Prosím o kontrolu logu

[Kurty]

Prosím o preventivní kontrolu logu. Nic zásadního sice nepozoruji, ale člověk nikdy neví. Při preventivním čištění ADWCleanerem se mi např. opakovaně objevuje:
[C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: slunecnice.cz

Log zde:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Kurty at 2017-02-09 14:03:43
Microsoft Windows 10 Pro
System drive C: has 43 GB (38%) free of 114 GB
Total RAM: 8116 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:03:44, on 09.02.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\trend micro\Kurty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: GV LicenseManager.lnk = C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\Program Files\Microsoft Office\Office16\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} (Launch Control) - file:///E:/launch.ocx
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Grass Valley Download Agent Service (GVDownloadAgentService) - Grass Valley K.K. - C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe
O23 - Service: @oem98.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: This service enables products that use the Nalpeiron Licensing System. (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9426 bytes

======Listing Processes======







winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4d847483-26dd-492d-ae9c-59b33caa0e37 -SystemEventPortName:HostProcess-66f1e310-9dec-4204-beef-67d7b9bb14b1 -IoCancelEventPortName:HostProcess-4d539629-8868-464a-8d71-751bdc73fee8 -NonStateChangingEventPortName:HostProcess-1ece4130-45cd-44ce-9dcb-df482ca95c99 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:51300ff8-889c-4c81-b1d3-63296e99ba4b -DeviceGroupId:WudfDefaultDevicePool

C:\WINDOWS\system32\igfxCUIService.exe
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session -first
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe"
C:\WINDOWS\system32\ibtsiva
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
C:\Windows\SysWOW64\nlssrv32.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"

C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-7add48ed-0075-4232-a2e4-9159a440ad06 -SystemEventPortName:HostProcess-335141be-e22b-489d-9651-3848b8660565 -IoCancelEventPortName:HostProcess-2534f6a2-e028-498c-a89b-deaf8dabbaf7 -NonStateChangingEventPortName:HostProcess-fc834e59-d40d-46a5-98c6-0eb50284c72d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7c781950-553e-41cb-84a1-c01ab08048c2 -DeviceGroupId:WpdFsGroup
dashost.exe {b2837356-b6ce-448b-988930308e7af045}
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe" --xmlFilePath="C:\Users\pavel\AppData\Local\Temp\adobegc_a02424" --workflowInitiator=CSUpdater --xmlFilePath2="C:\Users\Public\Documents\AdobeGC\adobegc_a02424"
"C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe"
"C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe"
"C:\WINDOWS\system32\NOTEPAD.EXE" C:\AdwCleaner\AdwCleaner[C12].txt
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\pavel\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=56.0.2924.87 --initial-client-data=0x1d4,0x1d8,0x1dc,0x1d0,0x1e0,0x7ff9406c1160,0x7ff9406c1140,0x7ff9406c1118
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4464 --on-initialized-event-handle=596 --parent-handle=604 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,*EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,NegotiateTLS13<TLS13Negotiation,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DisableFirstRunAutoImport<DisableFirstRunAutoImport,DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/LanguageInstall/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/Control/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Default/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledOnDisk/PluginPowerSaverTiny/Enabled2/*QUIC/TcpLowatOctober/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/StrictSecureCookies/Enabled/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Enabled/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_77/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,19,23,40,59,71 --gpu-vendor-id=0x8086 --gpu-device-id=0x0416 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=20.19.15.4531 --gpu-driver-date=9-29-2016 --gpu-secondary-vendor-ids=0x10de --gpu-secondary-device-ids=0x0fe3 --service-request-channel-token=75DCDC579778C31B22391186C0A7CF12 --mojo-platform-channel-handle=1296 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,*EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,NegotiateTLS13<TLS13Negotiation,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DisableFirstRunAutoImport<DisableFirstRunAutoImport,DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/LanguageInstall/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/Control/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Default/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledOnDisk/PluginPowerSaverTiny/Enabled2/*QUIC/TcpLowatOctober/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Enabled/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_77/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --primordial-pipe-token=FA939151FF4E0B841C1B6ACDBF6C3CFC --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=FA939151FF4E0B841C1B6ACDBF6C3CFC --renderer-client-id=4 --mojo-platform-channel-handle=2880 /prefetch:1
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,*EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,NegotiateTLS13<TLS13Negotiation,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DisableFirstRunAutoImport<DisableFirstRunAutoImport,DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/LanguageInstall/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/Control/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Default/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledOnDisk/PluginPowerSaverTiny/Enabled2/*QUIC/TcpLowatOctober/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Enabled/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_77/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=A82453BE1527A9B12B2F656F44FE3E05 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=A82453BE1527A9B12B2F656F44FE3E05 --renderer-client-id=13 --mojo-platform-channel-handle=5084 /prefetch:1
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe" -ServerName:RemindersServer

"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe" -ServerName:ActionUriServer
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 644 648 656 8192 652
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\pavel\Desktop\RSITx64.exe"
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK

=========Mozilla firefox=========

ProfilePath - C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\xqldxv2n.default

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.186 Plugin
"Path"=C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.111.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.186 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll


C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\xqldxv2n.default\extensions\
artur.dubovoy@gmail.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-23 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [2016-11-16 1524528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-23 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-08-04 1795912]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01 508128]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22 587288]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GV LicenseManager.lnk - C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe

C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.pDAD"=prodad-codec.dll
"vidc.CDV5"=cdv5codc.dll
"vidc.CLLC"=cllccodc.dll
"vidc.CUVC"=cuvccodc.dll
"vidc.CDVC"=cdvccodc.dll
"vidc.CDVH"=cdvhcodc.dll
"vidc.CMIC"=cmiccodc.dll
"vidc.CHQX"=chqxcodc.dll
"vidc.C210"=c210codc.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-02-09 14:03:43 ----D---- C:\rsit
2017-02-09 14:03:43 ----D---- C:\Program Files\trend micro
2017-02-02 16:39:35 ----D---- C:\WINDOWS\LastGood.Tmp
2017-01-30 17:57:47 ----D---- C:\Users\pavel\AppData\Roaming\Nero
2017-01-25 16:10:33 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2017-01-25 16:10:33 ----A---- C:\WINDOWS\system32\poqexec.exe
2017-01-11 17:26:56 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 17:26:55 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 17:26:54 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2017-01-11 17:26:54 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 17:26:54 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 17:26:54 ----A---- C:\WINDOWS\system32\mfcore.dll
2017-01-11 17:26:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 17:26:53 ----A---- C:\WINDOWS\SYSWOW64\StoreAgent.dll
2017-01-11 17:26:53 ----A---- C:\WINDOWS\SYSWOW64\InstallAgentUserBroker.exe
2017-01-11 17:26:53 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2017-01-11 17:26:53 ----A---- C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 17:26:53 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 17:26:53 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 17:26:53 ----A---- C:\WINDOWS\system32\d2d1.dll
2017-01-11 17:26:52 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.CredDialogController.dll
2017-01-11 17:26:52 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 17:26:52 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BioFeedback.dll
2017-01-11 17:26:52 ----A---- C:\WINDOWS\system32\rdpencom.dll
2017-01-11 17:26:52 ----A---- C:\WINDOWS\system32\rdpcore.dll
2017-01-11 17:26:52 ----A---- C:\WINDOWS\system32\mstscax.dll
2017-01-11 17:26:52 ----A---- C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 17:26:52 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 17:26:52 ----A---- C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 17:26:52 ----A---- C:\WINDOWS\system32\aeinv.dll
2017-01-11 17:26:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2017-01-11 17:26:51 ----A---- C:\WINDOWS\SYSWOW64\offlinesam.dll
2017-01-11 17:26:51 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2017-01-11 17:26:51 ----A---- C:\WINDOWS\system32\wuuhext.dll
2017-01-11 17:26:51 ----A---- C:\WINDOWS\system32\wuaueng.dll
2017-01-11 17:26:51 ----A---- C:\WINDOWS\system32\winlogon.exe
2017-01-11 17:26:51 ----A---- C:\WINDOWS\system32\sppobjs.dll
2017-01-11 17:26:51 ----A---- C:\WINDOWS\system32\samsrv.dll
2017-01-11 17:26:51 ----A---- C:\WINDOWS\system32\offlinesam.dll
2017-01-11 17:26:51 ----A---- C:\WINDOWS\system32\lsasrv.dll
2017-01-11 17:26:51 ----A---- C:\WINDOWS\system32\D3D12.dll
2017-01-11 17:26:50 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2017-01-11 17:26:50 ----A---- C:\WINDOWS\SYSWOW64\aclui.dll
2017-01-11 17:26:50 ----A---- C:\WINDOWS\system32\shell32.dll
2017-01-11 17:26:49 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2017-01-11 17:26:48 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\SYSWOW64\cryptui.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\system32\wuapi.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\system32\wow64.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\system32\WinSCard.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\system32\msv1_0.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\system32\kerberos.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\system32\cryptui.dll
2017-01-11 17:26:48 ----A---- C:\WINDOWS\system32\certprop.dll
2017-01-11 17:26:47 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 17:26:47 ----A---- C:\WINDOWS\SYSWOW64\indexeddbserver.dll
2017-01-11 17:26:47 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2017-01-11 17:26:47 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2017-01-11 17:26:47 ----A---- C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 17:26:46 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2017-01-11 17:26:46 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2017-01-11 17:26:45 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2017-01-11 17:26:45 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2017-01-11 17:26:45 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:26:44 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2017-01-11 17:26:44 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2017-01-11 17:26:44 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 17:26:43 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2017-01-11 17:26:43 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2017-01-11 17:26:43 ----A---- C:\WINDOWS\system32\win32kbase.sys
2017-01-11 17:26:43 ----A---- C:\WINDOWS\system32\Chakra.dll
2017-01-11 17:26:42 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2017-01-11 17:26:42 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 17:26:42 ----A---- C:\WINDOWS\system32\mspaint.exe
2017-01-11 17:26:42 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 17:26:42 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 17:26:41 ----A---- C:\WINDOWS\system32\winmde.dll
2017-01-11 17:26:41 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 17:26:41 ----A---- C:\WINDOWS\system32\twinui.dll
2017-01-11 17:26:41 ----A---- C:\WINDOWS\system32\mshtml.dll
2017-01-11 17:26:41 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 17:26:40 ----A---- C:\WINDOWS\system32\edgehtml.dll
2017-01-11 17:26:39 ----A---- C:\WINDOWS\system32\aadtb.dll
2017-01-11 17:26:38 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:26:38 ----A---- C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 17:26:38 ----A---- C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 17:26:38 ----A---- C:\WINDOWS\system32\AppVClient.exe
2017-01-11 17:26:37 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\usocore.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 17:26:37 ----A---- C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 17:26:36 ----A---- C:\WINDOWS\SYSWOW64\SyncSettings.dll
2017-01-11 17:26:36 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2017-01-11 17:26:36 ----A---- C:\WINDOWS\SYSWOW64\rdpencom.dll
2017-01-11 17:26:36 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2017-01-11 17:26:36 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2017-01-11 17:26:36 ----A---- C:\WINDOWS\SYSWOW64\LaunchWinApp.exe
2017-01-11 17:26:36 ----A---- C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 17:26:36 ----A---- C:\WINDOWS\system32\rdpudd.dll
2017-01-11 17:26:36 ----A---- C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 17:26:36 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 17:26:36 ----A---- C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 17:26:36 ----A---- C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 17:26:36 ----A---- C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 17:26:36 ----A---- C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 17:26:35 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2017-01-11 17:26:35 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2017-01-11 17:26:35 ----A---- C:\WINDOWS\SYSWOW64\LogonController.dll
2017-01-11 17:26:35 ----A---- C:\WINDOWS\SYSWOW64\CloudBackupSettings.dll
2017-01-11 17:26:35 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 17:26:35 ----A---- C:\WINDOWS\system32\win32kfull.sys
2017-01-11 17:26:35 ----A---- C:\WINDOWS\system32\win32k.sys
2017-01-11 17:26:35 ----A---- C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 17:26:35 ----A---- C:\WINDOWS\system32\SRH.dll
2017-01-11 17:26:34 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2017-01-11 17:26:34 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 17:26:34 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 17:26:34 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 17:26:34 ----A---- C:\WINDOWS\system32\dosvc.dll
2017-01-11 17:26:34 ----A---- C:\WINDOWS\system32\domgmt.dll
2017-01-11 17:26:34 ----A---- C:\WINDOWS\system32\ClipUp.exe
2017-01-11 17:26:34 ----A---- C:\WINDOWS\system32\audiosrv.dll
2017-01-11 17:26:34 ----A---- C:\WINDOWS\system32\AudioSes.dll
2017-01-11 17:26:34 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 17:26:34 ----A---- C:\WINDOWS\system32\AudioEng.dll
2017-01-11 17:26:34 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 17:26:34 ----A---- C:\WINDOWS\system32\aclui.dll
2017-01-11 17:26:33 ----A---- C:\WINDOWS\SYSWOW64\mfnetsrc.dll
2017-01-11 17:26:33 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2017-01-11 17:26:33 ----A---- C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 17:26:33 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 17:26:33 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 17:26:33 ----A---- C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 17:26:33 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 17:26:33 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 17:26:32 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2017-01-11 17:26:32 ----A---- C:\WINDOWS\SYSWOW64\mfnetcore.dll
2017-01-11 17:26:32 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2017-01-11 17:26:32 ----A---- C:\WINDOWS\SYSWOW64\MCRecvSrc.dll
2017-01-11 17:26:32 ----A---- C:\WINDOWS\system32\winsrv.dll
2017-01-11 17:26:32 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 17:26:32 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 17:26:32 ----A---- C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 17:26:32 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 17:26:32 ----A---- C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 17:26:32 ----A---- C:\WINDOWS\system32\fhcfg.dll
2017-01-11 17:26:32 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2017-01-11 17:26:32 ----A---- C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 17:26:32 ----A---- C:\WINDOWS\system32\cloudAP.dll
2017-01-11 17:26:31 ----A---- C:\WINDOWS\system32\securekernel.exe
2017-01-11 17:26:31 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 17:26:31 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2017-01-11 17:26:27 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 17:26:26 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2017-01-11 17:26:26 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 17:26:25 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2017-01-11 17:26:25 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2017-01-11 17:26:25 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2017-01-11 17:26:25 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2017-01-11 17:26:25 ----A---- C:\WINDOWS\system32\LogonController.dll
2017-01-11 17:26:23 ----A---- C:\WINDOWS\SYSWOW64\AppVEntSubsystems32.dll
2017-01-11 17:26:23 ----A---- C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 17:26:23 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 17:26:22 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2017-01-11 17:26:22 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2017-01-11 17:26:22 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2017-01-11 17:26:22 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 17:26:21 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:26:21 ----A---- C:\WINDOWS\system32\provengine.dll
2017-01-11 17:26:20 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2017-01-11 17:26:20 ----A---- C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 17:26:20 ----A---- C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 17:26:20 ----A---- C:\WINDOWS\system32\KnobsCore.dll

======List of files/folders modified in the last 1 month======

2017-02-09 14:03:43 ----RD---- C:\Program Files
2017-02-09 14:03:17 ----D---- C:\WINDOWS\Temp
2017-02-09 14:02:19 ----D---- C:\WINDOWS\System32
2017-02-09 14:02:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-09 14:01:28 ----D---- C:\WINDOWS\Prefetch
2017-02-09 14:00:53 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-09 13:59:57 ----AD---- C:\Windows
2017-02-09 13:59:34 ----D---- C:\WINDOWS\system32\sru
2017-02-09 13:59:30 ----D---- C:\AdwCleaner
2017-02-09 13:58:21 ----D---- C:\Users\pavel\AppData\Roaming\XnView
2017-02-09 13:58:20 ----D---- C:\WINDOWS\INF
2017-02-09 13:58:19 ----D---- C:\WINDOWS\debug
2017-02-09 13:18:31 ----D---- C:\WINDOWS\system32\SleepStudy
2017-02-09 07:58:28 ----RSD---- C:\WINDOWS\Fonts
2017-02-09 06:52:01 ----RD---- C:\WINDOWS\Microsoft.NET
2017-02-08 15:39:55 ----D---- C:\Users\pavel\AppData\Roaming\vlc
2017-02-08 07:21:26 ----D---- C:\WINDOWS\SoftwareDistribution
2017-02-08 07:21:10 ----D---- C:\WINDOWS\system32\drivers
2017-02-08 07:17:28 ----SHDC---- C:\WINDOWS\Installer
2017-02-08 07:17:27 ----AD---- C:\Users\pavel\AppData\Roaming\.minecraft
2017-02-08 07:17:12 ----RD---- C:\Program Files (x86)
2017-02-08 07:17:12 ----D---- C:\WINDOWS\system32\Tasks
2017-02-08 07:17:10 ----SHD---- C:\System Volume Information
2017-02-08 07:17:10 ----D---- C:\WINDOWS\system32\catroot2
2017-02-07 18:53:43 ----D---- C:\WINDOWS\system32\config
2017-02-04 07:35:06 ----D---- C:\WINDOWS\AppReadiness
2017-02-02 20:07:06 ----D---- C:\WINDOWS\WinSxS
2017-02-02 16:39:35 ----D---- C:\WINDOWS\system32\DriverStore
2017-02-02 16:39:35 ----D---- C:\WINDOWS\system32\CatRoot
2017-02-02 13:22:31 ----HD---- C:\Program Files\WindowsApps
2017-01-30 18:13:12 ----D---- C:\WINDOWS\system32\LogFiles
2017-01-30 18:00:14 ----D---- C:\Program Files (x86)\Common Files
2017-01-30 18:00:11 ----HD---- C:\ProgramData
2017-01-30 17:58:30 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-01-26 17:06:49 ----AD---- C:\Program Files (x86)\TagScanner
2017-01-25 16:31:46 ----D---- C:\WINDOWS\CbsTemp
2017-01-25 16:31:26 ----AD---- C:\WINDOWS\SysWOW64
2017-01-14 07:48:01 ----D---- C:\WINDOWS\rescache
2017-01-11 17:52:19 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 17:52:19 ----D---- C:\WINDOWS\system32\wbem
2017-01-11 17:52:19 ----D---- C:\WINDOWS\system32\oobe
2017-01-11 17:52:18 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2017-01-11 17:52:18 ----D---- C:\WINDOWS\ShellExperiences
2017-01-11 17:52:18 ----D---- C:\WINDOWS\Provisioning
2017-01-11 17:52:18 ----D---- C:\WINDOWS\PolicyDefinitions
2017-01-11 17:52:18 ----D---- C:\Program Files\Internet Explorer
2017-01-11 17:52:18 ----D---- C:\Program Files (x86)\Internet Explorer
2017-01-11 17:34:37 ----D---- C:\ProgramData\Microsoft Help
2017-01-11 17:34:19 ----D---- C:\WINDOWS\system32\MRT
2017-01-11 17:32:56 ----AC---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 edevmon;edevmon; C:\WINDOWS\system32\DRIVERS\edevmon.sys [2015-07-14 251632]
R0 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2016-11-20 84616]
R0 IntelHSWPcc;IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [2015-08-04 88256]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R0 pwdrvio;pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [2013-09-30 19152]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2016-11-20 262792]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2016-11-20 197248]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 32200]
R1 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2016-11-20 208520]
R1 EpfwLWF;@oem14.inf,%EpfwLWF_Desc%;ESET Personal Firewall; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [2016-11-20 61568]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-07-16 88576]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-07-16 8192]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R2 ekbdflt;ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [2016-11-20 153216]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2016-07-16 48128]
R2 npf;NetGroup Packet Filter Driver; \??\C:\WINDOWS\system32\drivers\npf.sys [2015-10-12 36600]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2016-07-16 78336]
R3 ACPIVPC;@oem3.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2015-08-04 42328]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-08-20 84992]
R3 dg_ssudbus;@oem79.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
R3 ibtusb;@oem98.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2016-12-12 230656]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2016-11-01 7966192]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\WINDOWS\System32\drivers\L1C63x64.sys [2016-07-16 121344]
R3 MEIx64;@oem77.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [2015-09-08 193336]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2016-07-16 3485696]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2015-08-04 11142984]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-08-04 42696]
R3 ssudmdm;@oem56.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-09-05 165504]
R3 SynTP;@oem26.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2015-08-04 613576]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2016-08-28 15488]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-07-16 105824]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-07-16 101216]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2016-07-16 58720]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2016-07-16 61792]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2016-07-16 32096]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2016-09-15 127328]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2016-07-16 157024]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2016-07-16 141152]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2016-07-16 9728]
S3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth Stereo; C:\WINDOWS\system32\drivers\BthA2DP.sys [2016-09-15 168448]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2016-08-20 114176]
S3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth Hands-Free; C:\WINDOWS\System32\drivers\BthHfAud.sys [2016-07-16 37376]
S3 BthLEEnum;@BthLEEnum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-09-15 249856]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2016-10-05 128512]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2016-11-11 967168]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-07-16 38912]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-09-10 118272]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-07-16 20480]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-07-16 50016]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-08-06 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2016-07-16 81408]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-07-16 176384]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2016-07-16 526176]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 IntcDAud;@oem88.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2016-05-12 481768]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 IT9135BDA;IT9135 BDA Devices; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [2016-05-06 188280]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-07-16 842584]
S3 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2016-07-16 179040]
S3 mvusbews;USB EWS Device; C:\WINDOWS\System32\Drivers\mvusbews.sys [2012-11-08 19968]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2016-07-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 pwdspio;pwdspio; \??\C:\WINDOWS\system32\pwdspio.sys [2013-09-30 12504]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2016-07-16 928608]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2016-07-16 183808]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AdobeUpdateService;AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-10-12 744640]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-01-19 2227312]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 CDPUserSvc_4e3d8;CDPUserSvc_4e3d8; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-11-20 2771848]
R2 GVDownloadAgentService;Grass Valley Download Agent Service; C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe [2016-06-15 68536]
R2 ibtsiva;@oem98.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2016-11-01 373744]
R2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.; C:\Windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2015-07-23 937800]
R2 OneSyncSvc_4e3d8;Hostitel synchronizace_4e3d8; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-08-04 249032]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [2015-08-04 1104176]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 PimIndexMaintenanceSvc_4e3d8;Data kontaktů_4e3d8; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-22 270936]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2016-11-01 301552]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-07-16 93184]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2015-08-04 1369904]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService_4e3d8;Služba zasílání zpráv_4e3d8; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 242864]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-09-15 2889896]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-09-07 1312768]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2016-07-16 287744]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2016-12-14 822624]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]

-----------------EOF-----------------

[Kodlz]

Ahoj.
-poprosim te pomoci tohoto navodu sem vlozit log (FRST.txt i Addition.txt) z FRST:
http://forum.viry.cz/viewtopic.php?f=30&t=133101

[Kurty]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Kurty (administrator) on DESKTOP-7SROIJE (10-02-2017 10:05:52)
Running from C:\Users\pavel\Desktop
Loaded Profiles: Kurty (Available Profiles: Kurty)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Grass Valley K.K.) C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Grass Valley K.K.) C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
() C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\InDesign.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(forum.viry.cz) C:\Users\pavel\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-08-04] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GV LicenseManager.lnk [2016-07-07]
ShortcutTarget: GV LicenseManager.lnk -> C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe (Grass Valley K.K.)
Startup: C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2016-01-23]
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2a030543-f6bd-4360-8c51-193cb0560c44}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bebf834c-5b21-4e53-9144-a63a68d68dd9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-396773449-1152362169-3175356385-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://windows.microsoft.com/cs-cz/hotmail/home?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-23] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-23] (Oracle Corporation)
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/launch.ocx
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-396773449-1152362169-3175356385-1001 -> hxxps://www.seznam.cz/

FireFox:
========
FF DefaultProfile: xqldxv2n.default
FF ProfilePath: C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\xqldxv2n.default [2017-02-10]
FF Homepage: Mozilla\Firefox\Profiles\xqldxv2n.default -> hxxps://www.seznam.cz/
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\xqldxv2n.default\Extensions\artur.dubovoy@gmail.com [2017-01-07]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\xqldxv2n.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-08]
FF Extension: (Adblock Plus) - C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\xqldxv2n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-22] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-22] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default [2017-02-10]
CHR Extension: (Prezentace Google) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-04]
CHR Extension: (Dokumenty Google) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-04]
CHR Extension: (Disk Google) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Vyhledávání Google) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
CHR Extension: (Tabulky Google) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-08-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-04]
CHR Extension: (Chrome Media Router) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Profile: C:\Users\pavel\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2771848 2016-11-20] (ESET)
R2 GVDownloadAgentService; C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe [68536 2016-06-15] (Grass Valley K.K.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-08-04] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2016-11-20] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-08-28] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [197248 2016-11-20] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [153216 2016-11-20] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [208520 2016-11-20] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [61568 2016-11-20] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [84616 2016-11-20] (ESET)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-08-04] (Intel Corporation)
S3 IT9135BDA; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [188280 2016-05-06] (ITE )
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-10-12] (Riverbed Technology, Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-04] (Synaptics Incorporated)
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [648872 2015-09-03] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-10 10:05 - 2017-02-10 10:06 - 00019010 _____ C:\Users\pavel\Desktop\FRST.txt
2017-02-10 10:05 - 2017-02-10 10:05 - 00000000 ____D C:\FRST
2017-02-10 10:04 - 2017-02-10 10:04 - 00112640 _____ (forum.viry.cz) C:\Users\pavel\Desktop\FRSTLauncher.exe
2017-02-10 10:03 - 2017-02-10 10:03 - 00112640 _____ (forum.viry.cz) C:\Users\pavel\Desktop\Nepotvrzeno 821560.crdownload
2017-02-10 10:02 - 2017-02-10 10:02 - 00112640 _____ (forum.viry.cz) C:\Users\pavel\Desktop\Nepotvrzeno 978795.crdownload
2017-02-10 10:02 - 2017-02-10 10:02 - 00112640 _____ (forum.viry.cz) C:\Users\pavel\Desktop\Nepotvrzeno 515792.crdownload
2017-02-10 10:01 - 2017-02-10 10:04 - 02421248 _____ (Farbar) C:\Users\pavel\Desktop\FRST64.exe
2017-02-10 08:38 - 2017-02-10 09:48 - 00000151 _____ C:\Users\pavel\Desktop\Zbývá.txt
2017-02-10 08:34 - 2017-02-10 08:34 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignce88e3806754e20b
2017-02-10 08:34 - 2017-02-10 08:34 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign9dea0b15c3dce9d0
2017-02-10 08:32 - 2017-02-10 08:32 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign5f72c40c307ebbb4
2017-02-10 08:32 - 2017-02-10 08:32 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign190207d85b1e4273
2017-02-09 18:14 - 2017-02-09 18:14 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigna4f66ad427c19683
2017-02-09 18:14 - 2017-02-09 18:14 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign42e10f032d532678
2017-02-09 15:23 - 2017-02-09 15:23 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign8e2a556ff8e99ae0
2017-02-09 15:22 - 2017-02-09 15:22 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign12b6923b38bb6b8b
2017-02-09 15:08 - 2017-02-09 15:08 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign679e7661cc0ca794
2017-02-09 15:08 - 2017-02-09 15:08 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign422c94e7fcaeb7a0
2017-02-09 14:03 - 2017-02-09 14:03 - 00000000 ____D C:\rsit
2017-02-09 14:03 - 2017-02-09 14:03 - 00000000 ____D C:\Program Files\trend micro
2017-02-09 13:43 - 2017-02-09 13:43 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign1f1474e96e2c6560
2017-02-09 11:31 - 2017-02-09 11:31 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignd3b137a60f5c432c
2017-02-09 11:31 - 2017-02-09 11:31 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign7dd7138107479a0a
2017-02-09 10:28 - 2017-02-09 10:28 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign09bdbc04c3494748
2017-02-09 10:27 - 2017-02-09 10:27 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignc147f6a46082b084
2017-02-09 10:27 - 2017-02-09 10:27 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign400a5c7a6a8ac746
2017-02-09 10:25 - 2017-02-09 10:25 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign3bb14ef69708d1c7
2017-02-09 10:25 - 2017-02-09 10:25 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign3437f36a9ce83327
2017-02-09 10:07 - 2017-02-09 10:07 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign19d76e9f034871b7
2017-02-09 10:06 - 2017-02-09 10:06 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign9a8c6acbc76ad741
2017-02-09 10:06 - 2017-02-09 10:06 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign7a61035bdc5d4280
2017-02-09 10:03 - 2017-02-09 10:03 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign268dcb084baf56cc
2017-02-09 10:03 - 2017-02-09 10:03 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign1a4fceda3ef4ef07
2017-02-09 09:41 - 2017-02-09 09:41 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignff8f277e5c652201
2017-02-09 09:41 - 2017-02-09 09:41 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign08150ebd2fa15f47
2017-02-09 09:33 - 2017-02-09 09:33 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignb9deeb32256b88ea
2017-02-09 09:33 - 2017-02-09 09:33 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign49ccb8c7106c95a3
2017-02-09 09:26 - 2017-02-09 09:26 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign495500d9dc28e8a3
2017-02-09 09:26 - 2017-02-09 09:26 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign048674c3521111fb
2017-02-09 09:22 - 2017-02-09 09:22 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign49b9fe988de9d04d
2017-02-09 09:22 - 2017-02-09 09:22 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign144afffa68d650ec
2017-02-09 09:04 - 2017-02-09 09:04 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignbe4ea09484a64653
2017-02-09 08:41 - 2017-02-09 08:41 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign6fd49edb6d69b1bf
2017-02-09 08:34 - 2017-02-09 08:34 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigneb5deaa4f61c247d
2017-02-09 08:32 - 2017-02-09 08:32 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign5c7d90fb23fffab9
2017-02-09 08:28 - 2017-02-09 08:28 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigncd730e0f3bbefb5a
2017-02-09 08:28 - 2017-02-09 08:28 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign126c5ae86833a3e8
2017-02-09 07:36 - 2017-02-09 07:36 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign873403dfa0c6afd8
2017-02-09 07:36 - 2017-02-09 07:36 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign7a0f8f9d1dd6d27e
2017-02-09 07:36 - 2017-02-09 07:36 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign0cfc0863a59f4e54
2017-02-09 07:19 - 2017-02-09 07:19 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignae82e95a4619ab13
2017-02-09 07:19 - 2017-02-09 07:19 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign8c44a71c14b0a633
2017-02-08 16:43 - 2017-02-08 16:43 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignf88fd64295a8cf4f
2017-02-08 16:43 - 2017-02-08 16:43 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign24069808c175efd6
2017-02-08 16:25 - 2017-02-08 16:25 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignb5654d51ff27d7bf
2017-02-08 16:25 - 2017-02-08 16:25 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign3c7971c9bd53512e
2017-02-08 15:46 - 2017-02-08 15:46 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignf3a7c2be4a43beec
2017-02-08 15:46 - 2017-02-08 15:46 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignb0c8d9b4402d1b0d
2017-02-08 12:33 - 2017-02-08 12:33 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign3ad7daab0b20b127
2017-02-08 09:07 - 2017-02-08 09:07 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigne2ba137888181a58
2017-02-08 09:07 - 2017-02-08 09:07 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignb14f1c526d2b8178
2017-02-08 09:00 - 2017-02-08 09:00 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignf8d2eb1d07231c07
2017-02-08 09:00 - 2017-02-08 09:00 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign97bb3df325e13c54
2017-02-08 07:17 - 2017-02-08 07:17 - 00000000 ____D C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-02-07 18:59 - 2017-02-07 18:59 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign8ffccff223533059
2017-02-07 18:59 - 2017-02-07 18:59 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign37cb52281a9bad1b
2017-02-05 16:20 - 2017-02-05 16:20 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign9e37d3d4f76d523c
2017-02-05 16:20 - 2017-02-05 16:20 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign4f452a5a12a1efd9
2017-02-05 15:16 - 2017-02-05 15:16 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignd6544e599d88a07d
2017-02-05 15:16 - 2017-02-05 15:16 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign3750e9bce4a28c78
2017-02-05 14:08 - 2017-02-05 14:08 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignfcc349773f8b3990
2017-02-05 14:08 - 2017-02-05 14:08 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign38d737232ec01e63
2017-02-05 14:07 - 2017-02-05 14:07 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign81e20a862297c450
2017-02-05 14:07 - 2017-02-05 14:07 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign23ffa023ead70515
2017-02-05 13:24 - 2017-02-05 13:24 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignefe13540eef5b890
2017-02-05 13:24 - 2017-02-05 13:24 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign404e0323cbeabf80
2017-02-05 13:18 - 2017-02-05 13:18 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignf508787a534faf14
2017-02-05 13:18 - 2017-02-05 13:18 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign870bbdd81d5341ed
2017-02-05 12:36 - 2017-02-05 12:36 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignba4d2f89e2dec45e
2017-02-05 12:36 - 2017-02-05 12:36 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign7fc16082a5b4a6e8
2017-02-05 12:31 - 2017-02-05 12:31 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigneeae7b9fb882a991
2017-02-05 12:31 - 2017-02-05 12:31 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign418e5e6812941513
2017-02-05 11:19 - 2017-02-05 11:19 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign57c83cf718644d1b
2017-02-05 11:16 - 2017-02-05 11:16 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignef9635a7b418be89
2017-02-05 11:16 - 2017-02-05 11:16 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign7b0032529827cbc1
2017-02-05 11:10 - 2017-02-05 11:10 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign58f838bd5575c688
2017-02-05 10:45 - 2017-02-05 10:45 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign69603542e4c9c0ef
2017-02-05 10:44 - 2017-02-05 10:44 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigne9cc254582d1d87a
2017-02-05 10:44 - 2017-02-05 10:44 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign4dab9f0e1f1d4e28
2017-02-05 10:44 - 2017-02-05 10:44 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign328084e518a67271
2017-02-05 10:29 - 2017-02-05 10:29 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignb270c4592973ed1a
2017-02-05 10:29 - 2017-02-05 10:29 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign208699c2652b0be5
2017-02-05 10:12 - 2017-02-05 10:12 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigne3c924789ca510cb
2017-02-05 10:12 - 2017-02-05 10:12 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignacb26c7120f9db95
2017-02-05 10:08 - 2017-02-05 10:08 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignc9a0b7c73f14d691
2017-02-05 10:08 - 2017-02-05 10:08 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign71e8d3471d66cb3b
2017-02-05 10:00 - 2017-02-05 10:00 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigne4af1ca2dd0e54ce
2017-02-05 10:00 - 2017-02-05 10:00 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigncd3c23c42117f709
2017-02-05 09:58 - 2017-02-05 09:58 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign52d1cd690fc18c71
2017-02-05 09:58 - 2017-02-05 09:58 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign4c042433b65e221c
2017-02-05 08:50 - 2017-02-05 08:50 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignfdcc36c20610fece
2017-02-05 08:12 - 2017-02-05 08:12 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigndafb0909fc744ad1
2017-02-05 08:11 - 2017-02-05 08:11 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign451a8c8cbd92cc83
2017-02-05 08:10 - 2017-02-05 08:10 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignf5a872985ea28c6b
2017-02-05 08:10 - 2017-02-05 08:10 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignce52414dcd2d5b18
2017-02-05 08:10 - 2017-02-05 08:10 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign7adc35ab8e58aa34
2017-02-03 13:13 - 2017-02-03 13:13 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignc04360b99bede656
2017-02-03 13:13 - 2017-02-03 13:13 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign744c95d4220aa7c3
2017-02-03 12:45 - 2017-02-03 12:45 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign6d1bd2b597ebb5dc
2017-02-03 12:45 - 2017-02-03 12:45 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign18a89f991330d0dc
2017-02-03 12:39 - 2017-02-03 12:39 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign321d789fa92049e8
2017-02-03 12:39 - 2017-02-03 12:39 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign106b94afcea9bff9
2017-02-03 09:25 - 2017-02-03 09:25 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignbecc7bac9d4e673b
2017-02-03 09:25 - 2017-02-03 09:25 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign57caf86795d04bd0
2017-02-03 09:12 - 2017-02-03 09:12 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignf66413620475d5eb
2017-02-03 09:12 - 2017-02-03 09:12 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign732cbc490a23b247
2017-02-03 09:08 - 2017-02-03 09:08 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign5a634f83cd1b9004
2017-02-03 09:06 - 2017-02-03 09:06 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignf0885f2e27d46fc2
2017-02-03 09:06 - 2017-02-03 09:06 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignc4493d1e8f360be8
2017-02-03 09:06 - 2017-02-03 09:06 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignbab9b7582b90b670
2017-02-03 09:06 - 2017-02-03 09:06 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignacf3faad7127b24e
2017-02-03 08:22 - 2017-02-03 08:22 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignbc455784a8688795
2017-02-03 08:21 - 2017-02-03 08:21 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign46892c0b889f18af
2017-02-03 08:20 - 2017-02-03 08:20 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign355e26158367bc37
2017-02-02 19:58 - 2017-02-02 19:58 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigne176d067c9b23c94
2017-02-02 19:58 - 2017-02-02 19:58 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign5e9b020170c3691d
2017-02-02 18:07 - 2017-02-02 18:07 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignf5f2beae3b3c445e
2017-02-02 18:07 - 2017-02-02 18:07 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign9ea6cd4dbaaf9252
2017-02-02 17:56 - 2017-02-02 17:56 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigne9b0b0369eeceffa
2017-02-02 17:56 - 2017-02-02 17:56 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignb4f875cd4bbd98cd
2017-02-02 17:56 - 2017-02-02 17:56 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign6a14cfa58a6ee3da
2017-02-02 16:50 - 2017-02-02 16:50 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign186a9c5fb9aba815
2017-02-02 16:47 - 2017-02-02 16:47 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignf1f2bbf52b9e0fbb
2017-02-02 16:39 - 2017-02-02 16:39 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-02 15:56 - 2017-02-02 15:56 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign9f496223a46dbcd2
2017-02-02 15:19 - 2017-02-02 15:19 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign8b230b16e0dfcd23
2017-02-02 14:39 - 2017-02-02 14:39 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigncf3596b70aa4f1b0
2017-02-02 14:28 - 2017-02-02 14:28 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign4fa1a97a45dfe137
2017-02-02 14:21 - 2017-02-02 14:21 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigna65c6c22a8908526
2017-02-02 14:14 - 2017-02-02 14:14 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign1d8869419ea5a253
2017-02-02 14:13 - 2017-02-02 14:13 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign4b1531a5c262ce0d
2017-02-02 14:10 - 2017-02-02 14:10 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign6ff5793769122bfc
2017-02-02 14:10 - 2017-02-02 14:10 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign449075247b2844f9
2017-01-30 19:22 - 2017-01-30 19:22 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign3f844d94fbfc178b
2017-01-30 19:22 - 2017-01-30 19:22 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign2827490b27c19db1
2017-01-30 18:51 - 2017-01-30 18:51 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignc7dd45b3d4791ef5
2017-01-30 18:51 - 2017-01-30 18:51 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign58d34ecb8812ba4f
2017-01-30 17:57 - 2017-01-30 17:57 - 00000000 ____D C:\Users\pavel\AppData\Roaming\Nero
2017-01-28 17:17 - 2017-01-28 17:17 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignafe02ea67a16d00e
2017-01-28 17:17 - 2017-01-28 17:17 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign9d73b10e6f145111
2017-01-28 16:44 - 2017-01-28 16:44 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigne5c95388c7c687b9
2017-01-28 16:44 - 2017-01-28 16:44 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign6b1093c66639f25b
2017-01-28 16:24 - 2017-01-28 16:24 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign7a3d97ae74c410f4
2017-01-28 16:24 - 2017-01-28 16:24 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign6d525821bf15d049
2017-01-28 16:21 - 2017-01-28 16:21 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsigne806ec6d74dce006
2017-01-27 16:37 - 2017-01-27 16:37 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign6b9da286781d1863
2017-01-27 16:27 - 2017-01-27 16:27 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign1aff4028c03f8f30
2017-01-27 16:25 - 2017-01-27 16:25 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign4b77da1e92ad31e7
2017-01-27 16:24 - 2017-01-27 16:24 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign521079de7c3c60f3
2017-01-26 17:19 - 2017-01-26 17:19 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign5f37559bd710e8dc
2017-01-26 17:16 - 2017-01-26 17:16 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignde40bc422b219377
2017-01-26 17:16 - 2017-01-26 17:16 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign1cb90af9859af0fc
2017-01-25 16:45 - 2017-01-25 16:45 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign9269ca710c2d2217
2017-01-25 16:45 - 2017-01-25 16:45 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign6a05de4b51564e40
2017-01-25 16:10 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 16:10 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-23 19:33 - 2017-01-23 19:33 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignbde5850693accbf8
2017-01-23 19:33 - 2017-01-23 19:33 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign4ec48f6a0653b0e0
2017-01-22 14:38 - 2017-01-22 14:38 - 00467558 _____ C:\Users\pavel\Downloads\TH_20160707-20170122.pdf
2017-01-22 14:38 - 2017-01-22 14:38 - 00467558 _____ C:\Users\pavel\Downloads\TH_20160707-20170122 (1).pdf
2017-01-22 13:22 - 2017-01-22 13:22 - 00071643 _____ C:\Users\pavel\Downloads\nazev_dokumentu-22_01_2017_13_20_29,029-CS41000013382982.PDF
2017-01-12 17:47 - 2017-01-12 17:47 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignf79f16f44806824a
2017-01-12 17:47 - 2017-01-12 17:47 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignad3677d4b72cbce6
2017-01-12 17:47 - 2017-01-12 17:47 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign735fb933a4ce461b
2017-01-12 17:47 - 2017-01-12 17:47 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign67895fdd6b4fcef6
2017-01-12 16:39 - 2017-01-12 16:39 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign8e0db72d1250bbed
2017-01-12 16:38 - 2017-01-12 16:38 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign11b36b41b09e6cac
2017-01-12 16:37 - 2017-01-12 16:37 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign9e3cea8dba5b2022
2017-01-12 16:33 - 2017-01-12 16:33 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign8f828b999f917174
2017-01-12 16:33 - 2017-01-12 16:33 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign5a1c5b5bd71b6c79
2017-01-11 17:26 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 17:26 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 17:26 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 17:26 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 17:26 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 17:26 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 17:26 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 17:26 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 17:26 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 17:26 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 17:26 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 17:26 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 17:26 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 17:26 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 17:26 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 17:26 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 17:26 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 17:26 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 17:26 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 17:26 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 17:26 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 17:26 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 17:26 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 17:26 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 17:26 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 17:26 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 17:26 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 17:26 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 17:26 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 17:26 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 17:26 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 17:26 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 17:26 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 17:26 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 17:26 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 17:26 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 17:26 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 17:26 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 17:26 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 17:26 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 17:26 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 17:26 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 17:26 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 17:26 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 17:26 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 17:26 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 17:26 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 17:26 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 17:26 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 17:26 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 17:26 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 17:26 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 17:26 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 17:26 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 17:26 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 17:26 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 17:26 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 17:26 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 17:26 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 17:26 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 17:26 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 17:26 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 17:26 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 17:26 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 17:26 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 17:26 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 17:26 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 17:26 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 17:26 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 17:26 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 17:26 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 17:26 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:26 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 17:26 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 17:26 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 17:26 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 17:26 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 17:26 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 17:26 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 17:26 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 17:26 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 17:26 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 17:26 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 17:26 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 17:26 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 17:26 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 17:26 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 17:26 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 17:26 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 17:26 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 17:26 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 17:26 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 17:26 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 17:26 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 17:26 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 17:26 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 17:26 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 17:26 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 17:26 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 17:26 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 17:26 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 17:26 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 17:26 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 17:26 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 17:26 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 17:26 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 17:26 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 17:26 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 17:26 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 17:26 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 17:26 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 17:26 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 17:26 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 17:26 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 17:26 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 17:26 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 17:26 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 17:26 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 17:26 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 17:26 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 17:26 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 17:26 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 17:26 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 17:26 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 17:26 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:26 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 17:26 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 17:26 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 17:26 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 17:26 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 17:26 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 17:26 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:26 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 17:26 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 17:26 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 17:26 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 17:26 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 17:26 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 17:26 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 17:26 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 17:26 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 17:26 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 17:26 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 17:26 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 17:26 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 17:26 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 17:26 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 17:26 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 17:26 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 17:26 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 17:26 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 17:26 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 17:26 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 17:26 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 17:26 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 17:26 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 17:26 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 17:26 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 17:26 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 17:26 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 17:26 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 17:26 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 17:26 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 17:26 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 17:26 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 17:26 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:26 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 17:26 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 17:26 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-10 10:04 - 2016-12-10 15:49 - 00000000 ____D C:\Users\pavel\AppData\LocalLow\Mozilla
2017-02-10 08:55 - 2015-08-04 13:53 - 00001480 _____ C:\Users\pavel\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2017-02-10 08:00 - 2016-08-03 19:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-10 07:46 - 2016-08-03 19:26 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-09 15:29 - 2015-08-04 11:16 - 00000000 ____D C:\Users\pavel\AppData\Local\CrashDumps
2017-02-09 14:28 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-09 14:04 - 2016-07-16 23:25 - 01571382 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-09 14:04 - 2016-07-16 23:25 - 00416892 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-09 14:04 - 2015-08-04 07:03 - 03619104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-09 13:59 - 2016-12-10 16:37 - 00000000 ____D C:\AdwCleaner
2017-02-09 13:59 - 2016-08-03 19:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-09 13:59 - 2016-08-03 19:24 - 08123136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-09 13:59 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-09 13:58 - 2015-08-04 11:26 - 00000000 ____D C:\Users\pavel\AppData\Roaming\XnView
2017-02-08 15:39 - 2015-09-29 16:54 - 00000000 ____D C:\Users\pavel\AppData\Roaming\vlc
2017-02-08 07:17 - 2016-12-23 13:23 - 00000000 ____D C:\Users\pavel\AppData\Roaming\.minecraft
2017-02-07 18:44 - 2015-09-13 09:19 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-05 10:44 - 2015-08-04 13:59 - 00000033 _____ C:\Users\pavel\AppData\Roaming\AdobeWLCMCache.dat
2017-02-04 07:35 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-02 13:22 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-30 17:58 - 2015-08-26 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-26 17:06 - 2015-08-04 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2017-01-26 17:06 - 2015-08-04 11:27 - 00000000 ____D C:\Program Files (x86)\TagScanner
2017-01-25 16:31 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-23 20:37 - 2015-08-04 13:40 - 00000000 ____D C:\Users\pavel\Documents\Edius
2017-01-20 12:47 - 2017-01-10 18:14 - 00000000 ____D C:\Users\pavel\Documents\Nuendo
2017-01-14 07:48 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 19:00 - 2015-08-04 12:21 - 00000000 ____D C:\Users\pavel\AppData\Roaming\AnvSoft
2017-01-11 17:53 - 2015-08-04 07:13 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 17:52 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 17:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 17:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 17:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 17:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 17:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 17:34 - 2015-08-13 06:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 17:32 - 2015-08-13 06:31 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 16:49 - 2016-11-21 17:53 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-01-11 16:21 - 2016-11-24 20:49 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2015-08-04 13:59 - 2017-02-05 10:44 - 0000033 _____ () C:\Users\pavel\AppData\Roaming\AdobeWLCMCache.dat
2015-08-04 13:53 - 2017-02-10 08:55 - 0001480 _____ () C:\Users\pavel\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2015-08-17 17:05 - 2015-08-19 19:14 - 0000600 _____ () C:\Users\pavel\AppData\Local\PUTTY.RND
2016-06-29 13:43 - 2017-01-05 22:07 - 0000043 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-07 18:53

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Systém) (Fixed) (Total:110.97 GB) (Free:34.76 GB) NTFS
Drive d: (Dokumenty) (Fixed) (Total:931.51 GB) (Free:387.6 GB) NTFS

Available physical RAM: 3307.58 MB
Total physical RAM: 8116.36 MB
Percentage of memory in use: 59%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4FA3ABA3)
Partition 1: (Active) - (Size=380 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458 MB) - (Type=27)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:18CF7598EA95E784 [50]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:9341E0C6 [310]
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8 [374]

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 9.0.407.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\pavel\Desktop" je 2 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

[Kodlz]

Na plose, tam kde mas umisteny FRST vytvor TXT soubor, ktery pojmenujes fixlist.txt a do nej vloz nasledujici text:

( Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopíruj).

start
CreateRestorePoint:

CloseProcesses:

Hosts:

EmptyTemp:


GroupPolicy: Restriction <======= ATTENTION
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/launch.ocx
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2017-02-10 07:46 - 2016-08-03 19:26 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

AlternateDataStreams: C:\Windows:18CF7598EA95E784 [50]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:9341E0C6 [310]
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8 [374]

Task: {21475B0C-B566-4C4C-8606-FE9CA16C20DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {695FAAEA-4FF7-40C0-A390-FDCE8793A392} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)

cmd: rmdir "C:\Users\pavel\AppData\Local\Tempz*"

end

[Kurty]

Tady je:
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Kurty (10-02-2017 12:03:25) Run:1
Running from C:\Users\pavel\Desktop
Loaded Profiles: Kurty (Available Profiles: Kurty)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:

CloseProcesses:

Hosts:

EmptyTemp:


GroupPolicy: Restriction <======= ATTENTION
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/launch.ocx
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2017-02-10 07:46 - 2016-08-03 19:26 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

AlternateDataStreams: C:\Windows:18CF7598EA95E784 [50]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:9341E0C6 [310]
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8 [374]

Task: {21475B0C-B566-4C4C-8606-FE9CA16C20DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {695FAAEA-4FF7-40C0-A390-FDCE8793A392} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)

cmd: rmdir "C:\Users\pavel\AppData\Local\Tempz*"

end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{A6616B31-4860-41E2-98E3-CA7649AF172F} => key removed successfully
HKCR\Wow6432Node\CLSID\{A6616B31-4860-41E2-98E3-CA7649AF172F} => key not found.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Windows => ":18CF7598EA95E784" ADS removed successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\TEMP => ":9341E0C6" ADS removed successfully.
C:\ProgramData\TEMP => ":FB1B13D8" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21475B0C-B566-4C4C-8606-FE9CA16C20DB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21475B0C-B566-4C4C-8606-FE9CA16C20DB} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{695FAAEA-4FF7-40C0-A390-FDCE8793A392} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{695FAAEA-4FF7-40C0-A390-FDCE8793A392} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully

========= rmdir "C:\Users\pavel\AppData\Local\Tempz*" =========

N zev souboru źi adres ýe nebo jmenovka svazku je nespr vn .

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55204603 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 14397477 B
Edge => 2489 B
Chrome => 253790735 B
Firefox => 13349111 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2450 B
NetworkService => 0 B
pavel => 92730890 B

RecycleBin => 694942044 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:03:43 ====

[Kodlz]

Spust prosim tyto utility:

Stáhni AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Ulož na plochu
Ukonči všechny programy
Klikni nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vlož.


nasledne tento tool MBAM: http://forum.viry.cz/viewtopic.php?f=29&t=144868
-Nainstaluj,dej úplný sken

-Log zkopíruj sem.

[Kurty]

ADWCleaner:
# AdwCleaner v6.043 - Log vytvořen 10/02/2017 v 12:24:51
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-09.1 [Místní]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Kurty - DESKTOP-7SROIJE
# Spuštěno z : C:\Users\pavel\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****

[-] [C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: pocket-killbox.en.softonic.com
[-] [C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: oblytile.en.softonic.com
[-] [C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: terci-blogisek-zapisnicek.blog.cz
[-] [C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: slunecnice.cz


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1354 Bajty] - [10/12/2016 16:40:07]
C:\AdwCleaner\AdwCleaner[C10].txt - [3009 Bajty] - [25/01/2017 16:39:45]
C:\AdwCleaner\AdwCleaner[C11].txt - [2956 Bajty] - [08/02/2017 07:20:54]
C:\AdwCleaner\AdwCleaner[C12].txt - [2900 Bajty] - [09/02/2017 13:59:30]
C:\AdwCleaner\AdwCleaner[C13].txt - [1619 Bajty] - [10/02/2017 12:24:51]
C:\AdwCleaner\AdwCleaner[C2].txt - [1563 Bajty] - [18/12/2016 13:53:03]
C:\AdwCleaner\AdwCleaner[C3].txt - [1709 Bajty] - [24/12/2016 10:51:31]
C:\AdwCleaner\AdwCleaner[C4].txt - [1930 Bajty] - [28/12/2016 08:28:39]
C:\AdwCleaner\AdwCleaner[C5].txt - [2074 Bajty] - [02/01/2017 18:53:10]
C:\AdwCleaner\AdwCleaner[C6].txt - [2625 Bajty] - [04/01/2017 06:24:15]
C:\AdwCleaner\AdwCleaner[C7].txt - [2366 Bajty] - [12/01/2017 18:08:59]
C:\AdwCleaner\AdwCleaner[C8].txt - [2512 Bajty] - [22/01/2017 17:52:13]
C:\AdwCleaner\AdwCleaner[C9].txt - [2659 Bajty] - [23/01/2017 20:55:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [1545 Bajty] - [10/12/2016 16:38:24]
C:\AdwCleaner\AdwCleaner[S10].txt - [2844 Bajty] - [23/01/2017 20:55:32]
C:\AdwCleaner\AdwCleaner[S11].txt - [3284 Bajty] - [25/01/2017 16:39:36]
C:\AdwCleaner\AdwCleaner[S12].txt - [3139 Bajty] - [08/02/2017 07:19:45]
C:\AdwCleaner\AdwCleaner[S13].txt - [3175 Bajty] - [09/02/2017 13:59:19]
C:\AdwCleaner\AdwCleaner[S14].txt - [3732 Bajty] - [10/02/2017 12:24:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [1536 Bajty] - [10/12/2016 16:48:56]
C:\AdwCleaner\AdwCleaner[S2].txt - [1747 Bajty] - [18/12/2016 13:52:41]
C:\AdwCleaner\AdwCleaner[S3].txt - [1893 Bajty] - [24/12/2016 10:51:04]
C:\AdwCleaner\AdwCleaner[S4].txt - [1880 Bajty] - [24/12/2016 10:56:06]
C:\AdwCleaner\AdwCleaner[S5].txt - [2114 Bajty] - [28/12/2016 08:28:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [2258 Bajty] - [02/01/2017 18:51:42]
C:\AdwCleaner\AdwCleaner[S7].txt - [2809 Bajty] - [04/01/2017 06:23:56]
C:\AdwCleaner\AdwCleaner[S8].txt - [2550 Bajty] - [12/01/2017 18:06:38]
C:\AdwCleaner\AdwCleaner[S9].txt - [2696 Bajty] - [22/01/2017 17:36:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C13].txt - [3377 Bajty] ##########

[Kurty]

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 10.02.17
Čas skenování: 12:27
Logovací soubor: jjj.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.50
Aktualizovat verzi balíku komponent: 1.0.1225
Licence: Vypršelo

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-7SROIJE\Kurty

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 412637
Uplynulý čas: 2 min, 32 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Kodlz]

jeste jednou vytvor fixlist.txt a do nej vloz text:

( Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopíruj).

start
CloseProcesses:

EmptyTemp:

cmd: for /d %x in (C:\Users\pavel\AppData\Local\Tempz*) do rd /s /q "%x"

end

[Kurty]

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Kurty (10-02-2017 13:26:27) Run:2
Running from C:\Users\pavel\Desktop
Loaded Profiles: Kurty (Available Profiles: Kurty)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:

EmptyTemp:

cmd: for /d %x in (C:\Users\pavel\AppData\Local\Tempz*) do rd /s /q "%x"

end
*****************

Processes closed successfully.

========= for /d %x in (C:\Users\pavel\AppData\Local\Tempz*) do rd /s /q "%x" =========


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10734243 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 10110489 B
Edge => 0 B
Chrome => 66505384 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2450 B
NetworkService => 0 B
pavel => 20180540 B

RecycleBin => 22633415 B
EmptyTemp: => 124.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:26:30 ====

[Kodlz]

vloz prosim jeste jednou logy z FRST. (novy scan)

[Kurty]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Kurty (10-02-2017 13:48:10)
Running from C:\Users\pavel\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-03 18:36:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-396773449-1152362169-3175356385-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-396773449-1152362169-3175356385-503 - Limited - Disabled)
Guest (S-1-5-21-396773449-1152362169-3175356385-501 - Limited - Disabled)
Kurty (S-1-5-21-396773449-1152362169-3175356385-1001 - Administrator - Enabled) => C:\Users\pavel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_0_0) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Aktualizace NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Any DVD Converter Professional 5.8.4 (HKLM-x32\...\Any DVD Converter Professional_is1) (Version: - Any-DVD-Converter.com)
Any Video Converter Ultimate 5.8.1 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.66.1075 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: - Elaborate Bytes)
DVD Architect Pro 6.0 (HKLM-x32\...\{E0E531A2-17C1-11E2-984D-1040F3E7010F}) (Version: 6.0.237 - Sony)
EDIUS (HKLM\...\{E7CCB338-2A54-4F44-947B-958BD847A5D3}) (Version: 7.53 - Grass Valley K.K.)
EDIUS Codec Option 7.53 (HKLM-x32\...\{7E4E5B65-9B8B-4ECE-9C1F-9C96DA0BC620}) (Version: 7.53 - Grass Valley K.K.)
EDIUS DVD Menu Style 7.00 (HKLM\...\{7E8ED929-2A09-4A42-B2F5-C361A4E525B9}) (Version: 7.00 - Grass Valley K.K.)
EDIUS Manual 7.01 EN (HKLM\...\{EA477796-FDF9-4A2E-8925-686339F884A8}) (Version: 7.01 - Grass Valley K.K.)
ESET Smart Security (HKLM\...\{E8EA6A18-4085-4E67-AC9C-F8E9AEB53F4F}) (Version: 9.0.351.2 - ESET, spol. s r.o.)
EZdrummer 2 32-bit (HKLM-x32\...\{7E36EB5B-0739-4DA7-BF26-E63DD2BECA76}) (Version: 2.0.0 - Toontrack)
FileZilla Client 3.22.2.2 (HKLM-x32\...\FileZilla Client) (Version: 3.22.2.2 - Tim Kosse)
GoldWave v6.13 (HKLM\...\GoldWave v6.13) (Version: 6.13 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GV LicenseManager 2.53 (HKLM-x32\...\{EE256B6B-7F66-409B-9CF2-CE9B64947CBC}) (Version: 2.53 - Grass Valley K.K.)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 CSY (HKLM\...\{0A8A841B-29C4-4947-BF59-241216B4D904}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA Ovladače grafiky 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
ObjectDock (HKLM-x32\...\ObjectDock) (Version: - )
Ovládací panel NVIDIA 376.54 (Version: 376.54 - NVIDIA Corporation) Hidden
Pro DAD Vitascene (HKLM\...\proDAD-Vitascene-2.0) (Version: 2.0.220 - proDAD GmbH)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Samplitude (HKLM-x32\...\MAGIX_MSI_SamProX_Suite) (Version: 12.0.0.59 - MAGIX AG)
Samplitude Pro X Suite Download Version (x32 Version: 12.0.0.59 - MAGIX AG) Hidden
Samplitude Pro X Suite Update (Version: 12.1.1.129 - MAGIX AG) Hidden
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg Nuendo 4 (HKLM-x32\...\{41E0A8DD-4343-4B33-95C3-272A99F18984}) (Version: 4.3.0.371 - Steinberg Media Technologies GmbH)
Steinberg Nuendo Expansion Kit (HKLM-x32\...\{A1E50F2C-F6CA-4C27-AEA7-819B2A486223}) (Version: 4.2.2.274 - Steinberg Media Technologies GmbH)
TagScanner 6.0.19 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
Ulož.to FileManager verze 2.02 (HKLM-x32\...\{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1) (Version: 2.02 - Uloz.to cloud a.s.)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.531 - Nullsoft, Inc)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XnView 2.36 (HKLM-x32\...\XnView_is1) (Version: 2.36 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-396773449-1152362169-3175356385-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {54E2302E-B4D5-4541-ADC6-F3231A783CF9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {6A50C843-B371-438C-91D1-F708967EEAF3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-22] (Adobe Systems Incorporated)
Task: {832F43AC-6A13-44CB-B929-5A6916A78632} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {C254552A-3B66-49FA-8483-DC6B1D68F3E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {CEFB79CE-EB15-42A8-AC30-1AB6E9F031BE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {D28C2B24-FD41-41E4-9980-CBD15FF398FC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {F262A499-0F16-454A-A18A-4C4DCF47B1CE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 20:47 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-09 16:32 - 2012-09-18 15:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2016-11-09 16:32 - 2012-09-18 15:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2016-07-29 18:01 - 2012-09-29 12:25 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2017-02-10 12:26 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-08-03 19:26 - 2016-12-29 14:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-14 20:47 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-10 01:41 - 2016-06-10 01:41 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-03 19:38 - 2016-08-03 19:38 - 00959168 _____ () C:\Users\pavel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-01-23 17:08 - 2007-04-23 16:53 - 00020752 _____ () C:\Program Files (x86)\Stardock\ObjectDock\Dock64.dll
2016-11-01 19:10 - 2016-11-01 19:10 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-05-27 14:50 - 2016-11-01 23:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-16 06:14 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 17:26 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 17:26 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 17:26 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 17:26 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 17:26 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 17:26 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-07 18:44 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 18:44 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-10-06 12:36 - 2016-10-06 12:36 - 00447184 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2017\ASKLib.dll
2016-10-06 12:36 - 2016-10-06 12:36 - 00107728 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2017\ASLSupport.dll
2016-10-06 12:36 - 2016-10-06 12:36 - 01384144 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2017\typekitC4.dll
2016-10-06 12:36 - 2016-10-06 12:36 - 02031312 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2017\ZXPSignLib-minimal.dll
2016-10-06 12:36 - 2016-10-06 12:36 - 01262800 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2017\AdobeGesture.dll
2016-10-06 12:36 - 2016-10-06 12:36 - 00367824 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2017\AdamLib.dll
2016-10-06 12:36 - 2016-10-06 12:36 - 01326288 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2017\ADBE_AGMFL.dll
2016-10-06 12:36 - 2016-10-06 12:36 - 00073936 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2017\unihan.dll
2016-10-06 12:36 - 2016-10-06 12:36 - 57917648 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\libcef.dll
2016-10-06 12:36 - 2016-10-06 12:36 - 01898192 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\libglesv2.dll
2016-10-06 12:36 - 2016-10-06 12:36 - 00092368 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\libegl.dll
2016-10-01 07:08 - 2016-10-01 07:08 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-10-12 02:09 - 2016-10-12 02:09 - 00544976 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\manta.dll
2016-10-12 02:09 - 2016-10-12 02:09 - 18502352 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\mona.dll
2016-10-12 02:09 - 2016-10-12 02:09 - 00092880 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\libglog.dll
2016-10-12 02:09 - 2016-10-12 02:09 - 02543312 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\opencv_core249.dll
2016-10-12 02:09 - 2016-10-12 02:09 - 02198736 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\opencv_imgproc249.dll
2016-10-12 02:12 - 2016-10-12 02:12 - 69856976 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\libcef.dll
2016-10-12 02:09 - 2016-10-12 02:09 - 01860304 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\aif.dll
2016-10-12 02:12 - 2016-10-12 02:12 - 01180880 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
2016-10-12 02:12 - 2016-10-12 02:12 - 02473168 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\libglesv2.dll
2016-10-12 02:12 - 2016-10-12 02:12 - 00093904 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\libegl.dll
2016-01-23 17:08 - 2007-04-24 19:25 - 00112400 _____ () C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
2016-01-23 17:08 - 2007-04-19 14:23 - 00095944 _____ () C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
2016-01-23 17:08 - 2007-04-21 13:47 - 00059592 _____ () C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
2016-01-23 17:08 - 2002-11-19 14:11 - 00139264 _____ () C:\Program Files (x86)\Common Files\Stardock\ODImg.dll
2016-01-23 17:08 - 2002-03-13 19:46 - 00118784 _____ () C:\Program Files (x86)\Stardock\ObjectDock\ODImg.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-12 20:11 - 2016-10-12 20:11 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-10-12 02:11 - 2016-10-12 02:11 - 44047568 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\libcef.dll
2016-10-12 02:11 - 2016-10-12 02:11 - 01488592 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\libglesv2.dll
2016-10-12 02:11 - 2016-10-12 02:11 - 00080080 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2017-02-10 12:03 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-396773449-1152362169-3175356385-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pavel\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{8958B490-2295-4DFB-91F4-D412669248C7}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{8C044390-51D0-4062-8DBF-B781AA484902}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21FEB1AC-56F9-4DD9-AE01-7F7C53C094EC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AFF7403C-2256-4BF2-8321-A77277806A76}] => c:\program files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37E44458-3B07-43AC-B0F8-19E68E2448E5}] => c:\program files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9CD1EFB4-FA3F-4DEF-A6D0-B1BD43D00097}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

30-01-2017 17:50:29 Nainstalováno: Microsoft Visual C++ 2005 Redistributable
30-01-2017 17:54:46 Installed Nero BurnLite 10.
30-01-2017 17:59:56 Removed Nero BurnLite 10.
08-02-2017 07:17:00 Removed Ask Toolbar.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2017 12:35:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.

Error: (02/10/2017 12:35:40 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro c:\program files (x86)\irfanview\plugins\Riot.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files (x86)\irfanview\plugins\Riot.dll na řádku 8.
Hodnota atributu name v prvku file je neplatná.

Error: (02/10/2017 12:27:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.

Error: (02/10/2017 12:27:46 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro c:\program files (x86)\irfanview\plugins\Riot.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files (x86)\irfanview\plugins\Riot.dll na řádku 8.
Hodnota atributu name v prvku file je neplatná.

Error: (02/10/2017 12:27:36 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_EXPIRED došlo k chybě (chyba %3).

Error: (02/10/2017 12:03:40 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x8007001f, Zařízení připojené k systému nefunguje.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (02/10/2017 12:03:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (02/10/2017 12:03:25 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {b1cd5c49-2a9a-4298-b48b-e920263b95b9}

Error: (02/10/2017 08:01:32 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (02/10/2017 07:49:12 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (02/10/2017 01:27:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/10/2017 01:26:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/10/2017 01:26:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (02/10/2017 01:26:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Malwarebytes Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/10/2017 01:26:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba FlexNet Licensing Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/10/2017 01:26:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/10/2017 01:26:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (02/10/2017 01:26:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba This service enables products that use the Nalpeiron Licensing System. byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/10/2017 01:26:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AdobeUpdateService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/10/2017 01:26:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SynTPEnh Caller Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===================================
Date: 2017-02-10 13:26:59.619
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-10 13:26:59.613
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-10 13:26:59.607
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-10 13:26:59.603
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-10 12:25:34.173
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-10 12:25:34.171
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-10 12:25:34.168
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-10 12:25:34.144
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-10 12:04:31.709
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-10 12:04:31.702
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 8116.36 MB
Available physical RAM: 3064.57 MB
Total Virtual: 9396.36 MB
Available Virtual: 2608.33 MB

==================== Drives ================================

Drive c: (Systém) (Fixed) (Total:110.97 GB) (Free:36.25 GB) NTFS
Drive d: (Dokumenty) (Fixed) (Total:931.51 GB) (Free:386.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4FA3ABA3)
Partition 1: (Active) - (Size=380 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Kodlz]

2x si mi nahral Addition.txt

[Kurty]

Omlouvám se:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Kurty (administrator) on DESKTOP-7SROIJE (10-02-2017 13:47:37)
Running from C:\Users\pavel\Desktop
Loaded Profiles: Kurty (Available Profiles: Kurty)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Grass Valley K.K.) C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Grass Valley K.K.) C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\InDesign.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Photoshop.exe
() C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
() C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(forum.viry.cz) C:\Users\pavel\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-08-04] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GV LicenseManager.lnk [2016-07-07]
ShortcutTarget: GV LicenseManager.lnk -> C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe (Grass Valley K.K.)
Startup: C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2016-01-23]
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2a030543-f6bd-4360-8c51-193cb0560c44}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bebf834c-5b21-4e53-9144-a63a68d68dd9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-396773449-1152362169-3175356385-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://windows.microsoft.com/cs-cz/hotmail/home?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-23] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-23] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-396773449-1152362169-3175356385-1001 -> hxxps://www.seznam.cz/

FireFox:
========
FF DefaultProfile: xqldxv2n.default
FF ProfilePath: C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\xqldxv2n.default [2017-02-10]
FF Homepage: Mozilla\Firefox\Profiles\xqldxv2n.default -> hxxps://www.seznam.cz/
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\xqldxv2n.default\Extensions\artur.dubovoy@gmail.com [2017-01-07]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\xqldxv2n.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-08]
FF Extension: (Adblock Plus) - C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\xqldxv2n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-22] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-22] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default [2017-02-10]
CHR Extension: (Prezentace Google) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-04]
CHR Extension: (Dokumenty Google) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-04]
CHR Extension: (Disk Google) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Vyhledávání Google) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
CHR Extension: (Tabulky Google) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-08-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-04]
CHR Extension: (Chrome Media Router) - C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Profile: C:\Users\pavel\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2771848 2016-11-20] (ESET)
R2 GVDownloadAgentService; C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe [68536 2016-06-15] (Grass Valley K.K.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-08-04] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2016-11-20] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-08-28] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [197248 2016-11-20] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [153216 2016-11-20] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [208520 2016-11-20] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [61568 2016-11-20] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [84616 2016-11-20] (ESET)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-08-04] (Intel Corporation)
S3 IT9135BDA; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [188280 2016-05-06] (ITE )
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-10] (Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-10-12] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_0221ce4ec0827f74\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-04] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [648872 2015-09-03] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-10 13:36 - 2017-02-10 13:36 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsignae0429bec5fff676
2017-02-10 13:36 - 2017-02-10 13:36 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign376731f77d76dd93
2017-02-10 13:32 - 2017-02-10 13:32 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign68b5328a38b66551
2017-02-10 13:32 - 2017-02-10 13:32 - 00000000 ____D C:\Users\pavel\AppData\Local\Tempzxpsign5d4a97ef346a5f34
2017-02-10 13:22 - 2017-02-10 13:23 - 00000000 ____D C:\Users\pavel\Desktop\12 Corpsefuckung Art
2017-02-10 12:45 - 2017-02-10 12:45 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 12:45 - 2016-12-29 14:10 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 12:45 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-10 12:45 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-10 12:45 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-10 12:45 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-10 12:44 - 2017-02-10 12:44 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-10 12:27 - 2017-02-10 12:27 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-10 12:27 - 2017-02-10 12:27 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-10 12:27 - 2017-02-10 12:27 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-10 12:27 - 2017-02-10 12:27 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-10 12:26 - 2017-02-10 13:27 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-10 12:26 - 2017-02-10 12:26 - 00001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-10 12:26 - 2017-02-10 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-10 12:26 - 2017-02-10 12:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-10 12:26 - 2017-02-10 12:26 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-10 12:26 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-10 12:22 - 2017-02-10 12:26 - 55566792 _____ (Malwarebytes ) C:\Users\pavel\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-10 12:18 - 2017-02-10 12:23 - 04015056 _____ C:\Users\pavel\Desktop\adwcleaner_6.043.exe
2017-02-10 12:17 - 2017-02-10 13:22 - 00000000 ____D C:\Users\pavel\Desktop\18 - 19 Sinister
2017-02-10 12:05 - 2017-02-10 13:27 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-10 10:05 - 2017-02-10 13:47 - 00019229 _____ C:\Users\pavel\Desktop\FRST.txt
2017-02-10 10:05 - 2017-02-10 13:47 - 00000000 ____D C:\FRST
2017-02-10 10:04 - 2017-02-10 10:04 - 00112640 _____ (forum.viry.cz) C:\Users\pavel\Desktop\FRSTLauncher.exe
2017-02-10 10:01 - 2017-02-10 10:04 - 02421248 _____ (Farbar) C:\Users\pavel\Desktop\FRST64.exe
2017-02-10 08:38 - 2017-02-10 12:18 - 00000123 _____ C:\Users\pavel\Desktop\Zbývá.txt
2017-02-09 14:03 - 2017-02-09 14:03 - 00000000 ____D C:\rsit
2017-02-09 14:03 - 2017-02-09 14:03 - 00000000 ____D C:\Program Files\trend micro
2017-02-08 07:17 - 2017-02-08 07:17 - 00000000 ____D C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-02-02 16:39 - 2017-02-02 16:39 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-30 17:57 - 2017-01-30 17:57 - 00000000 ____D C:\Users\pavel\AppData\Roaming\Nero
2017-01-25 16:10 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 16:10 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-22 14:38 - 2017-01-22 14:38 - 00467558 _____ C:\Users\pavel\Downloads\TH_20160707-20170122.pdf
2017-01-22 14:38 - 2017-01-22 14:38 - 00467558 _____ C:\Users\pavel\Downloads\TH_20160707-20170122 (1).pdf
2017-01-22 13:22 - 2017-01-22 13:22 - 00071643 _____ C:\Users\pavel\Downloads\nazev_dokumentu-22_01_2017_13_20_29,029-CS41000013382982.PDF
2017-01-17 05:56 - 2017-01-17 05:56 - 34717624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-17 05:56 - 2017-01-17 05:56 - 28209080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-17 05:56 - 2017-01-17 05:56 - 00951224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-17 05:56 - 2017-01-17 05:56 - 00904760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-17 05:56 - 2017-01-17 05:56 - 00448568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-01-17 05:56 - 2017-01-17 05:56 - 00397240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-01-17 05:55 - 2017-01-17 05:55 - 02961336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-17 05:55 - 2017-01-17 05:55 - 02594744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-17 05:55 - 2017-01-17 05:55 - 01964600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437654.dll
2017-01-17 05:55 - 2017-01-17 05:55 - 01598392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437654.dll
2017-01-17 05:55 - 2017-01-17 05:55 - 01047096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-17 05:55 - 2017-01-17 05:55 - 00985144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-17 05:54 - 2017-01-17 05:54 - 40134200 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-17 05:54 - 2017-01-17 05:54 - 35233336 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-17 05:53 - 2017-01-17 05:53 - 11017016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 10907368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 10453152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 09246832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 09000336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 08847016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 03509152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 00818688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 00698544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 00658592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 00586784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 00407240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 00339152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-01-17 00:59 - 2017-01-17 00:59 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-17 00:59 - 2017-01-17 00:59 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-11 17:26 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 17:26 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 17:26 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 17:26 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 17:26 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 17:26 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 17:26 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 17:26 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 17:26 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 17:26 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 17:26 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 17:26 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 17:26 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 17:26 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 17:26 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 17:26 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 17:26 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 17:26 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 17:26 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 17:26 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 17:26 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 17:26 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 17:26 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 17:26 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 17:26 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 17:26 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 17:26 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 17:26 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 17:26 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 17:26 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 17:26 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 17:26 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 17:26 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 17:26 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 17:26 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 17:26 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 17:26 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 17:26 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 17:26 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 17:26 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 17:26 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 17:26 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 17:26 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 17:26 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 17:26 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 17:26 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 17:26 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 17:26 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 17:26 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 17:26 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 17:26 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 17:26 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 17:26 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 17:26 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 17:26 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 17:26 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 17:26 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 17:26 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 17:26 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 17:26 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 17:26 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 17:26 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 17:26 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 17:26 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 17:26 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 17:26 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 17:26 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 17:26 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 17:26 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 17:26 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 17:26 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 17:26 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:26 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 17:26 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 17:26 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 17:26 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 17:26 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 17:26 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 17:26 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 17:26 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 17:26 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 17:26 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 17:26 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 17:26 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 17:26 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 17:26 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 17:26 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 17:26 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 17:26 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 17:26 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 17:26 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 17:26 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 17:26 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 17:26 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 17:26 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 17:26 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 17:26 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 17:26 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 17:26 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 17:26 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 17:26 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 17:26 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 17:26 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 17:26 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 17:26 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 17:26 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 17:26 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 17:26 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 17:26 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 17:26 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 17:26 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 17:26 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 17:26 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 17:26 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 17:26 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 17:26 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 17:26 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 17:26 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 17:26 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 17:26 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 17:26 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 17:26 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 17:26 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 17:26 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 17:26 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 17:26 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:26 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 17:26 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 17:26 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 17:26 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 17:26 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 17:26 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 17:26 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:26 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 17:26 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 17:26 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 17:26 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 17:26 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 17:26 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 17:26 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 17:26 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 17:26 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 17:26 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 17:26 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 17:26 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 17:26 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 17:26 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 17:26 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 17:26 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 17:26 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 17:26 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 17:26 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 17:26 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 17:26 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 17:26 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 17:26 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 17:26 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 17:26 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 17:26 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 17:26 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 17:26 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 17:26 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 17:26 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 17:26 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 17:26 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 17:26 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 17:26 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:26 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 17:26 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 17:26 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-10 13:31 - 2016-07-16 23:25 - 01630574 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-10 13:31 - 2016-07-16 23:25 - 00434492 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-10 13:31 - 2015-08-04 07:03 - 03733704 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-10 13:26 - 2016-08-03 19:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-10 13:26 - 2016-08-03 19:26 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-10 13:26 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-10 13:12 - 2016-08-03 19:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-10 12:45 - 2016-08-03 19:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 12:45 - 2015-08-04 07:22 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-10 12:44 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-10 12:24 - 2016-12-10 16:37 - 00000000 ____D C:\AdwCleaner
2017-02-10 12:08 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-10 12:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 12:04 - 2016-08-03 19:24 - 08130824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-10 12:04 - 2015-11-29 18:26 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-10 12:03 - 2015-09-30 08:44 - 00000000 ____D C:\Users\pavel\AppData\LocalLow\Temp
2017-02-10 12:03 - 2015-07-10 12:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-10 10:04 - 2016-12-10 15:49 - 00000000 ____D C:\Users\pavel\AppData\LocalLow\Mozilla
2017-02-10 08:55 - 2015-08-04 13:53 - 00001480 _____ C:\Users\pavel\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2017-02-09 15:29 - 2015-08-04 11:16 - 00000000 ____D C:\Users\pavel\AppData\Local\CrashDumps
2017-02-09 13:58 - 2015-08-04 11:26 - 00000000 ____D C:\Users\pavel\AppData\Roaming\XnView
2017-02-08 15:39 - 2015-09-29 16:54 - 00000000 ____D C:\Users\pavel\AppData\Roaming\vlc
2017-02-08 07:17 - 2016-12-23 13:23 - 00000000 ____D C:\Users\pavel\AppData\Roaming\.minecraft
2017-02-07 18:44 - 2015-09-13 09:19 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-05 10:44 - 2015-08-04 13:59 - 00000033 _____ C:\Users\pavel\AppData\Roaming\AdobeWLCMCache.dat
2017-01-30 17:58 - 2015-08-26 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-26 17:06 - 2015-08-04 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2017-01-26 17:06 - 2015-08-04 11:27 - 00000000 ____D C:\Program Files (x86)\TagScanner
2017-01-25 16:31 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-23 20:37 - 2015-08-04 13:40 - 00000000 ____D C:\Users\pavel\Documents\Edius
2017-01-20 12:47 - 2017-01-10 18:14 - 00000000 ____D C:\Users\pavel\Documents\Nuendo
2017-01-17 05:52 - 2015-08-04 07:21 - 03972960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-01-17 00:59 - 2015-08-04 07:21 - 00042296 _____ C:\WINDOWS\system32\nvinfo.pb
2017-01-14 07:48 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 19:00 - 2015-08-04 12:21 - 00000000 ____D C:\Users\pavel\AppData\Roaming\AnvSoft
2017-01-11 17:53 - 2015-08-04 07:13 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 17:52 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 17:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 17:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 17:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 17:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 17:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 17:34 - 2015-08-13 06:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 17:32 - 2015-08-13 06:31 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 16:49 - 2016-11-21 17:53 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-01-11 16:21 - 2016-11-24 20:49 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2015-08-04 13:59 - 2017-02-05 10:44 - 0000033 _____ () C:\Users\pavel\AppData\Roaming\AdobeWLCMCache.dat
2015-08-04 13:53 - 2017-02-10 08:55 - 0001480 _____ () C:\Users\pavel\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2015-08-17 17:05 - 2015-08-19 19:14 - 0000600 _____ () C:\Users\pavel\AppData\Local\PUTTY.RND
2016-06-29 13:43 - 2017-01-05 22:07 - 0000043 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-07 18:53

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Systém) (Fixed) (Total:110.97 GB) (Free:36.25 GB) NTFS
Drive d: (Dokumenty) (Fixed) (Total:931.51 GB) (Free:386.89 GB) NTFS

Available physical RAM: 3064.57 MB
Total physical RAM: 8116.36 MB
Percentage of memory in use: 62%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4FA3ABA3)
Partition 1: (Active) - (Size=380 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458 MB) - (Type=27)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
Aktuální stav: DoSnapshotSet
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\pavel\Desktop" je 79 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

[Kodlz]

opet vytvor fixlist.txt a do nej vloz text:

( Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopíruj).

start
CreateRestorePoint:

CloseProcesses:

Hosts:

EmptyTemp:

2017-02-10 12:05 - 2017-02-10 13:27 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat


cmd: for /d %x in (C:\Users\pavel\AppData\Local\Tempz*) do rd /s /q "%x"

cmd: dir C:\Users\pavel\AppData\Local\Temp*

end

nasledne znovu dej scan z MBAM ale zaskrtni vse... i rootkity. log sem vloz