VIRY.CZ

Zdravím,

před nedávnem se mi dostal nějakým způsobem do PC prográmek Kyubey.exe .
Dle Vašeho fóra jsem jej po několika pokusech dokázal odstranit. Přesto není vše v pořádku - v prohlížeči se přepisuje startovací stránka, manuálně nejde změnit nastavení prohlížeče, z reportu Hijackthis se mi nezdají určité údaje co by tam neměli být.
Dle návodu zasílám log FRST

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Golfstar (15-04-2017 00:38:49)
Running from C:\Users\Golfstar\Desktop
Windows 10 Pro Version 1511 (X64) (2016-07-23 11:10:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1702488835-1983202832-4074137989-500 - Administrator - Disabled)
Bíba (S-1-5-21-1702488835-1983202832-4074137989-1003 - Limited - Enabled) => C:\Users\Bíba
DefaultAccount (S-1-5-21-1702488835-1983202832-4074137989-503 - Limited - Disabled)
Golfstar (S-1-5-21-1702488835-1983202832-4074137989-1001 - Administrator - Enabled) => C:\Users\Golfstar
Guest (S-1-5-21-1702488835-1983202832-4074137989-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1702488835-1983202832-4074137989-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (HKLM-x32\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Aktualizace NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.01 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
EVE Online (HKLM-x32\...\{345CEED5-9EAD-41BE-A90F-F3F4B85BABAF}) (Version: 3.0.0 - CCP Games Ltd.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 34.0.2036.50 (HKLM-x32\...\Opera 34.0.2036.50) (Version: 34.0.2036.50 - Opera Software)
Opera Stable 44.0.2510.857 (HKLM-x32\...\Opera 44.0.2510.857) (Version: 44.0.2510.857 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 342.01 (Version: 342.01 - NVIDIA Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG2900 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG2900 series) (Version: - ‭Canon Inc.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
UFO Aftermath (HKLM-x32\...\{3699BC50-DA7B-4DA7-BB43-2981C9178FAD}) (Version: 1.4 - )
Unity Web Player (HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
youndoo - Uninstall (HKLM-x32\...\{743EE930-C9C3-4FE0-83C0-95B2544F3C71}) (Version: - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A6FE069-5CDF-4D9B-9C4F-E1914735F01C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {0B97D483-F3FF-47E9-A5DD-39F73D90B625} - System32\Tasks\{B0398A1E-36C7-43FB-9909-CFEF2DB23E1A} => pcalua.exe -a C:\Users\Golfstar\AppData\Local\Temp\Temp1_realtek_hd_audio.zip\Realtek_6.0.1.7293\Setup.exe <==== ATTENTION
Task: {21C2BF43-31B0-42DD-B520-C8F94F9CCFBC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {21E0D8FE-3E38-4EFC-BBBD-78E37A315D93} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {22E3C4B9-CF31-4D7A-851F-740850291ABD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {26637E59-CBD2-425C-98F5-ACB0EF26D2A2} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2CD7CD30-B2A7-44AD-ACBC-CACED2F0A9FF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {325C5FA8-56E6-4F38-8F0B-D0C08199727E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3350CA44-F2DB-4495-9FF3-DBAD35A84FC5} - System32\Tasks\Ranient Host => C:\Program Files (x86)\Votyphalury\xrerqty.exe
Task: {351E4305-5CAF-4135-B01F-D8A81E0C30C4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {35ADB62C-5AE3-4686-8C74-A75455923BA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {3C290BF5-B1CF-4247-BD5A-08704D45A18C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {3EB4F7C0-D470-42AC-9F69-F75EB8924910} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-22] (Facebook Inc.)
Task: {446A4685-4EF6-43E0-BCC8-1C265023A7DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {49F13AD9-E445-4192-9689-D6BCBA4B827F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {5534D8DC-73FD-4290-B4BB-EAAD8B1B69EE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {590136F4-1338-441C-90CC-EE8CC9080098} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {5FD9F7D4-A622-48CB-9F0D-AB935077E1B4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6244A5ED-BF59-461D-9803-A8B9D5E447A4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {645C87A4-F131-494C-9765-880D5899E9F5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {64607E21-419A-4421-903B-A8C867C6C856} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {7054D474-3647-4FB4-8E98-BB6FF4F539AA} - System32\Tasks\SafeZone scheduled Autoupdate 1458712455 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {721363B0-D0E1-4411-99CC-48730BD18A95} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {74BD4118-8CB5-41BE-B8A0-3EBB5C4027D7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {7760CE39-1015-470E-8C8A-AD987D7A803D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {788D79D3-4858-4C4C-B77D-76CAC4C65228} - System32\Tasks\{003EDB46-6616-4516-9878-8D6C1A36F450} => pcalua.exe -a F:\SCHMIDT\SpielefürKids\SpielefürKids.exe -d F:\SCHMIDT\SpielefürKids
Task: {7A237F8B-5BD8-4A0C-871C-6A75DFFEC5CE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7AB30839-C362-48AA-B746-08DE0D5AAB55} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {81EB9F5C-B447-49F9-88DE-B24281D8CC28} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {86CEE7C3-ABA2-4C1F-BFC3-79E36ECB52A0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-04] (AVAST Software)
Task: {880A33C5-7226-4395-9D58-FAE99A8988F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8F9EA8C8-9746-40A0-A3A6-3AE2E6C9CC20} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {91E9D3D5-A53E-442F-850A-E64717B9CCC5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {92E24798-09B3-45C3-8AFE-902F2E509CF8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9C5D9140-0490-4ED6-A447-B1FCBD9312A9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9C7D3BB6-7582-4D77-AEE4-C9144D1204A0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9CD37173-D474-4555-B53F-56EA145611A5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9E0D51EC-E685-4A22-8110-706C4BAD02A2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9F660A57-81D9-4D2C-84D4-8BD8D268535A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-22] (Facebook Inc.)
Task: {A12164E5-1E40-4DD3-94BA-8E42211AFF1C} - System32\Tasks\Opera scheduled Autoupdate 1423217291 => C:\Program Files (x86)\Opera\launcher.exe [2017-03-21] (Opera Software)
Task: {A40E63B7-966A-4F40-9256-AC406E91BE31} - System32\Tasks\AdobeAAMUpdater-1.0-Golfstar1-Golfstar => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {B1D3E821-3952-4F44-BFBC-BBE02D001D8C} - System32\Tasks\AdobeAAMUpdater-1.0-Golfstar1-Bíba => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {B3B71E96-A33F-440B-8FA1-3865900981C0} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {B767CCB0-721D-4365-936A-F57044B527E2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BE1C3502-DB2A-47FC-B6F3-485E251E3D85} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {C4618E97-A197-4099-BC36-3FDC0B8D67D7} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {C735C0BA-ABCF-42EB-AE2A-64D8ADB52211} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {CA9B6304-F9D0-4CD8-8795-195BA6B71B45} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CBE3C887-0234-4EA7-AE9A-7E22F9F2983C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D192F2CE-6C2E-4245-82F9-D9441F56E6C2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D6C53E4D-4A1F-462B-A9CB-AFCF96F419AF} - System32\Tasks\avastBCLRestartS-1-5-21-1702488835-1983202832-4074137989-1001 => Firefox.exe
Task: {DE4A91E6-8380-4AE9-AC5F-4775F3D9E5BC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E2998301-C997-4304-B296-85E760F01E10} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {E53F24DE-2A42-4748-ABBA-57E33C47012B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E897ACDC-72BD-41F7-84F6-BED04469039F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E8C19607-E8B5-4DE9-8B23-C08E2AA0B1E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {ED764F08-434F-47C8-9F3C-5F6929DA7934} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {F2045078-5CC5-44FE-A7CD-83F549CCCAC5} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {F40FA315-4B44-48B8-A511-34E818B16087} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {FFB1792F-ACDA-43C2-946E-4E09461FF000} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Golfstar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Ballduck\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Golfstar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Ballduck\Application\chrome.exe (Google Inc.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-15 08:39 - 2017-03-04 07:31 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-11-12 00:54 - 2013-06-28 16:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-09-04 22:40 - 2016-06-14 22:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-03-15 08:39 - 2017-03-04 05:19 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 08:39 - 2017-03-04 05:14 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-11 20:25 - 2017-03-28 07:01 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 20:25 - 2017-03-28 07:04 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-27 08:15 - 2016-04-27 08:15 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-23 10:42 - 2016-07-23 10:42 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-23 10:03 - 2016-11-14 13:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-21 20:20 - 2017-02-19 10:22 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2017-04-04 19:20 - 2017-04-04 19:20 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-26 19:23 - 2016-09-26 19:23 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-04 19:20 - 2017-04-04 19:20 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-04 19:20 - 2017-04-04 19:20 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-04 19:20 - 2017-04-04 19:20 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-17 20:22 - 2017-02-01 11:01 - 01870168 _____ () C:\Program Files (x86)\Ballduck\Application\libglesv2.dll
2017-03-17 20:22 - 2017-02-01 11:01 - 00085848 _____ () C:\Program Files (x86)\Ballduck\Application\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Golfstar\Desktop\Fotograf_oponentura_Neználek Rob.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Golfstar\Desktop\Historik_po oponenturách 2-Rob.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Golfstar\Desktop\Odborka_Ježíšův učedník-definitiva.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Golfstar\Desktop\Odborka_Poutník_za_ pravdou-definitiva.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Golfstar\Desktop\Odborka_Znalec_krestan-tradic a bohosluzby-definitiva.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Golfstar\Desktop\Plavec-připomínky-Smurf Rob.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Golfstar\Desktop\Skautský historik_po oponentuře 2 Rob.doc:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-09-04 23:50 - 2016-09-04 23:51 - 00001305 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Golfstar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Golfstar\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{5F40314D-7EA2-40E2-B3A9-D06851200A1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8DD743E3-8F24-4E16-80EB-C3D942192C56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95C4440B-BED8-413C-9A87-0E9062838982}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{879E121C-F5B0-4497-A72C-AC50C4D1E0C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EC441F0B-8E7B-4A91-9441-8AB2B1475C12}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{F81C4976-F08A-4499-AAE7-005DB2494C0B}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{97B8823E-7902-45F7-A06E-FC13F752600B}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{6AFC7242-E8DC-4D81-B1E4-55E466BAB76F}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{148502C5-7BD8-460E-BF01-C92FBED0CD5F}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{09624E5E-1598-4332-B908-B7C26146B6DA}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{1091B4A5-7A93-471E-A531-14DC3646477B}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{10B05572-80A5-4E5A-B5A2-FE8C638BDF3B}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{074C047D-FC44-466B-8B56-C4CB0E23EF31}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{83366DAE-DD50-44BF-BDA7-05462ACD0740}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{FD22A214-7007-444D-AF46-1006B17EEEA5}] => (Allow) C:\Users\Golfstar\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{1BD5A653-5DE7-4138-96B8-752DD744FC45}] => (Allow) C:\Users\Golfstar\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{88566DB5-CB15-4113-9F8D-1B836527F969}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{CC61022C-F455-4A49-8BC0-63435A27C53F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{17658538-7306-4856-AA3D-E8786B005C70}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{D87C97A7-8587-4F47-8D75-58A0654A12DC}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{A6406223-90A2-49D6-BACC-5AF2BA668F3B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A446DAFA-0C04-44F0-B9D7-54F216F8BA8E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4BCBEEF8-4379-4731-96C0-8761BC795229}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{D65D6BBC-CA7C-468B-8E43-1515908E5714}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{D0C2102F-47FC-4D3F-892A-1679665716FD}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{CF1CE978-2BD8-4D28-B35E-524FACB115A7}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{9C5301F0-14E1-4A9C-AEFD-58A8D4F1FEED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F2CD24F-EB93-420B-9E48-C73095C0B4E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{9BD45D29-C7E5-4EAF-89BD-DD09B279C14C}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Block) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{DAF6837D-9B69-4F34-BFB3-FF3238808320}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Block) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{D5580A2E-9275-4441-AE33-E7B5A44A73B5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{88D825FB-61E0-4C0C-B4B0-14D6099F9B59}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0BB3DD57-BEA7-409D-9207-F9CE4806C61F}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\GBR_eng\S.K.I.L.L\Binaries\Win32\sf2.exe
FirewallRules: [{94A400EF-77F5-4EB1-9BF5-125EB64B4460}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\GBR_eng\S.K.I.L.L\Binaries\Win32\sf2.exe
FirewallRules: [{4CC3E25E-4D64-4746-A65A-CC63646081A3}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [UDP Query User{8EEABDE4-8AE9-4A61-A121-1EBA5B7CD466}C:\users\golfstar\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\golfstar\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{77428CDA-1B5D-48BB-977E-6E2406BD7042}C:\users\golfstar\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\golfstar\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{1408C129-BF8E-472B-A935-B993C5570F9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C5CB880-B2B6-4BF2-AAB2-A844EE96C40B}] => (Allow) C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6D11B4DE-51DB-4E1A-BB63-A7EAA50BFB3C}] => (Allow) C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8B805305-EE58-4A7A-A21D-5B2E8E69D006}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{91204E13-A122-42CB-865A-7716B615ACD5}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{D8A94AC4-0374-46C2-B469-8F03BBF6B53E}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{3C5829D9-3E81-4E27-B55B-EE83A40E9443}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{BFA072F4-30B2-452B-AE75-FE4AEF4911CB}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{821060F5-9E41-435F-8259-0481B0E9CB1A}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{32DAE3F3-AAE2-4CAD-B228-FB84BACB3053}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{C99281C3-B306-4F89-B141-370FDC975970}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{F17FEA22-420F-4BB8-8606-BF643899EED2}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{80EA73E5-5E84-4430-AB51-2EF40B9B75B6}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{F9A313C9-E9BB-4F16-A983-BECFB4E3685C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{AB3265CB-46BF-47FB-9411-3F6834FAFF5D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C45C517B-E064-43EC-81CD-5D192391E0A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0698AEB3-8857-4FA2-8D1B-009BAA1A2C92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7B08F3F5-7158-46FA-A0C0-FBAB85A324C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5924DDB8-55AA-4100-A1A5-36B323FB541E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4648FBD4-370B-4A36-B0E2-5BF9510D6C44}] => (Allow) C:\Hry\WarThunder\run.exe
FirewallRules: [{B2B3DC6F-33FD-4497-8A3A-FCB4D6D6D543}] => (Allow) C:\Hry\WarThunder\run.exe
FirewallRules: [{0C3C6FD3-793D-4ECD-90AB-2E181526EB0B}] => (Allow) LPort=80
FirewallRules: [{32E95327-A1F9-40CA-A5CB-BE755386E5B0}] => (Allow) LPort=443
FirewallRules: [{48EC70E6-BF81-4570-948B-E35E6D924386}] => (Allow) LPort=20010
FirewallRules: [{AC62C566-A783-45A4-80D9-57F3BC0001FC}] => (Allow) LPort=3478
FirewallRules: [{F17944BD-8336-4250-AB2F-9FAC54F58CDB}] => (Allow) LPort=7850
FirewallRules: [{8300C4B9-8EC2-43DE-A760-B85A85C8F03C}] => (Allow) LPort=7852
FirewallRules: [{BAE68FCA-C985-487A-ABC8-022AB0EABCD5}] => (Allow) LPort=7853
FirewallRules: [{3FD84B3C-92FA-459D-B9B2-F9D1D4F42541}] => (Allow) LPort=27022
FirewallRules: [{4CE2B0F9-82DA-483C-B6DA-A9E2074F6C69}] => (Allow) LPort=6881
FirewallRules: [{F6B0AE0B-22E4-4B3D-82E1-AD470A0D3EA2}] => (Allow) LPort=33333
FirewallRules: [{113407A7-43A5-4544-9443-D27AE39BCFE3}] => (Allow) LPort=20443
FirewallRules: [{97374C6D-2B12-40C5-962E-F3067A8804B9}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{34AC58FC-F38D-4E0F-8671-946D6111DA62}C:\hry\warthunder\win64\aces.exe] => (Block) C:\hry\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{FCC0F02D-5017-49B3-8EFF-36F00C089953}C:\hry\warthunder\win64\aces.exe] => (Block) C:\hry\warthunder\win64\aces.exe
FirewallRules: [{09E5C13B-C2A3-4A15-B21C-1AAF9F5A1931}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{B1AC82C5-2BA4-4D7B-82AB-7862FFAB2EC6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{B4057743-F6B8-4DDB-9128-6C0511197398}] => (Allow) C:\Program Files (x86)\Ballduck\Application\chrome.exe
FirewallRules: [{4D1F44E0-AE2A-4EF2-B238-352B4F161776}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{20FE4D0D-3C8F-469B-91C3-A4049A72BB86}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{272BF586-ACC4-479E-9B33-584AA0E96F3E}] => (Allow) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
FirewallRules: [{280CCEF0-8DCC-4B07-97A8-077084540CD3}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{FACF7159-EF9E-466C-B166-DDC4DEEE4B65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{22C6373D-779A-4F87-B1F3-95D620336247}] => (Allow) C:\Program Files (x86)\MIO\loader\wdcxwd10eads-00m2b0_wd-wcav5494550345503.dat
FirewallRules: [{A0777183-AEAA-4324-BE10-072054CBB63B}] => (Allow) C:\Program Files (x86)\MIO\loader\wdcxwd10eads-00m2b0_wd-wcav5494550345503.dat

==================== Restore Points =========================

06-04-2017 08:13:02 Naplánovaný kontrolní bod
11-04-2017 20:56:42 Windows Update
12-04-2017 19:02:09 JRT Pre-Junkware Removal
13-04-2017 23:26:08 JRT Pre-Junkware Removal
15-04-2017 00:17:53 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2017 12:18:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (04/15/2017 12:17:53 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak) došlo k neočekávané chybě. hr= 0x80070539, Struktura ID zabezpečení není platná.
.


Operace:
Událost OnIdentify
Shromažďování dat modulu pro zápis

Kontext:
Kontext spuštění: Shadow Copy Optimization Writer
ID třídy modulu pro zápis: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Název modulu pro zápis: Shadow Copy Optimization Writer
ID instance modulu pro zápis: {90353b78-bb96-46c1-8c70-0c891655d545}

Error: (04/14/2017 11:50:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program UFO.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 12bc

Čas spuštění: 01d2b5659da9b36f

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files (x86)\CENEGA\UFO Aftermath\UFO.exe

ID hlášení: 6c3bfa49-215c-11e7-802d-002421e462e3

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (04/14/2017 11:25:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program UFO.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: d08

Čas spuštění: 01d2b5655ecb698f

Čas ukončení: 35

Cesta k aplikaci: C:\Program Files (x86)\CENEGA\UFO Aftermath\UFO.exe

ID hlášení: d5e74da1-2158-11e7-802d-002421e462e3

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (04/14/2017 11:23:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program UFO.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1600

Čas spuštění: 01d2b5653070a479

Čas ukončení: 39

Cesta k aplikaci: C:\Program Files (x86)\CENEGA\UFO Aftermath\UFO.exe

ID hlášení: 94c29c22-2158-11e7-802d-002421e462e3

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (04/14/2017 11:22:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program UFO.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1008

Čas spuštění: 01d2b564bd5f8a03

Čas ukončení: 37

Cesta k aplikaci: C:\Program Files (x86)\CENEGA\UFO Aftermath\UFO.exe

ID hlášení: 64b55e6b-2158-11e7-802d-002421e462e3

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (04/14/2017 09:48:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: NvStreamUserAgent.exe, verze: 7.1.2084.9592, časové razítko: 0x57605c64
Název chybujícího modulu: ntdll.dll, verze: 10.0.10586.672, časové razítko: 0x580ee321
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000002e909
ID chybujícího procesu: 0x118c
Čas spuštění chybující aplikace: 0x01d2b5581fa80d7a
Cesta k chybující aplikaci: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 7408813a-a58b-481a-acdd-bd185b8585af
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/14/2017 09:32:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll se nezdařilo.
Závislé sestavení Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (04/14/2017 09:32:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll se nezdařilo.
Závislé sestavení Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (04/14/2017 09:32:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll se nezdařilo.
Závislé sestavení Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.


System errors:
=============
Error: (04/15/2017 12:18:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/15/2017 12:13:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetTcpActivator závisí na službě NetTcpPortSharing, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (04/15/2017 12:13:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba VMnetBridge neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (04/15/2017 12:11:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_83c843 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (04/15/2017 12:11:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/15/2017 12:11:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (04/15/2017 12:11:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/15/2017 12:11:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Origin Web Helper Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/15/2017 12:11:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/15/2017 12:11:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Řízení front zpráv byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.


CodeIntegrity:
===================================
Date: 2017-04-11 21:51:44.595
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-06 23:37:06.530
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTcli.exe that did not meet the Microsoft signing level requirements.

Date: 2017-03-30 06:56:32.071
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 18:08:42.263
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-18 07:06:09.150
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2017-03-18 06:23:12.774
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2017-03-18 06:23:12.643
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2017-03-18 00:37:36.324
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2017-03-17 22:18:33.505
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2017-03-17 22:16:10.706
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 24%
Total physical RAM: 8183.11 MB
Available physical RAM: 6214.96 MB
Total Virtual: 16375.11 MB
Available Virtual: 14384.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:642.67 GB) NTFS
Drive d: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.01 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (KRD10) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS
Drive f: (Zaloha) (Fixed) (Total:111.8 GB) (Free:11.2 GB) NTFS
Drive g: (201007251918) (CDROM) (Total:1.13 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7A0FD819)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 1D551D54)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Zdravím!
Ještě potřebuji vidět log z FRST. Toto je pouze Additional. Děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 (ATTENTION: ====> FRSTversion is 31 days old and could be outdated)
Ran by Golfstar (administrator) on GOLFSTAR1 (15-04-2017 00:37:12)
Running from C:\Users\Golfstar\Desktop
Loaded Profiles: Golfstar (Available Profiles: Golfstar & Bíba)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(forum.viry.cz) C:\Users\Golfstar\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2015-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Providers\0agqzdpi: C:\Program Files (x86)\Ranient Host\local64spl.dll
ShellExecuteHooks: No Name - {06BF8910-FD96-11E6-8F65-64006A5CFC23} - C:\Program Files (x86)\Votyphalury\Nacerph.dll -> No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2017-04-12]
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (No File)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{2a80756e-0938-4e11-99d0-0754bab631cf}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{71c2fb54-53e8-4da4-bf47-85d8ac52238d}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> {4E739F84-3E81-4553-A622-9A839958943C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-12] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... J10XC18949

FireFox:
========
FF ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756 [2017-04-13]
FF Extension: (Disable Prefetch) - C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\features\{0b819a28-c59a-46e0-8f69-ea58ef041fba}\disable-prefetch@mozilla.org.xpi [2017-04-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Golfstar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.google.com/
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
CHR Profile: C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-12] <==== ATTENTION
CHR Extension: (Dokumenty Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Vyhledávání Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Avast SafePrice) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-24]
CHR Extension: (Avast Online Security) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-03-28] (BitRaider, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-19] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-19] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-03-28] (BitRaider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-05] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-15 00:37 - 2017-04-15 00:37 - 00019841 _____ C:\Users\Golfstar\Desktop\FRST.txt
2017-04-15 00:35 - 2017-04-15 00:37 - 00000000 ____D C:\FRST
2017-04-15 00:35 - 2017-04-15 00:35 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-15 00:33 - 2017-04-15 00:35 - 00112640 _____ (forum.viry.cz) C:\Users\Golfstar\Desktop\FRSTLauncher.exe
2017-04-15 00:29 - 2017-04-15 00:35 - 02424832 _____ (Farbar) C:\Users\Golfstar\Desktop\FRST64.exe
2017-04-15 00:01 - 2017-04-15 00:01 - 00001031 _____ C:\Users\Golfstar\Desktop\RegCleaner.lnk
2017-04-15 00:01 - 2017-04-15 00:01 - 00000000 ____D C:\Program Files (x86)\RegCleaner
2017-04-12 19:11 - 2017-04-15 00:11 - 00000000 ____D C:\AdwCleaner
2017-04-12 19:11 - 2017-04-12 19:11 - 04089296 _____ C:\Users\Golfstar\Downloads\adwcleaner_6.045.exe
2017-04-12 19:03 - 2017-04-15 00:20 - 00000555 _____ C:\Users\Golfstar\Desktop\JRT.txt
2017-04-11 21:43 - 2017-04-11 21:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(2).exe
2017-04-11 21:04 - 2017-04-11 21:04 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-11 20:26 - 2017-03-28 10:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 20:26 - 2017-03-28 10:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 20:26 - 2017-03-28 09:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:26 - 2017-03-28 09:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-11 20:26 - 2017-03-28 09:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-11 20:26 - 2017-03-28 09:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 20:26 - 2017-03-28 09:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 20:26 - 2017-03-28 09:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-11 20:26 - 2017-03-28 08:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 20:26 - 2017-03-28 08:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 20:26 - 2017-03-28 08:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 20:26 - 2017-03-28 08:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 20:26 - 2017-03-28 08:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-11 20:26 - 2017-03-28 07:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 20:26 - 2017-03-28 07:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 20:26 - 2017-03-28 07:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-11 20:26 - 2017-03-28 07:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:26 - 2017-03-28 07:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-11 20:26 - 2017-03-28 07:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 20:26 - 2017-03-28 07:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-11 20:26 - 2017-03-28 07:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-11 20:26 - 2017-03-28 07:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 20:26 - 2017-03-28 07:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 20:26 - 2017-03-28 07:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 20:26 - 2017-03-28 07:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 20:26 - 2017-03-28 06:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-11 20:26 - 2017-03-28 06:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-11 20:26 - 2017-03-28 06:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 20:26 - 2017-03-28 06:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 20:26 - 2017-03-18 18:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 12:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-11 20:25 - 2017-03-28 12:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 20:25 - 2017-03-28 11:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-11 20:25 - 2017-03-28 11:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:25 - 2017-03-28 11:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-11 20:25 - 2017-03-28 11:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 20:25 - 2017-03-28 11:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-11 20:25 - 2017-03-28 10:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 20:25 - 2017-03-28 10:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 20:25 - 2017-03-28 10:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 10:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 20:25 - 2017-03-28 10:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 20:25 - 2017-03-28 10:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 20:25 - 2017-03-28 09:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 09:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 09:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 20:25 - 2017-03-28 09:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 09:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 20:25 - 2017-03-28 09:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-11 20:25 - 2017-03-28 09:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 20:25 - 2017-03-28 09:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 09:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 20:25 - 2017-03-28 09:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 20:25 - 2017-03-28 09:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-11 20:25 - 2017-03-28 09:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 09:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 09:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:25 - 2017-03-28 08:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-11 20:25 - 2017-03-28 08:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 20:25 - 2017-03-28 08:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 20:25 - 2017-03-28 08:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 08:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 08:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 20:25 - 2017-03-28 08:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 08:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-11 20:25 - 2017-03-28 08:42 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-04-11 20:25 - 2017-03-28 08:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 20:25 - 2017-03-28 08:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-11 20:25 - 2017-03-28 08:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 08:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 20:25 - 2017-03-28 08:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 20:25 - 2017-03-28 08:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 20:25 - 2017-03-28 08:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-11 20:25 - 2017-03-28 07:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 07:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 07:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 20:25 - 2017-03-28 07:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 07:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 07:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-11 20:25 - 2017-03-28 07:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-11 20:25 - 2017-03-28 07:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 07:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 07:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 20:25 - 2017-03-28 07:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 20:25 - 2017-03-28 07:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 20:25 - 2017-03-28 06:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-11 20:25 - 2017-03-28 06:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 20:25 - 2017-03-28 06:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 20:25 - 2017-03-21 03:36 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-04-11 20:25 - 2017-03-18 22:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 20:24 - 2017-03-28 12:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 20:24 - 2017-03-28 12:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 20:24 - 2017-03-28 12:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-11 20:24 - 2017-03-28 11:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-11 20:24 - 2017-03-28 11:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 20:24 - 2017-03-28 11:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-11 20:24 - 2017-03-28 11:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-11 20:24 - 2017-03-28 11:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-11 20:24 - 2017-03-28 10:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 20:24 - 2017-03-28 10:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 20:24 - 2017-03-28 10:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 20:24 - 2017-03-28 10:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 20:24 - 2017-03-28 10:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-11 20:24 - 2017-03-28 09:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-11 20:24 - 2017-03-28 09:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 20:24 - 2017-03-28 09:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 20:24 - 2017-03-28 09:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 20:24 - 2017-03-28 09:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 09:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-11 20:24 - 2017-03-28 09:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 20:24 - 2017-03-28 09:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-11 20:24 - 2017-03-28 09:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 20:24 - 2017-03-28 09:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 20:24 - 2017-03-28 09:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 20:24 - 2017-03-28 09:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 20:24 - 2017-03-28 08:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-11 20:24 - 2017-03-28 08:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-11 20:24 - 2017-03-28 08:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 20:24 - 2017-03-28 08:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-11 20:24 - 2017-03-28 08:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 20:24 - 2017-03-28 08:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 20:24 - 2017-03-28 08:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 07:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-11 20:24 - 2017-03-28 07:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-11 20:24 - 2017-03-28 07:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-08 19:26 - 2017-04-08 19:26 - 00645990 _____ C:\Users\Golfstar\Documents\Souhlas Mačeta.pdf
2017-04-08 19:25 - 2017-04-08 19:25 - 00672790 _____ C:\Users\Golfstar\Documents\Souhlas Azimut.pdf
2017-04-08 19:18 - 2017-04-08 19:18 - 00580455 _____ C:\Users\Golfstar\Documents\Souhlas Robin.pdf
2017-04-08 19:09 - 2017-04-08 19:09 - 01061427 _____ C:\Users\Golfstar\Downloads\ZkracenyVypis_1585.pdf
2017-04-08 13:25 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace (1).pdf
2017-04-08 13:24 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace.pdf
2017-04-08 13:15 - 2017-04-08 13:15 - 01576714 _____ C:\Users\Golfstar\Downloads\SouhlasyKandidatu_1585.zip
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default\AppData\Local\AMD
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-12 00:08 - 00000000 ____D C:\Users\Golfstar\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-07 07:45 - 00000000 ____D C:\Update
2017-04-07 07:43 - 2017-04-10 20:00 - 00000000 ____D C:\Program Files\MK
2017-04-07 07:43 - 2017-04-07 10:41 - 00000000 ____D C:\Program Files (x86)\{D00F2D36-EBED-4E47-9EBE-596D00DB7668}
2017-04-06 23:37 - 2017-04-06 23:37 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-04-06 23:34 - 2017-04-06 23:35 - 164764280 _____ (Sophos Limited) C:\Users\Golfstar\Downloads\Sophos Virus Removal Tool (1).exe
2017-04-06 23:32 - 2017-04-06 23:32 - 00000000 ____D C:\ProgramData\Sophos
2017-04-06 23:30 - 2017-04-12 19:01 - 01663904 _____ (Malwarebytes) C:\Users\Golfstar\Downloads\JRT.exe
2017-04-06 22:14 - 2017-04-06 22:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-06 22:12 - 2017-04-06 22:22 - 00136962 _____ C:\WINDOWS\ntbtlog.txt
2017-04-04 19:20 - 2017-04-04 19:20 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-04-03 20:45 - 2017-04-03 21:38 - 471699570 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E16.cz.tit..avi
2017-04-01 15:13 - 2017-04-01 15:13 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-29 21:00 - 2017-03-29 21:18 - 334823390 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E15.cz.tit..avi
2017-03-29 19:44 - 2017-03-29 20:04 - 356193958 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E14.cz.tit..avi
2017-03-29 19:13 - 2017-03-29 19:43 - 524679426 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E13.cz.tit..avi
2017-03-28 21:45 - 2017-03-28 22:16 - 527046222 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E12.cz.tit..avi
2017-03-28 21:11 - 2017-03-28 21:35 - 408304714 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E11.cz.tit..avi
2017-03-27 23:03 - 2017-03-27 23:38 - 626845494 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E10.cz.tit..avi
2017-03-27 22:38 - 2017-03-27 22:59 - 314294272 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E09.cz-tit.avi
2017-03-19 18:55 - 2017-03-19 18:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(1).exe
2017-03-17 20:22 - 2017-04-12 19:17 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-17 20:22 - 2017-03-17 20:22 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Program Files (x86)\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-17 20:21 - 2017-03-17 20:21 - 00000000 ____D C:\Program Files (x86)\58CC2944_cacayima

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-15 00:13 - 2016-07-23 10:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-15 00:13 - 2016-04-27 08:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-15 00:13 - 2015-06-18 06:31 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job
2017-04-15 00:12 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-04-14 23:05 - 2016-07-23 13:18 - 00002439 _____ C:\Users\Golfstar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 23:05 - 2016-07-23 13:18 - 00000000 ___RD C:\Users\Golfstar\OneDrive
2017-04-14 22:27 - 2014-09-22 13:21 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job
2017-04-14 21:55 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-14 09:29 - 2014-09-02 18:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Skype
2017-04-13 23:34 - 2015-02-06 12:11 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2
2017-04-13 23:32 - 2014-08-28 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-13 23:23 - 2016-11-19 00:10 - 00000000 ____D C:\Users\Golfstar\AppData\LocalLow\Mozilla
2017-04-13 23:20 - 2014-09-22 13:21 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job
2017-04-13 23:18 - 2016-07-23 10:28 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 23:18 - 2015-11-10 07:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 23:18 - 2014-12-22 14:16 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-13 14:42 - 2015-06-18 06:31 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job
2017-04-13 07:08 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-13 07:02 - 2016-11-19 08:43 - 00000000 ____D C:\Users\Bíba\AppData\LocalLow\Mozilla
2017-04-12 19:28 - 2017-03-10 09:32 - 00000000 ____D C:\Users\Golfstar\Downloads\backups
2017-04-12 19:23 - 2017-03-09 23:43 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\Kyubey
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Kyubey
2017-04-12 07:12 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-12 04:26 - 2016-04-27 09:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-12 00:08 - 2014-12-22 14:16 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-11 22:29 - 2014-08-29 00:16 - 00000000 ____D C:\ProgramData\Turbine
2017-04-11 22:29 - 2014-08-29 00:15 - 00000000 ____D C:\ProgramData\HappyCloud
2017-04-11 22:27 - 2014-08-30 23:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-11 22:26 - 2016-09-04 21:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-04-11 22:25 - 2016-07-23 10:28 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 22:25 - 2016-07-23 10:28 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 21:49 - 2016-04-26 23:46 - 04780000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-11 21:46 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2017-04-11 21:41 - 2016-09-09 00:12 - 00000000 ____D C:\Users\Golfstar\AppData\Local\CrashDumps
2017-04-11 21:41 - 2015-01-17 21:25 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-11 21:04 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-11 21:04 - 2014-08-28 00:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 21:04 - 2014-08-28 00:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 19:42 - 2017-02-06 09:57 - 00000000 ____D C:\Users\Bíba\AppData\Local\CrashDumps
2017-04-11 15:02 - 2016-07-23 10:28 - 00004592 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 14:02 - 2016-12-23 00:44 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-08 00:40 - 2016-06-05 01:10 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Battle.net
2017-04-07 22:10 - 2016-06-05 01:12 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-04-07 21:50 - 2016-06-05 01:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-05 08:19 - 2016-07-23 10:07 - 02039786 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-05 08:19 - 2016-04-27 08:11 - 00843726 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-05 08:19 - 2016-04-27 08:11 - 00192740 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-05 08:13 - 2016-07-23 10:28 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458712455
2017-04-05 08:13 - 2016-03-23 07:54 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-04 19:20 - 2017-03-09 23:43 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-04-04 19:20 - 2016-03-23 07:53 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-04 11:41 - 2016-11-12 00:54 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-04-01 21:05 - 2015-10-30 09:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 21:05 - 2015-10-30 09:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-01 15:13 - 2016-07-23 10:59 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-31 01:13 - 2016-07-23 10:28 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1423217291
2017-03-31 01:13 - 2015-02-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-31 01:13 - 2015-02-06 12:07 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-28 11:15 - 2016-04-27 08:52 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-23 12:49 - 2016-11-12 08:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Canon
2017-03-19 10:54 - 2016-07-22 21:51 - 00000000 ____D C:\Users\Golfstar\AppData\Roaming\Andy
2017-03-18 23:49 - 2015-03-07 14:20 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2017-03-18 23:48 - 2015-03-07 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2017-03-18 23:46 - 2016-07-23 13:13 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Packages
2017-03-18 23:46 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-18 23:38 - 2015-01-02 12:49 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-03-17 20:22 - 2015-10-29 23:06 - 00000000 ____D C:\ProgramData\Apple
2017-03-17 20:22 - 2014-08-28 21:22 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-17 20:21 - 2017-03-07 13:42 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-17 08:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

==================== Files in the root of some directories =======

2016-09-02 00:12 - 2016-09-02 00:12 - 0001907 _____ () C:\Users\Golfstar\AppData\Local\recently-used.xbel
2016-09-04 22:31 - 2016-09-04 22:31 - 0000017 _____ () C:\Users\Golfstar\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-03-18 23:42 - 2016-07-21 22:32 - 0949784 _____ (BlueStack Systems, Inc.) C:\Users\Golfstar\AppData\Local\Temp\BluestacksUninstaller.exe
2017-04-11 22:29 - 2013-11-12 17:48 - 0692632 _____ (Happy Cloud, Inc.) C:\Users\Golfstar\AppData\Local\Temp\hcuninstaller_20170411_222929_4428.exe
2017-03-18 23:42 - 2016-07-21 22:31 - 0187416 _____ (BlueStack Systems) C:\Users\Golfstar\AppData\Local\Temp\HD-LibraryHandler.dll
2017-03-18 23:42 - 2016-07-21 22:29 - 0246808 _____ (BlueStack Systems) C:\Users\Golfstar\AppData\Local\Temp\HD-Logger-Native.dll
2016-10-28 02:49 - 2016-10-28 02:49 - 0737856 _____ (Oracle Corporation) C:\Users\Golfstar\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-03-12 10:12 - 2017-03-12 10:12 - 0739904 _____ (Oracle Corporation) C:\Users\Golfstar\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-11-12 00:39 - 2015-01-19 19:48 - 1126480 ____N (CANON INC.) C:\Users\Golfstar\AppData\Local\Temp\MSETUP4.EXE
2014-08-28 22:51 - 2014-07-02 19:44 - 1214048 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvSCPAPI.dll
2014-08-28 22:51 - 2014-07-02 19:44 - 1398936 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvSCPAPI64.dll
2016-09-04 22:37 - 2014-07-02 19:44 - 0826712 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvStInst.exe
2017-03-19 10:53 - 2016-07-19 22:14 - 1328792 _____ (Andy OS, inc.) C:\Users\Golfstar\AppData\Local\Temp\RemoveTemp.exe
2017-03-15 21:20 - 2017-03-15 21:20 - 14456872 _____ (Microsoft Corporation) C:\Users\Golfstar\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Golfstar\Desktop" je 440 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface
"C:\Users\Golfstar\AppData\Local\Akamai\netsession_win.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent
C:\Program Files (x86)\BlueStacks\HD-Agent.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update
"C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay
C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk
C:\PROGRA~1\Andy\HANDYA~1.EXE [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Golfstar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\Dropbox.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001


==================== End Of Log ==============================

Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v6.045 - Log vytvořen 16/04/2017 v 12:26:17
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-04-16.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Golfstar - GOLFSTAR1
# Spuštěno z : C:\Users\Golfstar\Downloads\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****

[-] [C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Smazáno: hxxp://www.ourluckysites.com/searchfavicon.ico


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5031 Bajty] - [12/04/2017 19:17:28]
C:\AdwCleaner\AdwCleaner[C2].txt - [5709 Bajty] - [13/04/2017 23:19:12]
C:\AdwCleaner\AdwCleaner[C3].txt - [1606 Bajty] - [15/04/2017 00:11:50]
C:\AdwCleaner\AdwCleaner[C4].txt - [1690 Bajty] - [16/04/2017 02:51:03]
C:\AdwCleaner\AdwCleaner[C5].txt - [1244 Bajty] - [16/04/2017 12:26:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [4805 Bajty] - [12/04/2017 19:14:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [1519 Bajty] - [12/04/2017 19:31:16]
C:\AdwCleaner\AdwCleaner[S2].txt - [8001 Bajty] - [13/04/2017 23:18:07]
C:\AdwCleaner\AdwCleaner[S3].txt - [1855 Bajty] - [15/04/2017 00:11:24]
C:\AdwCleaner\AdwCleaner[S4].txt - [1989 Bajty] - [16/04/2017 02:50:50]
C:\AdwCleaner\AdwCleaner[S5].txt - [2133 Bajty] - [16/04/2017 12:26:03]

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1755 Bajty] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 (ATTENTION: ====> FRSTversion is 32 days old and could be outdated)
Ran by Golfstar (administrator) on GOLFSTAR1 (16-04-2017 13:26:10)
Running from C:\Users\Golfstar\Desktop
Loaded Profiles: Golfstar (Available Profiles: Golfstar & Bíba)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2015-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Providers\0agqzdpi: C:\Program Files (x86)\Ranient Host\local64spl.dll
ShellExecuteHooks: No Name - {06BF8910-FD96-11E6-8F65-64006A5CFC23} - C:\Program Files (x86)\Votyphalury\Nacerph.dll -> No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2017-04-12]
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (No File)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{2a80756e-0938-4e11-99d0-0754bab631cf}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{71c2fb54-53e8-4da4-bf47-85d8ac52238d}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> {4E739F84-3E81-4553-A622-9A839958943C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-12] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... J10XC18949

FireFox:
========
FF ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756 [2017-04-13]
FF Extension: (Disable Prefetch) - C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\features\{0b819a28-c59a-46e0-8f69-ea58ef041fba}\disable-prefetch@mozilla.org.xpi [2017-04-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Golfstar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.google.com/
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
CHR Profile: C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-12] <==== ATTENTION
CHR Extension: (Dokumenty Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Vyhledávání Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Avast SafePrice) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-24]
CHR Extension: (Avast Online Security) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-03-28] (BitRaider, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-19] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-19] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-03-28] (BitRaider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-05] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-15 01:46 - 2017-04-16 13:26 - 00020279 _____ C:\Users\Golfstar\Desktop\FRST.txt
2017-04-15 00:39 - 2017-04-15 00:39 - 00058707 _____ C:\Users\Golfstar\Desktop\FRST3.txt
2017-04-15 00:38 - 2017-04-15 00:39 - 00053301 _____ C:\Users\Golfstar\Desktop\Addition.txt
2017-04-15 00:35 - 2017-04-16 13:26 - 00000000 ____D C:\FRST
2017-04-15 00:29 - 2017-04-15 00:35 - 02424832 _____ (Farbar) C:\Users\Golfstar\Desktop\FRST64.exe
2017-04-15 00:01 - 2017-04-15 00:01 - 00001031 _____ C:\Users\Golfstar\Desktop\RegCleaner.lnk
2017-04-15 00:01 - 2017-04-15 00:01 - 00000000 ____D C:\Program Files (x86)\RegCleaner
2017-04-12 19:11 - 2017-04-16 12:26 - 00000000 ____D C:\AdwCleaner
2017-04-12 19:11 - 2017-04-12 19:11 - 04089296 _____ C:\Users\Golfstar\Desktop\adwcleaner_6.045.exe
2017-04-12 19:03 - 2017-04-15 00:20 - 00000555 _____ C:\Users\Golfstar\Desktop\JRT.txt
2017-04-11 21:43 - 2017-04-11 21:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(2).exe
2017-04-11 21:04 - 2017-04-11 21:04 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-11 20:26 - 2017-03-28 10:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 20:26 - 2017-03-28 10:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 20:26 - 2017-03-28 09:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:26 - 2017-03-28 09:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-11 20:26 - 2017-03-28 09:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-11 20:26 - 2017-03-28 09:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 20:26 - 2017-03-28 09:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 20:26 - 2017-03-28 09:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-11 20:26 - 2017-03-28 08:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 20:26 - 2017-03-28 08:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 20:26 - 2017-03-28 08:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 20:26 - 2017-03-28 08:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 20:26 - 2017-03-28 08:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-11 20:26 - 2017-03-28 07:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 20:26 - 2017-03-28 07:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 20:26 - 2017-03-28 07:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-11 20:26 - 2017-03-28 07:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:26 - 2017-03-28 07:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-11 20:26 - 2017-03-28 07:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 20:26 - 2017-03-28 07:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-11 20:26 - 2017-03-28 07:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-11 20:26 - 2017-03-28 07:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 20:26 - 2017-03-28 07:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 20:26 - 2017-03-28 07:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 20:26 - 2017-03-28 07:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 20:26 - 2017-03-28 06:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-11 20:26 - 2017-03-28 06:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-11 20:26 - 2017-03-28 06:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 20:26 - 2017-03-28 06:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 20:26 - 2017-03-18 18:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 12:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-11 20:25 - 2017-03-28 12:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 20:25 - 2017-03-28 11:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-11 20:25 - 2017-03-28 11:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:25 - 2017-03-28 11:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-11 20:25 - 2017-03-28 11:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 20:25 - 2017-03-28 11:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-11 20:25 - 2017-03-28 10:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 20:25 - 2017-03-28 10:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 20:25 - 2017-03-28 10:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 10:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 20:25 - 2017-03-28 10:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 20:25 - 2017-03-28 10:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 20:25 - 2017-03-28 09:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 09:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 09:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 20:25 - 2017-03-28 09:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 09:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 20:25 - 2017-03-28 09:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-11 20:25 - 2017-03-28 09:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 20:25 - 2017-03-28 09:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 09:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 20:25 - 2017-03-28 09:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 20:25 - 2017-03-28 09:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-11 20:25 - 2017-03-28 09:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 09:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 09:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:25 - 2017-03-28 08:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-11 20:25 - 2017-03-28 08:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 20:25 - 2017-03-28 08:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 20:25 - 2017-03-28 08:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 08:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 08:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 20:25 - 2017-03-28 08:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 08:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-11 20:25 - 2017-03-28 08:42 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-04-11 20:25 - 2017-03-28 08:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 20:25 - 2017-03-28 08:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-11 20:25 - 2017-03-28 08:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 08:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 20:25 - 2017-03-28 08:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 20:25 - 2017-03-28 08:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 20:25 - 2017-03-28 08:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-11 20:25 - 2017-03-28 07:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 07:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 07:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 20:25 - 2017-03-28 07:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 07:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 07:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-11 20:25 - 2017-03-28 07:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-11 20:25 - 2017-03-28 07:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 07:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 07:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 20:25 - 2017-03-28 07:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 20:25 - 2017-03-28 07:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 20:25 - 2017-03-28 06:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-11 20:25 - 2017-03-28 06:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 20:25 - 2017-03-28 06:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 20:25 - 2017-03-21 03:36 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-04-11 20:25 - 2017-03-18 22:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 20:24 - 2017-03-28 12:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 20:24 - 2017-03-28 12:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 20:24 - 2017-03-28 12:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-11 20:24 - 2017-03-28 11:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-11 20:24 - 2017-03-28 11:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 20:24 - 2017-03-28 11:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-11 20:24 - 2017-03-28 11:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-11 20:24 - 2017-03-28 11:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-11 20:24 - 2017-03-28 10:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 20:24 - 2017-03-28 10:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 20:24 - 2017-03-28 10:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 20:24 - 2017-03-28 10:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 20:24 - 2017-03-28 10:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-11 20:24 - 2017-03-28 09:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-11 20:24 - 2017-03-28 09:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 20:24 - 2017-03-28 09:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 20:24 - 2017-03-28 09:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 20:24 - 2017-03-28 09:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 09:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-11 20:24 - 2017-03-28 09:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 20:24 - 2017-03-28 09:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-11 20:24 - 2017-03-28 09:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 20:24 - 2017-03-28 09:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 20:24 - 2017-03-28 09:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 20:24 - 2017-03-28 09:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 20:24 - 2017-03-28 08:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-11 20:24 - 2017-03-28 08:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-11 20:24 - 2017-03-28 08:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 20:24 - 2017-03-28 08:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-11 20:24 - 2017-03-28 08:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 20:24 - 2017-03-28 08:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 20:24 - 2017-03-28 08:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 07:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-11 20:24 - 2017-03-28 07:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-11 20:24 - 2017-03-28 07:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-08 19:26 - 2017-04-08 19:26 - 00645990 _____ C:\Users\Golfstar\Documents\Souhlas Mačeta.pdf
2017-04-08 19:25 - 2017-04-08 19:25 - 00672790 _____ C:\Users\Golfstar\Documents\Souhlas Azimut.pdf
2017-04-08 19:18 - 2017-04-08 19:18 - 00580455 _____ C:\Users\Golfstar\Documents\Souhlas Robin.pdf
2017-04-08 19:09 - 2017-04-08 19:09 - 01061427 _____ C:\Users\Golfstar\Downloads\ZkracenyVypis_1585.pdf
2017-04-08 13:25 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace (1).pdf
2017-04-08 13:24 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace.pdf
2017-04-08 13:15 - 2017-04-08 13:15 - 01576714 _____ C:\Users\Golfstar\Downloads\SouhlasyKandidatu_1585.zip
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default\AppData\Local\AMD
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-12 00:08 - 00000000 ____D C:\Users\Golfstar\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-07 07:45 - 00000000 ____D C:\Update
2017-04-07 07:43 - 2017-04-10 20:00 - 00000000 ____D C:\Program Files\MK
2017-04-07 07:43 - 2017-04-07 10:41 - 00000000 ____D C:\Program Files (x86)\{D00F2D36-EBED-4E47-9EBE-596D00DB7668}
2017-04-06 23:37 - 2017-04-06 23:37 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-04-06 23:34 - 2017-04-06 23:35 - 164764280 _____ (Sophos Limited) C:\Users\Golfstar\Downloads\Sophos Virus Removal Tool (1).exe
2017-04-06 23:32 - 2017-04-06 23:32 - 00000000 ____D C:\ProgramData\Sophos
2017-04-06 23:30 - 2017-04-12 19:01 - 01663904 _____ (Malwarebytes) C:\Users\Golfstar\Downloads\JRT.exe
2017-04-06 22:14 - 2017-04-06 22:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-06 22:12 - 2017-04-06 22:22 - 00136962 _____ C:\WINDOWS\ntbtlog.txt
2017-04-04 19:20 - 2017-04-04 19:20 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-04-03 20:45 - 2017-04-03 21:38 - 471699570 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E16.cz.tit..avi
2017-04-01 15:13 - 2017-04-01 15:13 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-29 21:00 - 2017-03-29 21:18 - 334823390 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E15.cz.tit..avi
2017-03-29 19:44 - 2017-03-29 20:04 - 356193958 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E14.cz.tit..avi
2017-03-29 19:13 - 2017-03-29 19:43 - 524679426 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E13.cz.tit..avi
2017-03-28 21:45 - 2017-03-28 22:16 - 527046222 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E12.cz.tit..avi
2017-03-28 21:11 - 2017-03-28 21:35 - 408304714 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E11.cz.tit..avi
2017-03-27 23:03 - 2017-03-27 23:38 - 626845494 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E10.cz.tit..avi
2017-03-27 22:38 - 2017-03-27 22:59 - 314294272 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E09.cz-tit.avi
2017-03-19 18:55 - 2017-03-19 18:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(1).exe
2017-03-17 20:22 - 2017-04-12 19:17 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-17 20:22 - 2017-03-17 20:22 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Program Files (x86)\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-17 20:21 - 2017-03-17 20:21 - 00000000 ____D C:\Program Files (x86)\58CC2944_cacayima

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-16 13:27 - 2014-09-22 13:21 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job
2017-04-16 13:27 - 2014-09-22 13:21 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job
2017-04-16 12:43 - 2015-06-18 06:31 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job
2017-04-16 12:27 - 2016-07-23 10:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-16 12:27 - 2016-04-27 08:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-16 12:26 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-04-16 12:22 - 2016-07-23 10:07 - 02039786 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-16 12:22 - 2016-04-27 08:11 - 00843726 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-16 12:22 - 2016-04-27 08:11 - 00192740 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-16 12:22 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2017-04-16 10:06 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-15 08:41 - 2014-09-02 18:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Skype
2017-04-15 07:51 - 2016-12-15 08:15 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-15 07:51 - 2016-07-30 10:53 - 00002427 _____ C:\Users\Bíba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-15 07:51 - 2016-07-30 10:53 - 00000000 ___RD C:\Users\Bíba\OneDrive
2017-04-14 23:05 - 2016-07-23 13:18 - 00002439 _____ C:\Users\Golfstar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 23:05 - 2016-07-23 13:18 - 00000000 ___RD C:\Users\Golfstar\OneDrive
2017-04-13 23:34 - 2015-02-06 12:11 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2
2017-04-13 23:32 - 2014-08-28 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-13 23:23 - 2016-11-19 00:10 - 00000000 ____D C:\Users\Golfstar\AppData\LocalLow\Mozilla
2017-04-13 23:18 - 2016-07-23 10:28 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 23:18 - 2015-11-10 07:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 23:18 - 2014-12-22 14:16 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-13 14:42 - 2015-06-18 06:31 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job
2017-04-13 07:08 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-13 07:02 - 2016-11-19 08:43 - 00000000 ____D C:\Users\Bíba\AppData\LocalLow\Mozilla
2017-04-12 19:28 - 2017-03-10 09:32 - 00000000 ____D C:\Users\Golfstar\Downloads\backups
2017-04-12 19:23 - 2017-03-09 23:43 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\Kyubey
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Kyubey
2017-04-12 07:12 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-12 04:26 - 2016-04-27 09:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-12 00:08 - 2014-12-22 14:16 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-11 22:29 - 2014-08-29 00:16 - 00000000 ____D C:\ProgramData\Turbine
2017-04-11 22:29 - 2014-08-29 00:15 - 00000000 ____D C:\ProgramData\HappyCloud
2017-04-11 22:27 - 2014-08-30 23:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-11 22:26 - 2016-09-04 21:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-04-11 22:25 - 2016-07-23 10:28 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 22:25 - 2016-07-23 10:28 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 21:49 - 2016-04-26 23:46 - 04780000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-11 21:41 - 2016-09-09 00:12 - 00000000 ____D C:\Users\Golfstar\AppData\Local\CrashDumps
2017-04-11 21:41 - 2015-01-17 21:25 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-11 21:04 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-11 21:04 - 2014-08-28 00:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 21:04 - 2014-08-28 00:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 19:42 - 2017-02-06 09:57 - 00000000 ____D C:\Users\Bíba\AppData\Local\CrashDumps
2017-04-11 15:02 - 2016-07-23 10:28 - 00004592 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 14:02 - 2016-12-23 00:44 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-08 00:40 - 2016-06-05 01:10 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Battle.net
2017-04-07 22:10 - 2016-06-05 01:12 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-04-07 21:50 - 2016-06-05 01:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-05 08:13 - 2016-07-23 10:28 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458712455
2017-04-05 08:13 - 2016-03-23 07:54 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-04 19:20 - 2017-03-09 23:43 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-04-04 19:20 - 2016-03-23 07:53 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-04 11:41 - 2016-11-12 00:54 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-04-01 21:05 - 2015-10-30 09:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 21:05 - 2015-10-30 09:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-01 15:13 - 2016-07-23 10:59 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-31 01:13 - 2016-07-23 10:28 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1423217291
2017-03-31 01:13 - 2015-02-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-31 01:13 - 2015-02-06 12:07 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-28 11:15 - 2016-04-27 08:52 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-23 12:49 - 2016-11-12 08:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Canon
2017-03-19 10:54 - 2016-07-22 21:51 - 00000000 ____D C:\Users\Golfstar\AppData\Roaming\Andy
2017-03-18 23:49 - 2015-03-07 14:20 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2017-03-18 23:48 - 2015-03-07 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2017-03-18 23:46 - 2016-07-23 13:13 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Packages
2017-03-18 23:46 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-18 23:38 - 2015-01-02 12:49 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-03-17 20:22 - 2015-10-29 23:06 - 00000000 ____D C:\ProgramData\Apple
2017-03-17 20:22 - 2014-08-28 21:22 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-17 20:21 - 2017-03-07 13:42 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-17 08:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

==================== Files in the root of some directories =======

2016-09-02 00:12 - 2016-09-02 00:12 - 0001907 _____ () C:\Users\Golfstar\AppData\Local\recently-used.xbel
2016-09-04 22:31 - 2016-09-04 22:31 - 0000017 _____ () C:\Users\Golfstar\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-03-18 23:42 - 2016-07-21 22:32 - 0949784 _____ (BlueStack Systems, Inc.) C:\Users\Golfstar\AppData\Local\Temp\BluestacksUninstaller.exe
2017-04-11 22:29 - 2013-11-12 17:48 - 0692632 _____ (Happy Cloud, Inc.) C:\Users\Golfstar\AppData\Local\Temp\hcuninstaller_20170411_222929_4428.exe
2017-03-18 23:42 - 2016-07-21 22:31 - 0187416 _____ (BlueStack Systems) C:\Users\Golfstar\AppData\Local\Temp\HD-LibraryHandler.dll
2017-03-18 23:42 - 2016-07-21 22:29 - 0246808 _____ (BlueStack Systems) C:\Users\Golfstar\AppData\Local\Temp\HD-Logger-Native.dll
2016-10-28 02:49 - 2016-10-28 02:49 - 0737856 _____ (Oracle Corporation) C:\Users\Golfstar\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-03-12 10:12 - 2017-03-12 10:12 - 0739904 _____ (Oracle Corporation) C:\Users\Golfstar\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-11-12 00:39 - 2015-01-19 19:48 - 1126480 ____N (CANON INC.) C:\Users\Golfstar\AppData\Local\Temp\MSETUP4.EXE
2014-08-28 22:51 - 2014-07-02 19:44 - 1214048 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvSCPAPI.dll
2014-08-28 22:51 - 2014-07-02 19:44 - 1398936 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvSCPAPI64.dll
2016-09-04 22:37 - 2014-07-02 19:44 - 0826712 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvStInst.exe
2017-03-19 10:53 - 2016-07-19 22:14 - 1328792 _____ (Andy OS, inc.) C:\Users\Golfstar\AppData\Local\Temp\RemoveTemp.exe
2017-03-15 21:20 - 2017-03-15 21:20 - 14456872 _____ (Microsoft Corporation) C:\Users\Golfstar\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-13 08:09

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
ShellExecuteHooks: No Name - {06BF8910-FD96-11E6-8F65-64006A5CFC23} - C:\Program Files (x86)\Votyphalury\Nacerph.dll -> No File
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Edge HomeButtonPage: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> hxxp://www.startpageing123.com/?type=hp ... J10XC18949
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?ty ... 0345503&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
CHR Profile: C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-12] <==== ATTENTION
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\WINDOWS\system32\ApnDatabase.xml
C:\Program Files (x86)\58CC2944_cacayima
C:\Users\Golfstar\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-04-2017
Ran by Golfstar (16-04-2017 18:18:10) Run:1
Running from C:\Users\Golfstar\Desktop
Loaded Profiles: Golfstar (Available Profiles: Golfstar & Bíba)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
ShellExecuteHooks: No Name - {06BF8910-FD96-11E6-8F65-64006A5CFC23} - C:\Program Files (x86)\Votyphalury\Nacerph.dll -> No File
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Edge HomeButtonPage: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> hxxp://www.startpageing123.com/?type=hp ... J10XC18949
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?ty ... 0345503&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
CHR Profile: C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-12] <==== ATTENTION
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\WINDOWS\system32\ApnDatabase.xml
C:\Program Files (x86)\58CC2944_cacayima
C:\Users\Golfstar\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{06BF8910-FD96-11E6-8F65-64006A5CFC23} => value removed successfully
HKCR\CLSID\{06BF8910-FD96-11E6-8F65-64006A5CFC23} => key not found.
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => value removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\wpcsvc => key removed successfully
wpcsvc => service removed successfully
C:\WINDOWS\system32\ApnDatabase.xml => moved successfully
C:\Program Files (x86)\58CC2944_cacayima => moved successfully

"C:\Users\Golfstar\AppData\Local\Temp" folder move:

Could not move "C:\Users\Golfstar\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 407048496 B
Java, Flash, Steam htmlcache => 14717 B
Windows/system/drivers => 239717056 B
Edge => 6845726 B
Chrome => 0 B
Firefox => 87957722 B
Opera => 470558122 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 109541376 B
LocalService => 65150 B
NetworkService => 5464 B
Golfstar => 5272689196 B
Bíba => 742330183 B
DefaultAppPool => 0 B

RecycleBin => 853 B
EmptyTemp: => 6.8 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-04-2017 18:25:56)

C:\Users\Golfstar\AppData\Local\Temp => moved successfully

==== End of Fixlog 18:26:05 ====

Bohužel tu stále něco mám.
Po otevření prohlížeče pro vložení logu se mi hned snažili naběhnout nějaké reklamy a startovací stránka byla zase nějaká luckisite123.com. proto přikládám nový FRXT log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-04-2017
Ran by Golfstar (administrator) on GOLFSTAR1 (16-04-2017 18:32:02)
Running from C:\Users\Golfstar\Desktop
Loaded Profiles: Golfstar (Available Profiles: Golfstar & Bíba)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


==================== Registry (Whitelisted) ====================

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{2a80756e-0938-4e11-99d0-0754bab631cf}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{71c2fb54-53e8-4da4-bf47-85d8ac52238d}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> {4E739F84-3E81-4553-A622-9A839958943C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-12] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)

FireFox:
========
FF ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756 [2017-04-16]
FF Extension: (Disable Prefetch) - C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\features\{0b819a28-c59a-46e0-8f69-ea58ef041fba}\disable-prefetch@mozilla.org.xpi [2017-04-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Golfstar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-03-28] (BitRaider, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-19] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-19] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-03-28] (BitRaider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-05] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-16 18:25 - 2017-04-16 18:25 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-16 18:18 - 2017-04-16 18:26 - 00005681 _____ C:\Users\Golfstar\Desktop\Fixlog.txt
2017-04-16 18:17 - 2017-04-16 18:17 - 00000000 ____D C:\Users\Golfstar\Desktop\FRST-OlderVersion
2017-04-16 15:36 - 2017-04-16 15:36 - 00046990 _____ C:\Users\Golfstar\Downloads\00000000015101238840_255036339_20170331_3_MCZS.pdf
2017-04-15 01:46 - 2017-04-16 18:32 - 00010372 _____ C:\Users\Golfstar\Desktop\FRST.txt
2017-04-15 00:39 - 2017-04-15 00:39 - 00058707 _____ C:\Users\Golfstar\Desktop\FRST3.txt
2017-04-15 00:38 - 2017-04-16 13:28 - 00052712 _____ C:\Users\Golfstar\Desktop\Addition.txt
2017-04-15 00:35 - 2017-04-16 18:32 - 00000000 ____D C:\FRST
2017-04-15 00:29 - 2017-04-16 18:17 - 02424320 _____ (Farbar) C:\Users\Golfstar\Desktop\FRST64.exe
2017-04-15 00:01 - 2017-04-15 00:01 - 00001031 _____ C:\Users\Golfstar\Desktop\RegCleaner.lnk
2017-04-15 00:01 - 2017-04-15 00:01 - 00000000 ____D C:\Program Files (x86)\RegCleaner
2017-04-12 19:11 - 2017-04-16 12:26 - 00000000 ____D C:\AdwCleaner
2017-04-12 19:11 - 2017-04-12 19:11 - 04089296 _____ C:\Users\Golfstar\Desktop\adwcleaner_6.045.exe
2017-04-12 19:03 - 2017-04-15 00:20 - 00000555 _____ C:\Users\Golfstar\Desktop\JRT.txt
2017-04-11 21:43 - 2017-04-11 21:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(2).exe
2017-04-11 21:04 - 2017-04-11 21:04 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-11 20:26 - 2017-03-28 10:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 20:26 - 2017-03-28 10:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 20:26 - 2017-03-28 09:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:26 - 2017-03-28 09:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-11 20:26 - 2017-03-28 09:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-11 20:26 - 2017-03-28 09:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 20:26 - 2017-03-28 09:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 20:26 - 2017-03-28 09:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-11 20:26 - 2017-03-28 08:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 20:26 - 2017-03-28 08:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 20:26 - 2017-03-28 08:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 20:26 - 2017-03-28 08:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 20:26 - 2017-03-28 08:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-11 20:26 - 2017-03-28 07:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 20:26 - 2017-03-28 07:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 20:26 - 2017-03-28 07:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-11 20:26 - 2017-03-28 07:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:26 - 2017-03-28 07:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-11 20:26 - 2017-03-28 07:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 20:26 - 2017-03-28 07:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-11 20:26 - 2017-03-28 07:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-11 20:26 - 2017-03-28 07:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 20:26 - 2017-03-28 07:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 20:26 - 2017-03-28 07:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 20:26 - 2017-03-28 07:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 20:26 - 2017-03-28 06:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-11 20:26 - 2017-03-28 06:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-11 20:26 - 2017-03-28 06:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 20:26 - 2017-03-28 06:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 20:26 - 2017-03-18 18:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 12:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-11 20:25 - 2017-03-28 12:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 20:25 - 2017-03-28 11:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-11 20:25 - 2017-03-28 11:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:25 - 2017-03-28 11:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-11 20:25 - 2017-03-28 11:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 20:25 - 2017-03-28 11:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-11 20:25 - 2017-03-28 10:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 20:25 - 2017-03-28 10:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 20:25 - 2017-03-28 10:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 10:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 20:25 - 2017-03-28 10:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 20:25 - 2017-03-28 10:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 20:25 - 2017-03-28 09:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 09:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 09:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 20:25 - 2017-03-28 09:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 09:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 20:25 - 2017-03-28 09:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-11 20:25 - 2017-03-28 09:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 20:25 - 2017-03-28 09:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 09:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 20:25 - 2017-03-28 09:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 20:25 - 2017-03-28 09:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-11 20:25 - 2017-03-28 09:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 09:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 09:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:25 - 2017-03-28 08:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-11 20:25 - 2017-03-28 08:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 20:25 - 2017-03-28 08:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 20:25 - 2017-03-28 08:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 08:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 08:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 20:25 - 2017-03-28 08:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 08:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-11 20:25 - 2017-03-28 08:42 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-04-11 20:25 - 2017-03-28 08:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 20:25 - 2017-03-28 08:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-11 20:25 - 2017-03-28 08:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 08:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 20:25 - 2017-03-28 08:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 20:25 - 2017-03-28 08:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 20:25 - 2017-03-28 08:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-11 20:25 - 2017-03-28 07:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 07:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 07:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 20:25 - 2017-03-28 07:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 07:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 07:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-11 20:25 - 2017-03-28 07:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-11 20:25 - 2017-03-28 07:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 07:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 07:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 20:25 - 2017-03-28 07:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 20:25 - 2017-03-28 07:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 20:25 - 2017-03-28 06:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-11 20:25 - 2017-03-28 06:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 20:25 - 2017-03-28 06:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 20:25 - 2017-03-18 22:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 20:24 - 2017-03-28 12:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 20:24 - 2017-03-28 12:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 20:24 - 2017-03-28 12:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-11 20:24 - 2017-03-28 11:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-11 20:24 - 2017-03-28 11:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 20:24 - 2017-03-28 11:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-11 20:24 - 2017-03-28 11:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-11 20:24 - 2017-03-28 11:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-11 20:24 - 2017-03-28 10:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 20:24 - 2017-03-28 10:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 20:24 - 2017-03-28 10:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 20:24 - 2017-03-28 10:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 20:24 - 2017-03-28 10:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-11 20:24 - 2017-03-28 09:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-11 20:24 - 2017-03-28 09:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 20:24 - 2017-03-28 09:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 20:24 - 2017-03-28 09:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 20:24 - 2017-03-28 09:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 09:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-11 20:24 - 2017-03-28 09:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 20:24 - 2017-03-28 09:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-11 20:24 - 2017-03-28 09:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 20:24 - 2017-03-28 09:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 20:24 - 2017-03-28 09:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 20:24 - 2017-03-28 09:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 20:24 - 2017-03-28 08:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-11 20:24 - 2017-03-28 08:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-11 20:24 - 2017-03-28 08:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 20:24 - 2017-03-28 08:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-11 20:24 - 2017-03-28 08:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 20:24 - 2017-03-28 08:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 20:24 - 2017-03-28 08:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 07:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-11 20:24 - 2017-03-28 07:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-11 20:24 - 2017-03-28 07:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-08 19:26 - 2017-04-08 19:26 - 00645990 _____ C:\Users\Golfstar\Documents\Souhlas Mačeta.pdf
2017-04-08 19:25 - 2017-04-08 19:25 - 00672790 _____ C:\Users\Golfstar\Documents\Souhlas Azimut.pdf
2017-04-08 19:18 - 2017-04-08 19:18 - 00580455 _____ C:\Users\Golfstar\Documents\Souhlas Robin.pdf
2017-04-08 19:09 - 2017-04-08 19:09 - 01061427 _____ C:\Users\Golfstar\Downloads\ZkracenyVypis_1585.pdf
2017-04-08 13:25 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace (1).pdf
2017-04-08 13:24 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace.pdf
2017-04-08 13:15 - 2017-04-08 13:15 - 01576714 _____ C:\Users\Golfstar\Downloads\SouhlasyKandidatu_1585.zip
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default\AppData\Local\AMD
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-12 00:08 - 00000000 ____D C:\Users\Golfstar\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-07 07:45 - 00000000 ____D C:\Update
2017-04-07 07:43 - 2017-04-10 20:00 - 00000000 ____D C:\Program Files\MK
2017-04-07 07:43 - 2017-04-07 10:41 - 00000000 ____D C:\Program Files (x86)\{D00F2D36-EBED-4E47-9EBE-596D00DB7668}
2017-04-06 23:37 - 2017-04-06 23:37 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-04-06 23:34 - 2017-04-06 23:35 - 164764280 _____ (Sophos Limited) C:\Users\Golfstar\Downloads\Sophos Virus Removal Tool (1).exe
2017-04-06 23:32 - 2017-04-06 23:32 - 00000000 ____D C:\ProgramData\Sophos
2017-04-06 23:30 - 2017-04-12 19:01 - 01663904 _____ (Malwarebytes) C:\Users\Golfstar\Downloads\JRT.exe
2017-04-06 22:14 - 2017-04-06 22:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-06 22:12 - 2017-04-06 22:22 - 00136962 _____ C:\WINDOWS\ntbtlog.txt
2017-04-04 19:20 - 2017-04-04 19:20 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-04-03 20:45 - 2017-04-03 21:38 - 471699570 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E16.cz.tit..avi
2017-04-01 15:13 - 2017-04-01 15:13 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-29 21:00 - 2017-03-29 21:18 - 334823390 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E15.cz.tit..avi
2017-03-29 19:44 - 2017-03-29 20:04 - 356193958 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E14.cz.tit..avi
2017-03-29 19:13 - 2017-03-29 19:43 - 524679426 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E13.cz.tit..avi
2017-03-28 21:45 - 2017-03-28 22:16 - 527046222 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E12.cz.tit..avi
2017-03-28 21:11 - 2017-03-28 21:35 - 408304714 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E11.cz.tit..avi
2017-03-27 23:03 - 2017-03-27 23:38 - 626845494 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E10.cz.tit..avi
2017-03-27 22:38 - 2017-03-27 22:59 - 314294272 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E09.cz-tit.avi
2017-03-19 18:55 - 2017-03-19 18:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(1).exe
2017-03-17 20:22 - 2017-04-12 19:17 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-17 20:22 - 2017-03-17 20:22 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Program Files (x86)\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\3

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-16 18:28 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-16 18:25 - 2016-07-23 13:13 - 00000008 __RSH C:\Users\Golfstar\ntuser.pol
2017-04-16 18:25 - 2016-07-23 10:08 - 00000000 ____D C:\Users\Golfstar
2017-04-16 18:24 - 2016-07-23 10:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-16 18:24 - 2016-04-27 08:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-16 18:24 - 2015-06-18 06:31 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job
2017-04-16 18:24 - 2015-06-18 06:31 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job
2017-04-16 18:23 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-04-16 18:20 - 2016-11-22 00:02 - 00000000 ____D C:\Users\Golfstar\AppData\LocalLow\Temp
2017-04-16 18:18 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-16 16:27 - 2014-09-22 13:21 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job
2017-04-16 15:36 - 2016-11-12 00:54 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-04-16 13:40 - 2014-11-29 23:30 - 00000000 ____D C:\Users\Golfstar\Documents\Skaut
2017-04-16 13:27 - 2014-09-22 13:21 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job
2017-04-16 12:22 - 2016-07-23 10:07 - 02039786 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-16 12:22 - 2016-04-27 08:11 - 00843726 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-16 12:22 - 2016-04-27 08:11 - 00192740 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-16 12:22 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2017-04-15 08:41 - 2014-09-02 18:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Skype
2017-04-15 07:51 - 2016-12-15 08:15 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-15 07:51 - 2016-07-30 10:53 - 00002427 _____ C:\Users\Bíba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-15 07:51 - 2016-07-30 10:53 - 00000000 ___RD C:\Users\Bíba\OneDrive
2017-04-14 23:05 - 2016-07-23 13:18 - 00002439 _____ C:\Users\Golfstar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 23:05 - 2016-07-23 13:18 - 00000000 ___RD C:\Users\Golfstar\OneDrive
2017-04-13 23:34 - 2015-02-06 12:11 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2
2017-04-13 23:32 - 2014-08-28 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-13 23:23 - 2016-11-19 00:10 - 00000000 ____D C:\Users\Golfstar\AppData\LocalLow\Mozilla
2017-04-13 23:18 - 2016-07-23 10:28 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 23:18 - 2015-11-10 07:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 23:18 - 2014-12-22 14:16 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-13 07:08 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-13 07:02 - 2016-11-19 08:43 - 00000000 ____D C:\Users\Bíba\AppData\LocalLow\Mozilla
2017-04-12 19:28 - 2017-03-10 09:32 - 00000000 ____D C:\Users\Golfstar\Downloads\backups
2017-04-12 19:23 - 2017-03-09 23:43 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\Kyubey
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Kyubey
2017-04-12 07:12 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-12 04:26 - 2016-04-27 09:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-12 00:08 - 2014-12-22 14:16 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-11 22:29 - 2014-08-29 00:16 - 00000000 ____D C:\ProgramData\Turbine
2017-04-11 22:29 - 2014-08-29 00:15 - 00000000 ____D C:\ProgramData\HappyCloud
2017-04-11 22:27 - 2014-08-30 23:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-11 22:26 - 2016-09-04 21:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-04-11 22:25 - 2016-07-23 10:28 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 22:25 - 2016-07-23 10:28 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 21:49 - 2016-04-26 23:46 - 04780000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-11 21:41 - 2016-09-09 00:12 - 00000000 ____D C:\Users\Golfstar\AppData\Local\CrashDumps
2017-04-11 21:41 - 2015-01-17 21:25 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-11 21:04 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-11 21:04 - 2014-08-28 00:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 21:04 - 2014-08-28 00:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 19:42 - 2017-02-06 09:57 - 00000000 ____D C:\Users\Bíba\AppData\Local\CrashDumps
2017-04-11 15:02 - 2016-07-23 10:28 - 00004592 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 14:02 - 2016-12-23 00:44 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-08 00:40 - 2016-06-05 01:10 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Battle.net
2017-04-07 22:10 - 2016-06-05 01:12 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-04-07 21:50 - 2016-06-05 01:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-05 08:13 - 2016-07-23 10:28 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458712455
2017-04-05 08:13 - 2016-03-23 07:54 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-04 19:20 - 2017-03-09 23:43 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-04-04 19:20 - 2016-03-23 07:53 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-01 21:05 - 2015-10-30 09:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 21:05 - 2015-10-30 09:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-01 15:13 - 2016-07-23 10:59 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-31 01:13 - 2016-07-23 10:28 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1423217291
2017-03-31 01:13 - 2015-02-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-31 01:13 - 2015-02-06 12:07 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-28 11:15 - 2016-04-27 08:52 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-23 12:49 - 2016-11-12 08:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Canon
2017-03-19 10:54 - 2016-07-22 21:51 - 00000000 ____D C:\Users\Golfstar\AppData\Roaming\Andy
2017-03-18 23:49 - 2015-03-07 14:20 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2017-03-18 23:48 - 2015-03-07 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2017-03-18 23:46 - 2016-07-23 13:13 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Packages
2017-03-18 23:46 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-18 23:38 - 2015-01-02 12:49 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-03-17 20:22 - 2015-10-29 23:06 - 00000000 ____D C:\ProgramData\Apple
2017-03-17 20:22 - 2014-08-28 21:22 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-17 20:21 - 2017-03-07 13:42 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-17 08:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

==================== Files in the root of some directories =======

2016-09-02 00:12 - 2016-09-02 00:12 - 0001907 _____ () C:\Users\Golfstar\AppData\Local\recently-used.xbel
2016-09-04 22:31 - 2016-09-04 22:31 - 0000017 _____ () C:\Users\Golfstar\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-13 08:09

==================== End of FRST.txt ============================

Udělejte ještě tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Golfstar on ne 16.04.2017 at 21:59:09,79.
Microsoft Windows 10 Pro 10.0.10586 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Golfstar\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16.4.2017 22:02:53 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\{D00F2D36-EBED-4E47-9EBE-596D00DB7668} deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\Turbine deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\Golfstar\AppData\Local\ActiveSync deleted successfully
C:\Users\Golfstar\AppData\Local\AMD deleted successfully
C:\Users\Golfstar\AppData\Local\EmieSiteList deleted successfully
C:\Users\Golfstar\AppData\Local\EmieUserList deleted successfully
C:\Users\Golfstar\AppData\Local\PDFCreator deleted successfully
C:\Users\Golfstar\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Golfstar\AppData\Local\Skype deleted successfully
C:\Users\BBA~1\AppData\Local\ActiveSync deleted successfully
C:\Users\BBA~1\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\BBA~1\AppData\Local\EmieSiteList deleted successfully
C:\Users\BBA~1\AppData\Local\EmieUserList deleted successfully
C:\Users\BBA~1\AppData\Local\PDFCreator deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/?bcutc=sp-006");
user_pref("browser.search.defaulturl", "https://www.google.com/search?bcutc=sp-006");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "https://www.google.com/search?bcutc=sp-006");

Added to C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Golfstar\AppData\Roaming\Profiles\Wijush.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.youndoo.com/?z=28c047374919b ... 03&type=hp");
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.newtab.url", "http://www.youndoo.com/?z=28c047374919b ... 03&type=hp");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.defaultenginename", "youndoo");
user_pref("browser.search.selectedEngine", "youndoo");
user_pref("browser.search.order.1", "Google (avast)");
user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006");

Added to C:\Users\Golfstar\AppData\Roaming\Profiles\Wijush.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\prefs.js:

Added to C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_16.04.2017_2317_.backup

ProfilePath: C:\Users\Golfstar\AppData\Roaming\Profiles\Wijush.default

user.js not found
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_16.04.2017_2317_.backup

ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_16.04.2017_2317_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SafeZoneStable\shell\open\command]
@="C:\\Program Files\\AVAST Software\\SZBrowser\\Launcher.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\{D00F2D36-EBED-4E47-9EBE-596D00DB7668} not found
C:\Users\Golfstar\.android deleted
C:\Users\BBA~1\.android deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Golfstar\AppData\Local\Unity deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-1702488835-1983202832-4074137989-1001 deleted
C:\Users\Golfstar\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Golfstar\AppData\Roaming\Profiles\Wijush.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF48" [04.04.2017 19:20]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF48" [04.04.2017 19:20]

==== Firefox Extensions ======================

ProfilePath: C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756
5971E6AA5ED20C181395D8E91AFC49A4 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll - Shockwave Flash
4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]

Chrome Media Router - Golfstar\AppData\Local\Ballduck\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Avast SafePrice - BBA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - BBA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Media Router - BBA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{4E739F84-3E81-4553-A622-9A839958943C} Google Url="https://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Preferences was reset successfully
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Secure Preferences was reset successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Web Data was reset successfully
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Web Data-journal was reset successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Golfstar\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Golfstar\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\BBA~1\AppData\Local\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Golfstar\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\BBA~1\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Cache emptied successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=879 folders=355 741234517 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Golfstar\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ne 16.04.2017 at 23:48:36,48 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by Golfstar (Administrator) on ne 16.04.2017 at 23:53:00,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 16.04.2017 at 23:55:07,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK. Změnilo se něco nyní?

Bohužel je to stále stejné - po otevření prohlížeče najede stránka luckysite123.com (či jak to bylo) a po kliknutí na jakýkoliv odkaz i zde na foru okamžitě naskočí nové okno s reklamou