:53 - 00000000 ____D C:\Users\nimrod\AppData\Roaming\Brief
2016-11-12 14:48 - 2016-11-12 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brief
2016-11-12 14:47 - 2016-11-12 14:48 - 00000000 ____D C:\Program Files (x86)\Brief
2016-11-12 14:42 - 2016-11-12 14:43 - 00378368 _____ C:\Users\nimrod\Downloads\brief450.msi
2016-11-12 14:37 - 2016-11-17 13:16 - 00000000 ____D C:\Users\nimrod\Documents\TESTING
2016-11-12 06:16 - 2016-11-12 06:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-11 19:01 - 2016-11-11 19:02 - 00000000 ____D C:\Users\nimrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2016-11-11 19:01 - 2016-11-11 19:01 - 00000000 ____D C:\Users\nimrod\AppData\Local\Package Cache
2016-11-11 18:58 - 2016-11-11 18:59 - 29269656 _____ (Python Software Foundation) C:\Users\nimrod\Downloads\python-3.5.2.exe
2016-11-10 17:41 - 2001-11-12 16:39 - 00278528 _____ (Metabyte, Inc.) C:\WINDOWS\SysWOW64\openglv3.dll
2016-11-10 17:41 - 2001-11-12 16:36 - 00352256 _____ (Metabyte, Inc.) C:\WINDOWS\SysWOW64\openglv5.dll
2016-11-10 17:38 - 2016-11-10 17:39 - 00164710 _____ C:\Users\nimrod\Desktop\Detail_spojeni_Praha-Podbaba_»_Usti_n.L.hl.n..pdf
2016-11-10 17:02 - 2016-11-10 17:02 - 00000000 ____D C:\WINDOWS\system32\˙˙˙˙˙˙˙˙8
2016-11-10 00:47 - 2016-11-10 00:47 - 00002041 _____ C:\Users\nimrod\Documents\Programování - termíny úloh.ics
2016-11-09 22:11 - 2016-11-09 22:11 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2016-11-09 22:10 - 2016-11-09 22:11 - 00000000 ____D C:\Program Files (x86)\FFmpeg for Audacity
2016-11-09 22:06 - 2016-11-09 22:11 - 00527423 _____ ( ) C:\Users\nimrod\Downloads\Lame_v3.99.3_for_Windows.exe
2016-11-09 22:06 - 2016-11-09 22:10 - 09957947 _____ ( ) C:\Users\nimrod\Downloads\ffmpeg-win-2.2.2.exe
2016-11-09 22:03 - 2016-11-09 22:03 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-11-09 22:03 - 2016-11-09 22:03 - 00001084 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-09 22:03 - 2016-11-09 22:03 - 00000000 ____D C:\Users\nimrod\AppData\Local\Audacity
2016-11-09 22:02 - 2016-11-09 22:03 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-11-09 21:51 - 2016-11-09 21:59 - 26496761 _____ (Audacity Team ) C:\Users\nimrod\Downloads\audacity-win-2.1.2.exe
2016-11-09 11:54 - 2016-11-02 12:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-09 11:54 - 2016-11-02 12:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-09 11:54 - 2016-11-02 12:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-09 11:54 - 2016-11-02 11:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-09 11:54 - 2016-11-02 11:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-09 11:54 - 2016-11-02 11:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-09 11:54 - 2016-11-02 11:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-09 11:54 - 2016-11-02 11:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-09 11:54 - 2016-11-02 11:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-09 11:54 - 2016-11-02 11:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-09 11:54 - 2016-11-02 11:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-09 11:54 - 2016-11-02 11:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-09 11:53 - 2016-11-02 12:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-09 11:53 - 2016-11-02 12:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-09 11:53 - 2016-11-02 12:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-09 11:53 - 2016-11-02 12:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-09 11:53 - 2016-11-02 12:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-09 11:53 - 2016-11-02 12:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-09 11:53 - 2016-11-02 12:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-09 11:53 - 2016-11-02 12:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 11:53 - 2016-11-02 12:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-09 11:53 - 2016-11-02 12:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-09 11:53 - 2016-11-02 12:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-09 11:53 - 2016-11-02 11:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-09 11:53 - 2016-11-02 11:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-09 11:53 - 2016-11-02 11:49 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2016-11-09 11:53 - 2016-11-02 11:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-09 11:53 - 2016-11-02 11:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-09 11:53 - 2016-11-02 11:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 11:53 - 2016-11-02 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-09 11:53 - 2016-11-02 11:46 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2016-11-09 11:53 - 2016-11-02 11:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-09 11:53 - 2016-11-02 11:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-09 11:53 - 2016-11-02 11:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-09 11:53 - 2016-11-02 11:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-09 11:53 - 2016-11-02 11:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-09 11:53 - 2016-11-02 11:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-09 11:53 - 2016-11-02 11:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-09 11:53 - 2016-11-02 11:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-09 11:53 - 2016-11-02 11:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-09 11:53 - 2016-11-02 11:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-09 11:53 - 2016-11-02 11:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-09 11:53 - 2016-11-02 11:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-09 11:53 - 2016-11-02 11:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-09 11:53 - 2016-11-02 11:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-09 11:53 - 2016-11-02 11:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-09 11:53 - 2016-11-02 11:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-09 11:53 - 2016-11-02 11:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-09 11:53 - 2016-11-02 11:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-09 11:53 - 2016-11-02 11:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-09 11:53 - 2016-11-02 11:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-09 11:53 - 2016-11-02 11:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-09 11:53 - 2016-11-02 11:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-09 11:53 - 2016-11-02 11:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-09 11:53 - 2016-11-02 11:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-09 11:53 - 2016-11-02 11:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-09 11:53 - 2016-11-02 11:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-09 11:53 - 2016-11-02 11:30 - 04977664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2016-11-09 11:53 - 2016-11-02 11:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-09 11:53 - 2016-11-02 11:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-09 11:53 - 2016-11-02 11:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-09 11:53 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 11:53 - 2016-11-02 11:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-09 11:53 - 2016-11-02 11:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-09 11:53 - 2016-11-02 11:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-09 11:53 - 2016-11-02 11:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-09 11:53 - 2016-11-02 11:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-09 11:53 - 2016-11-02 11:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-09 11:53 - 2016-11-02 11:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-09 11:53 - 2016-11-02 11:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-09 11:53 - 2016-11-02 11:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-09 11:53 - 2016-11-02 11:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-09 11:53 - 2016-11-02 11:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-09 11:53 - 2016-11-02 11:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-09 11:53 - 2016-11-02 11:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-09 11:53 - 2016-11-02 11:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-09 11:53 - 2016-11-02 11:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-09 11:53 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-09 11:52 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-09 11:52 - 2016-11-02 13:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-09 11:52 - 2016-11-02 12:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-09 11:52 - 2016-11-02 12:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-09 11:52 - 2016-11-02 12:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-09 11:52 - 2016-11-02 12:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-09 11:52 - 2016-11-02 12:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-09 11:52 - 2016-11-02 12:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-09 11:52 - 2016-11-02 12:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-09 11:52 - 2016-11-02 11:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-09 11:52 - 2016-11-02 11:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-09 11:52 - 2016-11-02 11:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-09 11:52 - 2016-11-02 11:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-09 11:52 - 2016-11-02 11:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-09 11:52 - 2016-11-02 11:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 11:52 - 2016-11-02 11:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-09 11:52 - 2016-11-02 11:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 11:52 - 2016-11-02 11:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-09 11:52 - 2016-11-02 11:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-09 11:52 - 2016-11-02 11:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-09 11:52 - 2016-11-02 11:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-09 11:52 - 2016-11-02 11:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-09 11:52 - 2016-11-02 11:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-09 11:52 - 2016-11-02 11:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-09 11:52 - 2016-11-02 11:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-09 11:52 - 2016-11-02 11:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-09 11:52 - 2016-11-02 11:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-09 11:52 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-09 11:52 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-09 11:45 - 2016-11-02 12:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 11:45 - 2016-11-02 12:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 11:45 - 2016-11-02 11:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 11:45 - 2016-11-02 11:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 11:45 - 2016-11-02 11:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 11:45 - 2016-11-02 11:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 11:45 - 2016-11-02 11:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 11:45 - 2016-11-02 11:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 11:45 - 2016-11-02 11:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 11:45 - 2016-11-02 11:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 11:45 - 2016-11-02 11:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 11:45 - 2016-11-02 11:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 11:45 - 2016-11-02 11:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 11:45 - 2016-11-02 11:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 11:45 - 2016-11-02 11:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 11:45 - 2016-11-02 11:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 11:45 - 2016-11-02 11:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 11:45 - 2016-11-02 11:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 11:45 - 2016-11-02 11:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 11:45 - 2016-11-02 11:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 11:45 - 2016-11-02 11:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 11:45 - 2016-11-02 11:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 11:45 - 2016-11-02 11:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 11:45 - 2016-11-02 11:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 11:45 - 2016-11-02 11:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 11:45 - 2016-11-02 11:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 11:45 - 2016-11-02 11:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 11:45 - 2016-11-02 11:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 11:45 - 2016-11-02 11:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 11:45 - 2016-11-02 11:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 11:45 - 2016-11-02 11:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 11:45 - 2016-11-02 11:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 11:45 - 2016-11-02 09:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 11:44 - 2016-11-02 12:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 11:44 - 2016-11-02 12:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 11:44 - 2016-11-02 12:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 11:44 - 2016-11-02 12:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 11:44 - 2016-11-02 12:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 11:44 - 2016-11-02 12:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 11:44 - 2016-11-02 12:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 11:44 - 2016-11-02 12:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 11:44 - 2016-11-02 12:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 11:44 - 2016-11-02 12:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 11:44 - 2016-11-02 12:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 11:44 - 2016-11-02 11:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 11:44 - 2016-11-02 11:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 11:44 - 2016-11-02 11:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 11:44 - 2016-11-02 11:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 11:44 - 2016-11-02 11:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 11:44 - 2016-11-02 11:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 11:44 - 2016-11-02 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 11:44 - 2016-11-02 11:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 11:44 - 2016-11-02 11:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 11:44 - 2016-11-02 11:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 11:44 - 2016-11-02 11:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 11:44 - 2016-11-02 11:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 11:44 - 2016-11-02 11:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 11:44 - 2016-11-02 11:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 11:44 - 2016-11-02 11:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 11:44 - 2016-11-02 11:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 11:44 - 2016-11-02 11:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 11:44 - 2016-11-02 11:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 11:44 - 2016-11-02 11:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 11:44 - 2016-11-02 11:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 11:44 - 2016-11-02 11:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 11:44 - 2016-11-02 11:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 11:44 - 2016-11-02 11:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 11:44 - 2016-11-02 11:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 11:44 - 2016-11-02 11:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 11:44 - 2016-11-02 11:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 11:44 - 2016-11-02 11:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 11:44 - 2016-11-02 11:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 11:44 - 2016-11-02 11:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 11:44 - 2016-11-02 11:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 11:44 - 2016-11-02 11:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 11:44 - 2016-11-02 11:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 11:44 - 2016-11-02 11:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 11:44 - 2016-11-02 11:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 11:44 - 2016-11-02 11:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 11:44 - 2016-11-02 11:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 11:44 - 2016-11-02 11:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 11:43 - 2016-11-02 12:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 11:43 - 2016-11-02 12:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 11:43 - 2016-11-02 12:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 11:43 - 2016-11-02 12:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 11:43 - 2016-11-02 12:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 11:43 - 2016-11-02 12:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 11:43 - 2016-11-02 12:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 11:43 - 2016-11-02 11:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 11:43 - 2016-11-02 11:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 11:43 - 2016-11-02 11:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 11:43 - 2016-11-02 11:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 11:43 - 2016-11-02 11:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 11:43 - 2016-11-02 11:33 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2016-11-09 11:43 - 2016-11-02 11:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 11:43 - 2016-11-02 11:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 11:43 - 2016-11-02 11:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 11:43 - 2016-11-02 11:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 11:43 - 2016-11-02 11:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 11:43 - 2016-11-02 11:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 11:43 - 2016-11-02 11:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 11:43 - 2016-11-02 11:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2016-11-09 11:43 - 2016-11-02 11:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 11:43 - 2016-11-02 11:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 11:43 - 2016-11-02 11:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 11:43 - 2016-11-02 11:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 11:43 - 2016-11-02 11:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 11:43 - 2016-11-02 11:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 11:43 - 2016-11-02 11:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 11:43 - 2016-11-02 11:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 11:43 - 2016-11-02 11:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 11:43 - 2016-11-02 11:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 11:43 - 2016-11-02 11:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 11:43 - 2016-11-02 11:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 11:43 - 2016-11-02 11:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 11:43 - 2016-11-02 11:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 11:43 - 2016-11-02 11:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 11:43 - 2016-11-02 11:19 - 06582784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2016-11-09 11:43 - 2016-11-02 11:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 11:43 - 2016-11-02 11:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 11:43 - 2016-11-02 11:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 11:43 - 2016-11-02 11:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 11:43 - 2016-11-02 11:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 11:43 - 2016-11-02 11:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 11:43 - 2016-11-02 11:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 11:43 - 2016-11-02 11:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 11:43 - 2016-11-02 11:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 11:43 - 2016-11-02 11:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 11:43 - 2016-11-02 11:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 11:43 - 2016-11-02 11:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 11:42 - 2016-11-02 12:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 11:42 - 2016-11-02 12:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 11:42 - 2016-11-02 12:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 11:42 - 2016-11-02 12:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 11:42 - 2016-11-02 12:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 11:42 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 11:42 - 2016-11-02 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 11:42 - 2016-11-02 11:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 11:42 - 2016-11-02 11:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 11:42 - 2016-11-02 11:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 11:42 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 11:42 - 2016-11-02 11:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 11:42 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 11:42 - 2016-11-02 11:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 11:42 - 2016-11-02 11:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 11:42 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 11:42 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 11:42 - 2016-11-02 11:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 11:42 - 2016-11-02 11:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 11:42 - 2016-11-02 11:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 11:42 - 2016-11-02 11:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 11:42 - 2016-11-02 11:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 11:42 - 2016-11-02 11:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-09 11:41 - 2016-11-02 12:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-08 14:06 - 2016-11-08 14:06 - 00051096 _____ C:\Users\nimrod\Downloads\dmahw05.pdf
2016-11-08 14:03 - 2016-11-08 14:03 - 00054106 _____ C:\Users\nimrod\Downloads\dmahw04.pdf
2016-11-08 13:57 - 2016-11-08 13:57 - 00001038 _____ C:\Users\nimrod\Desktop\GtkRadiant.lnk
2016-11-08 13:49 - 2016-11-08 13:50 - 00000000 ____D C:\Games
2016-11-08 13:46 - 2016-11-08 13:46 - 00000000 ____D C:\GameDev
2016-11-08 13:42 - 2016-11-08 13:45 - 81639708 _____ C:\Users\nimrod\Downloads\GtkRadiant-1.6.5-20160813.zip
2016-11-08 09:44 - 2016-11-08 09:47 - 100465664 _____ (SplitCam Co.) C:\Users\nimrod\Downloads\SplitCamSetup.exe
2016-11-07 23:49 - 2016-11-07 23:49 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-11-07 23:49 - 2016-11-07 23:49 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-11-07 23:49 - 2016-11-07 23:49 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-11-07 23:49 - 2016-11-07 23:49 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-11-07 18:08 - 2016-11-07 18:08 - 00000000 ____D C:\Users\nimrod\AppData\Local\CEF
2016-11-07 18:07 - 2016-11-11 13:04 - 00000000 ____D C:\Users\nimrod\AppData\Roaming\obs-studio
2016-11-07 18:01 - 2016-11-07 18:01 - 00001283 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2016-11-07 18:01 - 2016-11-07 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-11-07 18:00 - 2016-11-07 18:00 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-11-07 17:39 - 2016-11-07 18:00 - 99207752 _____ (obsproject.com) C:\Users\nimrod\Downloads\OBS-Studio-0.16.4-Full-Installer.exe
2016-11-06 15:38 - 2016-11-14 10:38 - 00000083 _____ C:\Users\nimrod\AppData\Roaming\hexplorer.dat
2016-11-06 15:38 - 2016-11-14 10:38 - 00000004 _____ C:\Users\nimrod\AppData\Roaming\mclip.dat
2016-11-06 15:35 - 2016-11-06 15:35 - 00001079 _____ C:\Users\Public\Desktop\Hexplorer.lnk
2016-11-06 15:35 - 2016-11-06 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hexplorer
2016-11-06 15:35 - 2016-11-06 15:35 - 00000000 ____D C:\Program Files (x86)\hexplorer
2016-11-06 15:34 - 2016-11-06 15:34 - 00490249 _____ C:\Users\nimrod\Downloads\hex_setup26.exe
2016-11-01 19:14 - 2016-11-01 19:14 - 00000218 _____ C:\Users\nimrod\AppData\Local\recently-used.xbel
2016-11-01 18:41 - 2016-11-10 09:07 - 00000000 ____D C:\Users\nimrod\AppData\Roaming\inkscape
2016-11-01 18:35 - 2016-11-01 18:35 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2016-11-01 18:34 - 2016-11-01 18:34 - 00001084 _____ C:\Users\Public\Desktop\Inkscape.lnk
2016-11-01 18:27 - 2016-11-01 18:36 - 00000000 ____D C:\Program Files (x86)\Inkscape
2016-11-01 12:14 - 2016-11-01 12:14 - 00000000 ____D C:\Users\nimrod\Desktop\Disk Google - aplikace
2016-11-01 08:51 - 2016-11-28 19:11 - 00000000 ___RD C:\Users\nimrod\Disk Google
2016-11-01 08:49 - 2016-11-01 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-10-31 17:28 - 2016-11-23 13:00 - 00001456 _____ C:\Users\nimrod\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-10-31 17:24 - 2016-10-31 17:39 - 00000000 ____D C:\Users\nimrod\AppData\Local\Adobe
2016-10-31 17:24 - 2016-10-31 17:24 - 00000000 ____D C:\Users\nimrod\AppData\LocalLow\Adobe
2016-10-31 17:23 - 2016-10-31 17:23 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-10-31 17:23 - 2016-10-31 17:23 - 00000000 ____D C:\ProgramData\Adobe
2016-10-31 16:51 - 2016-10-31 16:51 - 00001110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poedit.lnk
2016-10-31 16:51 - 2016-10-31 16:51 - 00000000 ____D C:\Users\nimrod\AppData\Roaming\Poedit
2016-10-31 16:51 - 2016-10-31 16:51 - 00000000 ____D C:\Program Files (x86)\Poedit
2016-10-31 06:06 - 2016-10-31 06:06 - 00000000 ____D C:\WINDOWS\system32\0
2016-10-30 20:53 - 2016-11-12 20:15 - 00000000 ____D C:\Users\nimrod\Documents\Diskrétní matematika
2016-10-30 11:18 - 2016-11-17 08:59 - 00001027 _____ C:\Users\nimrod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-10-30 11:18 - 2016-11-01 12:13 - 00001097 _____ C:\Users\nimrod\Desktop\Start Tor Browser.lnk
2016-10-30 11:17 - 2016-10-30 11:18 - 00000000 ____D C:\Program Files\Tor Browser
2016-10-30 11:14 - 2016-10-30 11:25 - 00000000 ____D C:\ONION
2016-10-30 09:17 - 2016-10-30 09:17 - 00001885 _____ C:\Users\nimrod\Desktop\Adobe Photoshop CS5.lnk
2016-10-30 09:14 - 2016-10-30 09:16 - 00000000 ____D C:\Program Files (x86)\Adobe Photoshop
2016-10-29 16:13 - 2016-10-29 16:13 - 09047375 _____ C:\Users\nimrod\Downloads\wordpress-4.6.1-cs_CZ.zip
2016-10-29 16:13 - 2016-10-29 16:13 - 00000000 ____D C:\Users\nimrod\Downloads\wordpress-4.6.1-cs_CZ
2016-10-29 13:29 - 2016-10-29 13:29 - 00611553 _____ C:\Users\nimrod\Downloads\PD_with_Noise.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-28 19:15 - 2016-10-17 07:27 - 00000000 ___RD C:\Users\nimrod\Dropbox
2016-11-28 19:11 - 2016-03-06 12:21 - 00000482 _____ C:\WINDOWS\Tasks\AVG Driver Updater Startup.job
2016-11-28 19:10 - 2016-03-06 12:21 - 00025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2016-11-28 19:09 - 2016-09-30 06:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-28 19:08 - 2016-09-30 05:25 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-11-28 19:08 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-28 19:05 - 2016-09-30 05:31 - 00000000 ____D C:\Users\nimrod
2016-11-28 18:53 - 2016-09-30 05:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-28 18:44 - 2016-01-17 12:41 - 00000000 ____D C:\ProgramData\MFAData
2016-11-28 18:37 - 2016-01-17 11:38 - 00000000 ____D C:\Users\nimrod\AppData\Local\SweetLabs App Platform
2016-11-28 18:18 - 2016-09-30 06:37 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2016-11-27 10:12 - 2016-07-16 07:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2016-11-26 17:45 - 2016-02-18 21:33 - 00000000 ____D C:\Users\nimrod\AppData\LocalLow\Adblock Plus for IE
2016-11-26 17:39 - 2016-10-08 08:05 - 00000000 ____D C:\Users\nimrod\.VirtualBox
2016-11-26 11:25 - 2016-04-15 21:18 - 00001013 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-11-26 11:06 - 2016-09-30 05:22 - 00381632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-25 23:58 - 2016-09-29 14:41 - 00000000 ____D C:\Users\nimrod\AppData\Roaming\Audacity
2016-11-25 13:45 - 2016-07-01 06:41 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2016-11-24 16:10 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-24 16:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-23 16:14 - 2016-10-06 17:29 - 00000000 ____D C:\Users\nimrod\Documents\Proceduální programování
2016-11-23 12:48 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-22 13:49 - 2016-01-17 11:39 - 00000000 ____D C:\Users\nimrod\AppData\Local\Packages
2016-11-19 16:12 - 2016-10-12 13:30 - 00000000 ____D C:\Users\nimrod\Documents\Lineární algebra
2016-11-17 09:50 - 2016-02-11 19:09 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-17 09:04 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-11-13 13:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-12 06:16 - 2016-10-17 07:19 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-11-11 19:01 - 2014-07-25 22:21 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-10 17:52 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-10 17:02 - 2016-10-17 07:19 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-10 17:02 - 2016-10-17 07:19 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-10 09:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-10 09:05 - 2016-10-17 07:19 - 00003982 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-10 09:05 - 2016-10-17 07:19 - 00003750 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-10 08:55 - 2015-03-27 09:40 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 01:14 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 01:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 01:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 01:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 01:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 01:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 22:58 - 2016-10-20 16:57 - 00000000 ____D C:\Users\nimrod\Downloads\RPH
2016-11-09 22:57 - 2016-10-13 19:02 - 00000000 ____D C:\Users\nimrod\Documents\Řešení problémů a hry
2016-11-09 16:36 - 2016-07-01 06:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-11-09 16:25 - 2013-08-22 14:25 - 00000199 _____ C:\WINDOWS\win.ini
2016-11-09 16:23 - 2016-01-18 16:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 16:12 - 2016-01-18 16:12 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 11:23 - 2016-10-12 20:32 - 00000000 ____D C:\Users\nimrod\Downloads\PRP
2016-11-08 00:49 - 2016-10-17 19:40 - 00000000 ____D C:\Users\nimrod\Documents\Soubory aplikace Outlook
2016-11-03 16:49 - 2016-09-30 05:30 - 01806680 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-03 16:49 - 2016-07-16 23:25 - 00598822 _____ C:\WINDOWS\system32\perfh005.dat
2016-11-03 16:49 - 2016-07-16 23:25 - 00142000 _____ C:\WINDOWS\system32\perfc005.dat
2016-11-02 14:29 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-01 08:49 - 2016-08-23 15:26 - 00000000 ____D C:\Users\nimrod\AppData\Local\Google
2016-11-01 08:49 - 2016-08-23 15:26 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-31 19:00 - 2016-10-26 22:50 - 00000000 ____D C:\WWW
2016-10-31 17:28 - 2016-01-17 11:39 - 00000000 ____D C:\Users\nimrod\AppData\Roaming\Adobe
2016-10-30 09:13 - 2016-10-25 23:11 - 00000000 ____D C:\DOSBOX
2016-10-29 00:56 - 2016-07-16 12:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-29 00:56 - 2016-07-16 12:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-11-06 15:38 - 2016-11-14 10:38 - 0000083 _____ () C:\Users\nimrod\AppData\Roaming\hexplorer.dat
2016-11-06 15:38 - 2016-11-14 10:38 - 0000004 _____ () C:\Users\nimrod\AppData\Roaming\mclip.dat
2016-10-31 17:28 - 2016-11-23 13:00 - 0001456 _____ () C:\Users\nimrod\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-11-15 20:54 - 2016-11-15 20:54 - 0003584 _____ () C:\Users\nimrod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-01 19:14 - 2016-11-01 19:14 - 0000218 _____ () C:\Users\nimrod\AppData\Local\recently-used.xbel
2016-10-09 10:30 - 2016-10-09 10:30 - 0000140 _____ () C:\Users\nimrod\AppData\Local\TempDiskpartScript.txt
2016-09-30 05:24 - 2016-09-30 05:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\nimrod\AppData\Local\Temp\libeay32.dll
C:\Users\nimrod\AppData\Local\Temp\msvcr120.dll
C:\Users\nimrod\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-27 10:38

==================== End of FRST.txt ============================

OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
SearchScopes: HKU\S-1-5-21-3945679144-2704933019-1037968180-1001 -> DefaultScope {9DBF876A-CCD0-4F16-AAAD-E781B29531D8} URL =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [394752 2015-07-15] (Apple Inc.) [File not signed]
C:\WINDOWS\system32\đĹź8Ç
C:\WINDOWS\system32\`Ę×±Ç
C:\WINDOWS\system32\ Ëç+ž
C:\WINDOWS\system32\Ç_Ć…
C:\WINDOWS\system32\ĐÄŹŢh
C:\WINDOWS\system32\đŻĎ,µ
C:\WINDOWS\system32\ŕÄÇ,µ
C:\WINDOWS\system32\¸˙,µ
C:\WINDOWS\system32\ŕ­‡l
C:\WINDOWS\system32\ Äżl
C:\WINDOWS\system32\ĆO„C
C:\WINDOWS\system32\Ŕ­÷úY
C:\WINDOWS\system32\0®ď Ë
C:\WINDOWS\system32\ĐÇď Ë
C:\WINDOWS\system32\°ĆÇ}Ą
C:\WINDOWS\system32\°°Gń
C:\WINDOWS\system32\PĘGń
C:\WINDOWS\system32\şoń
C:\WINDOWS\system32\°Şďó©
C:\WINDOWS\system32\đ·
C:\WINDOWS\system32\ Ç÷ó©
C:\WINDOWS\system32\ŔĹWyl
C:\WINDOWS\system32\Đ
C:\WINDOWS\system32\560b2b9c7dee1e270c..bin
C:\WINDOWS\system32\°­Oyl
C:\WINDOWS\system32\pË
C:\WINDOWS\system32\ŔĆ_‘1
C:\WINDOWS\system32\€ąg‘1
C:\WINDOWS\system32\P®
C:\WINDOWS\system32\f207f0aabc56947f60..bin
C:\WINDOWS\system32\°Ç7_ƒ
C:\WINDOWS\system32\˙˙˙˙˙˙˙˙8
C:\WINDOWS\system32\ApnDatabase.xml
C:\Users\nimrod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\DP45977C.lfl
C:\Users\nimrod\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Počítač se restartoval pro dokončení. PowerShell okno stále přetrvává, Google Disk spadl s Traceback chybou (viz příloha).
Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by nimrod (28-11-2016 20:40:16) Run:1
Running from C:\Users\nimrod\Desktop
Loaded Profiles: nimrod (Available Profiles: nimrod)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
SearchScopes: HKU\S-1-5-21-3945679144-2704933019-1037968180-1001 -> DefaultScope {9DBF876A-CCD0-4F16-AAAD-E781B29531D8} URL =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [394752 2015-07-15] (Apple Inc.) [File not signed]
C:\WINDOWS\system32\đĹź8Ç
C:\WINDOWS\system32\`Ę×±Ç
C:\WINDOWS\system32\ Ëç+ž
C:\WINDOWS\system32\Ç_Ć…
C:\WINDOWS\system32\ĐÄŹŢh
C:\WINDOWS\system32\đŻĎ,µ
C:\WINDOWS\system32\ŕÄÇ,µ
C:\WINDOWS\system32\¸˙,µ
C:\WINDOWS\system32\ŕ­‡l
C:\WINDOWS\system32\ Äżl
C:\WINDOWS\system32\ĆO„C
C:\WINDOWS\system32\Ŕ­÷úY
C:\WINDOWS\system32\0®ď Ë
C:\WINDOWS\system32\ĐÇď Ë
C:\WINDOWS\system32\°ĆÇ}Ą
C:\WINDOWS\system32\°°Gń
C:\WINDOWS\system32\PĘGń
C:\WINDOWS\system32\şoń
C:\WINDOWS\system32\°Şďó©
C:\WINDOWS\system32\đ·
C:\WINDOWS\system32\ Ç÷ó©
C:\WINDOWS\system32\ŔĹWyl
C:\WINDOWS\system32\Đ
C:\WINDOWS\system32\560b2b9c7dee1e270c..bin
C:\WINDOWS\system32\°­Oyl
C:\WINDOWS\system32\pË
C:\WINDOWS\system32\ŔĆ_‘1
C:\WINDOWS\system32\€ąg‘1
C:\WINDOWS\system32\P®
C:\WINDOWS\system32\f207f0aabc56947f60..bin
C:\WINDOWS\system32\°Ç7_ƒ
C:\WINDOWS\system32\˙˙˙˙˙˙˙˙8
C:\WINDOWS\system32\ApnDatabase.xml
C:\Users\nimrod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\DP45977C.lfl
C:\Users\nimrod\AppData\Local\Temp

EmptyTemp:
End
*****************

HKU\S-1-5-21-3945679144-2704933019-1037968180-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
Bonjour Service => Unable to stop service.
Bonjour Service => service removed successfully
C:\WINDOWS\system32\đĹź8Ç => moved successfully
C:\WINDOWS\system32\`Ę×±Ç => moved successfully
"C:\WINDOWS\system32\ Ëç+ž" => not found.
C:\WINDOWS\system32\Ç_Ć… => moved successfully
C:\WINDOWS\system32\ĐÄŹŢh => moved successfully
C:\WINDOWS\system32\đŻĎ,µ => moved successfully
C:\WINDOWS\system32\ŕÄÇ,µ => moved successfully
C:\WINDOWS\system32\¸˙,µ => moved successfully
C:\WINDOWS\system32\ŕ­‡l => moved successfully
C:\WINDOWS\system32\ Äżl => moved successfully
C:\WINDOWS\system32\ĆO„C => moved successfully
C:\WINDOWS\system32\Ŕ­÷úY => moved successfully
C:\WINDOWS\system32\0®ď Ë => moved successfully
C:\WINDOWS\system32\ĐÇď Ë => moved successfully
C:\WINDOWS\system32\°ĆÇ}Ą => moved successfully
C:\WINDOWS\system32\°°Gń => moved successfully
C:\WINDOWS\system32\PĘGń => moved successfully
C:\WINDOWS\system32\şoń => moved successfully
C:\WINDOWS\system32\°Şďó© => moved successfully
C:\WINDOWS\system32\đ· => moved successfully
C:\WINDOWS\system32\ Ç÷ó© => moved successfully
C:\WINDOWS\system32\ŔĹWyl => moved successfully
C:\WINDOWS\system32\Đ => moved successfully
C:\WINDOWS\system32\560b2b9c7dee1e270c..bin => moved successfully
C:\WINDOWS\system32\°­Oyl => moved successfully
C:\WINDOWS\system32\pË => moved successfully
C:\WINDOWS\system32\ŔĆ_‘1 => moved successfully
C:\WINDOWS\system32\€ąg‘1 => moved successfully
C:\WINDOWS\system32\P® => moved successfully
C:\WINDOWS\system32\f207f0aabc56947f60..bin => moved successfully
C:\WINDOWS\system32\°Ç7_ƒ => moved successfully
C:\WINDOWS\system32\˙˙˙˙˙˙˙˙8 => moved successfully
C:\WINDOWS\system32\ApnDatabase.xml => moved successfully
C:\Users\nimrod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\nimrod\AppData\Local\Temp" folder move:

Could not move "C:\Users\nimrod\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 141926224 B
Java, Flash, Steam htmlcache => 1544 B
Windows/system/drivers => 12747567 B
Edge => 257938542 B
Chrome => 5557120 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7680 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3266 B
NetworkService => 0 B
nimrod => 263186755 B

RecycleBin => 0 B
EmptyTemp: => 649.8 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-11-2016 20:43:23)

C:\Users\nimrod\AppData\Local\Temp => moved successfully

==== End of Fixlog 20:43:26 ====

Ještě udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Vypadá to, že sken MBAM asi nechám na zítra na odpoledne (spíš navečír). Zítra ráno musím do školy na přednášky a cvika. Jde pozastavit test, že na něj lze navázat po restartu počítače (že ho vypnu a zítra znovu zapnu)? Jde mi o to, aby nebyl počítač přes noc v režimu spánku, což žere baterii víc, než když je vypnutý. Na disku mám totiž ISO zálohy DVD s filmy, které mají běžně kolem 4,5 GB a ještě virtuální počítač s nainstalovaným Linux Ubuntu 64bit, který používám pro programovací úlohy do školy, plus ještě nějaké ulitity a programy, které používám třeba na úpravu obrázků a fotek doma, nebo třeba na občasné stahování filmů. Disk má tak takřka půlku kapacity zaplněnou, z celého 1 TB.

Pozastavuju sken a dávám počítač do režimu spánku (snad se povede sken zase rozjet tam, kde jsem to zastavil).

OK.

Teď se to dere přes manifesty Windows, celkový čas (od začátku první dávky skenu) je 9:45 (h:min), celkový počet zkontrolovaných subjektů je kolem 625 000. Zatím jediný nález. Tak uvidíme, jestli to najde další. Zelená lajna je pořád pouze u souborů, k heuristice se zatím ještě nevydala...

Velmi zvláštní. EOS dělal jakej humbuk, co všechno mám v kompu, a MBAM najde jen toto:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 28. 11. 2016
Čas skenování: 22:05
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.11.28.15
Databáze rootkitů: v2016.11.20.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: nimrod

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 901493
Uplynulý čas: 25 hod, 43 min, 47 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
PUP.Optional.DriverUpdate, C:\WINDOWS\SYSTEM32\drivers\SWDUMon.sys, , [4c2d24eb13f611ac742809a2aaa25be1],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)