prosím o kontrolu

[darkane]

Prosím o preventivní kontrolu. Na NB nic zvláštího nepozoruji, jen včera Windows Defender zahlásil malware.
Děkuji

Logfile of random's system information tool 1.14 (written by random/random)
Run by darkane at 2017-01-27 13:34:02
Microsoft Windows 10 Home
System drive C: has 342 GB (70%) free of 486 GB
Total RAM: 2961 MB (52% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:34:10, on 27.01.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files\trend micro\darkane_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\darkane\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\darkane\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\darkane\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
O4 - HKLM\..\Policies\Explorer\Run: [Adobe Flash Player] C:\ProgramData\Adobe\adobe_flash_player.exe /00000052
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11120 bytes

======Enumerating Processes======

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-6e105a06-65a3-4b9e-81e5-a1eda7277105 -SystemEventPortName:HostProcess-9073eb34-8611-4aa1-9726-eafac69573fc -IoCancelEventPortName:HostProcess-c9eb2048-2576-44ef-ac37-95484a566490 -NonStateChangingEventPortName:HostProcess-42d730b1-9296-492d-9c8b-4fe522aa6075 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d8da6a51-0d8a-4682-af64-8f18ae9e8793 -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-6547cf7f-ae40-48a2-a92d-eedd9c6a2bcd -SystemEventPortName:HostProcess-427ba4e0-35c9-4aab-9804-37848dbd7768 -IoCancelEventPortName:HostProcess-8ad5a758-27b3-4f11-8afb-54214181c153 -NonStateChangingEventPortName:HostProcess-294ef0e7-0443-497f-90ce-6deeb84d8ee8 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7b9e55ff-6dab-4d20-b90d-54933ce46e10 -DeviceGroupId:WpdFsGroup
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files\Elantech\ETDService.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\System Control Manager\MSIService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\sihost.exe
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -c
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
"C:\Program Files\Elantech\ETDCtrl.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\ProgramData\Adobe\adobe_flash_player.exe" /00000052
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe"
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\System32\fontdrvhost.exe
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
C:\Windows\System32\smartscreen.exe -Embedding
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe96_ Global\UsGthrCtrlFltPipeMssGthrPipe96 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\WINDOWS\system32\AUDIODG.EXE 0x60c
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 640 644 652 8192 648
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
"C:\Users\darkane\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\AutoKMS - C:\WINDOWS\AutoKMS\AutoKMS.exe
C:\WINDOWS\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\WINDOWS\system32\tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
C:\WINDOWS\system32\tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
C:\WINDOWS\system32\tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\WINDOWS\system32\tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\WINDOWS\system32\tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
C:\WINDOWS\system32\tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
C:\WINDOWS\system32\tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{505078B4-899D-4F28-BC03-C7C73D6D64A6} - C:\Windows\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\{014E0C7E-EFDF-41F2-B432-AE66CC42E41E} - "c:\windows\system32\launchwinapp.exe" http://ui.skype.com/ui/0/7.18.0.112/cs/ ... age=tsMain
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - C:\Windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.111.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default\addons.json
Youtube Mp3 Downloader - extension - 6asa42dfa4784fsf368g@youtubeconverter.me
Download YouTube Videos as MP4 - extension - {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}

C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default\extensions.json
Youtube Mp3 Downloader - extension - 6asa42dfa4784fsf368g@youtubeconverter.me - C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default\extensions\6asa42dfa4784fsf368g@youtubeconverter.me.xpi
Download YouTube Videos as MP4 - extension - {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
Adobe Acrobat DC - Create PDF - extension - web2pdfextension.15@web2pdf.adobedotcom - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
MEGA - extension - firefox@mega.co.nz - C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default\extensions\firefox@mega.co.nz.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default\pluginreg.dat
Plugin - AdobeAAMDetect - 1.0.0.0 - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
Plugin - Adobe Acrobat - 15.23.20053.15062 - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll
Plugin - Photo Gallery - 16.4.3528.331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Plugin - Microsoft Office 2010 - 14.0.4730.1010 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
Plugin - Microsoft Office 2010 - 14.0.4761.1000 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
Plugin - Java(TM) Platform SE 8 U111 - 11.111.2.14 - C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
Plugin - Java Deployment Toolkit 8.0.1110.14 - 11.111.2.14 - C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
Plugin - Shockwave Flash - 24.0.0.194 - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll
Plugin - Unity Player - 2.6.1.31223 - C:\Users\darkane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
Plugin - Roblox Launcher Plugin - 1.2.8.25 - C:\Users\darkane\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\NPRobloxProxy.dll

=========Google Chrome=========


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-05 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23 141496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-05 186944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23 141496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23 141496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2016-11-15 3366616]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01 508128]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-09-29 631808]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2017-01-20 1872320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Adobe Flash Player"=C:\ProgramData\Adobe\adobe_flash_player.exe [2015-08-03 112640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\darkane\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-09-29 554184]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-11-15 27230168]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-12-21 9292504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\darkane\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"=C:\WINDOWS\system32\cmd.exe [2016-07-16 232960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"MGSysCtrl"=C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2009-11-06 2244608]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22 587288]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [2016-12-23 1870928]
""= []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Adobe Flash Player"=C:\ProgramData\Adobe\adobe_flash_player.exe [2015-08-03 112640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=%SystemRoot%\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-27 13:34:03 ----D---- C:\Program Files\trend micro
2017-01-27 13:34:02 ----D---- C:\rsit
2017-01-25 12:00:50 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2017-01-25 12:00:50 ----A---- C:\WINDOWS\system32\poqexec.exe
2017-01-25 09:11:54 ----D---- C:\Program Files (x86)\ASIOProxy
2017-01-24 12:49:49 ----A---- C:\WINDOWS\SYSWOW64\vulkaninfo.exe
2017-01-24 12:49:49 ----A---- C:\WINDOWS\SYSWOW64\vulkan-1.dll
2017-01-24 12:49:49 ----A---- C:\WINDOWS\system32\vulkaninfo.exe
2017-01-24 12:49:49 ----A---- C:\WINDOWS\system32\vulkan-1.dll
2017-01-24 12:49:48 ----D---- C:\Program Files (x86)\VulkanRT
2017-01-24 11:38:11 ----A---- C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-24 11:38:09 ----A---- C:\WINDOWS\system32\nvspbridge64.dll
2017-01-24 11:38:08 ----A---- C:\WINDOWS\system32\nvspcap64.dll
2017-01-24 11:38:06 ----A---- C:\WINDOWS\SYSWOW64\nvspbridge.dll
2017-01-24 11:38:04 ----A---- C:\WINDOWS\SYSWOW64\nvspcap.dll
2017-01-24 11:36:52 ----A---- C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-24 11:36:52 ----A---- C:\WINDOWS\NvContainerRecovery.bat
2017-01-24 11:35:55 ----A---- C:\WINDOWS\system32\drivers\SET2FCA.tmp
2017-01-24 11:35:55 ----A---- C:\WINDOWS\system32\drivers\nvvhci.sys
2017-01-24 11:35:52 ----A---- C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-24 11:35:52 ----A---- C:\WINDOWS\system32\drivers\nvvad64v.sys
2017-01-24 11:35:51 ----A---- C:\WINDOWS\SYSWOW64\nvaudcap32v.dll
2017-01-19 15:35:25 ----D---- C:\Portables
2017-01-14 12:30:14 ----A---- C:\Users\darkane\AppData\Roaming\svshosts.exe
2017-01-14 12:30:04 ----SHD---- C:\ProgramData\Recycler
2017-01-14 10:49:02 ----D---- C:\Users\darkane\AppData\Roaming\dvdcss
2017-01-11 17:14:51 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 17:14:50 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 17:14:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2017-01-11 17:14:48 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 17:14:48 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 17:14:48 ----A---- C:\WINDOWS\system32\mfcore.dll
2017-01-11 17:14:47 ----A---- C:\WINDOWS\SYSWOW64\StoreAgent.dll
2017-01-11 17:14:47 ----A---- C:\WINDOWS\SYSWOW64\InstallAgentUserBroker.exe
2017-01-11 17:14:47 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2017-01-11 17:14:47 ----A---- C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 17:14:47 ----A---- C:\WINDOWS\system32\d2d1.dll
2017-01-11 17:14:46 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 17:14:46 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 17:14:45 ----A---- C:\WINDOWS\system32\rdpcore.dll
2017-01-11 17:14:45 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 17:14:45 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 17:14:45 ----A---- C:\WINDOWS\system32\aeinv.dll
2017-01-11 17:14:43 ----A---- C:\WINDOWS\system32\mstscax.dll
2017-01-11 17:14:43 ----A---- C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.CredDialogController.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BioFeedback.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\system32\wuuhext.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\system32\rdpencom.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\system32\D3D12.dll
2017-01-11 17:14:41 ----A---- C:\WINDOWS\SYSWOW64\offlinesam.dll
2017-01-11 17:14:41 ----A---- C:\WINDOWS\system32\wuaueng.dll
2017-01-11 17:14:41 ----A---- C:\WINDOWS\system32\winlogon.exe
2017-01-11 17:14:41 ----A---- C:\WINDOWS\system32\sppobjs.dll
2017-01-11 17:14:41 ----A---- C:\WINDOWS\system32\samsrv.dll
2017-01-11 17:14:41 ----A---- C:\WINDOWS\system32\offlinesam.dll
2017-01-11 17:14:41 ----A---- C:\WINDOWS\system32\lsasrv.dll
2017-01-11 17:14:40 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2017-01-11 17:14:40 ----A---- C:\WINDOWS\SYSWOW64\aclui.dll
2017-01-11 17:14:40 ----A---- C:\WINDOWS\system32\shell32.dll
2017-01-11 17:14:39 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2017-01-11 17:14:38 ----A---- C:\WINDOWS\system32\wuapi.dll
2017-01-11 17:14:38 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2017-01-11 17:14:37 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2017-01-11 17:14:37 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2017-01-11 17:14:37 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 17:14:37 ----A---- C:\WINDOWS\system32\msv1_0.dll
2017-01-11 17:14:37 ----A---- C:\WINDOWS\system32\kerberos.dll
2017-01-11 17:14:37 ----A---- C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\SYSWOW64\cryptui.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\system32\wow64.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\system32\WinSCard.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\system32\cryptui.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\system32\certprop.dll
2017-01-11 17:14:35 ----A---- C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 17:14:34 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 17:14:34 ----A---- C:\WINDOWS\SYSWOW64\indexeddbserver.dll
2017-01-11 17:14:34 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2017-01-11 17:14:34 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2017-01-11 17:14:33 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2017-01-11 17:14:33 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2017-01-11 17:14:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2017-01-11 17:14:31 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2017-01-11 17:14:31 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:14:30 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2017-01-11 17:14:30 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2017-01-11 17:14:29 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2017-01-11 17:14:29 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 17:14:28 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2017-01-11 17:14:28 ----A---- C:\WINDOWS\system32\win32kbase.sys
2017-01-11 17:14:28 ----A---- C:\WINDOWS\system32\Chakra.dll
2017-01-11 17:14:27 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2017-01-11 17:14:27 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 17:14:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2017-01-11 17:14:26 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 17:14:26 ----A---- C:\WINDOWS\system32\mshtml.dll
2017-01-11 17:14:26 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 17:14:25 ----A---- C:\WINDOWS\system32\winmde.dll
2017-01-11 17:14:25 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 17:14:25 ----A---- C:\WINDOWS\system32\twinui.dll
2017-01-11 17:14:25 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 17:14:24 ----A---- C:\WINDOWS\system32\edgehtml.dll
2017-01-11 17:14:21 ----A---- C:\WINDOWS\system32\aadtb.dll
2017-01-11 17:14:18 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:14:18 ----A---- C:\WINDOWS\system32\usocore.dll
2017-01-11 17:14:17 ----A---- C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:14:17 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 17:14:17 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 17:14:16 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2017-01-11 17:14:16 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2017-01-11 17:14:16 ----A---- C:\WINDOWS\SYSWOW64\LaunchWinApp.exe
2017-01-11 17:14:16 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 17:14:16 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 17:14:15 ----A---- C:\WINDOWS\system32\rdpudd.dll
2017-01-11 17:14:14 ----A---- C:\WINDOWS\SYSWOW64\SyncSettings.dll
2017-01-11 17:14:14 ----A---- C:\WINDOWS\SYSWOW64\rdpencom.dll
2017-01-11 17:14:14 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2017-01-11 17:14:14 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2017-01-11 17:14:14 ----A---- C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 17:14:14 ----A---- C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 17:14:13 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2017-01-11 17:14:13 ----A---- C:\WINDOWS\SYSWOW64\LogonController.dll
2017-01-11 17:14:13 ----A---- C:\WINDOWS\SYSWOW64\CloudBackupSettings.dll
2017-01-11 17:14:13 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 17:14:13 ----A---- C:\WINDOWS\system32\win32kfull.sys
2017-01-11 17:14:13 ----A---- C:\WINDOWS\system32\win32k.sys
2017-01-11 17:14:12 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2017-01-11 17:14:12 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 17:14:12 ----A---- C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 17:14:12 ----A---- C:\WINDOWS\system32\SRH.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\dosvc.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\domgmt.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\audiosrv.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\AudioSes.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\AudioEng.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\aclui.dll
2017-01-11 17:14:10 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 17:14:10 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 17:14:10 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 17:14:10 ----A---- C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 17:14:10 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 17:14:10 ----A---- C:\WINDOWS\system32\ClipUp.exe
2017-01-11 17:14:09 ----A---- C:\WINDOWS\SYSWOW64\mfnetsrc.dll
2017-01-11 17:14:09 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2017-01-11 17:14:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 17:14:08 ----A---- C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 17:14:08 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 17:14:08 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2017-01-11 17:14:07 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2017-01-11 17:14:07 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 17:14:06 ----A---- C:\WINDOWS\SYSWOW64\mfnetcore.dll
2017-01-11 17:14:06 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2017-01-11 17:14:06 ----A---- C:\WINDOWS\SYSWOW64\MCRecvSrc.dll
2017-01-11 17:14:06 ----A---- C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 17:14:06 ----A---- C:\WINDOWS\system32\cloudAP.dll
2017-01-11 17:14:05 ----A---- C:\WINDOWS\system32\winsrv.dll
2017-01-11 17:14:05 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 17:14:05 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 17:14:05 ----A---- C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 17:14:05 ----A---- C:\WINDOWS\system32\fhcfg.dll
2017-01-11 17:14:05 ----A---- C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 17:14:04 ----A---- C:\WINDOWS\system32\securekernel.exe
2017-01-11 17:14:04 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 17:14:04 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2017-01-11 17:13:58 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 17:13:57 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 17:13:56 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2017-01-11 17:13:55 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2017-01-11 17:13:55 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2017-01-11 17:13:54 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2017-01-11 17:13:54 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2017-01-11 17:13:54 ----A---- C:\WINDOWS\system32\LogonController.dll
2017-01-11 17:13:52 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2017-01-11 17:13:52 ----A---- C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 17:13:52 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 17:13:51 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2017-01-11 17:13:51 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2017-01-11 17:13:51 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 17:13:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:13:50 ----A---- C:\WINDOWS\system32\provengine.dll
2017-01-11 17:13:48 ----A---- C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 17:13:48 ----A---- C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 17:13:47 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2017-01-11 17:13:47 ----A---- C:\WINDOWS\system32\KnobsCsp.dll
2017-01-07 12:54:05 ----A---- C:\WINDOWS\SYSWOW64\NlsLexicons0009.dll
2017-01-07 12:54:05 ----A---- C:\WINDOWS\SYSWOW64\NlsData0009.dll
2017-01-07 12:54:05 ----A---- C:\WINDOWS\system32\prm0009.dll
2017-01-07 12:54:05 ----A---- C:\WINDOWS\system32\NlsLexicons0009.dll
2017-01-07 12:54:05 ----A---- C:\WINDOWS\system32\NlsData0009.dll

======List of files/folders modified in the last 1 month======

2017-01-27 13:34:10 ----D---- C:\WINDOWS\Prefetch
2017-01-27 13:34:03 ----RD---- C:\Program Files
2017-01-27 13:33:53 ----D---- C:\Users\darkane\AppData\Roaming\Skype
2017-01-27 13:33:40 ----D---- C:\WINDOWS\Temp
2017-01-27 13:28:05 ----D---- C:\WINDOWS\system32\sru
2017-01-27 13:27:42 ----D---- C:\WINDOWS\INF
2017-01-27 13:27:42 ----D---- C:\WINDOWS\debug
2017-01-27 13:27:42 ----D---- C:\Windows
2017-01-27 13:18:37 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 13:18:36 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-01-27 13:16:14 ----RD---- C:\WINDOWS\Microsoft.NET
2017-01-27 13:15:18 ----D---- C:\WINDOWS\system32\SleepStudy
2017-01-27 12:30:36 ----HD---- C:\Program Files\WindowsApps
2017-01-27 12:30:32 ----D---- C:\WINDOWS\AppReadiness
2017-01-27 12:28:59 ----D---- C:\ProgramData\NVIDIA
2017-01-26 17:22:39 ----D---- C:\Users\darkane\AppData\Roaming\Mp3tag
2017-01-26 14:06:20 ----D---- C:\Users\darkane\AppData\Roaming\vlc
2017-01-26 11:19:00 ----SHD---- C:\System Volume Information
2017-01-26 11:04:42 ----D---- C:\WINDOWS\system32\config
2017-01-25 12:57:12 ----D---- C:\WINDOWS\CbsTemp
2017-01-25 12:57:04 ----D---- C:\WINDOWS\SysWOW64
2017-01-25 12:57:04 ----D---- C:\WINDOWS\System32
2017-01-25 12:56:59 ----D---- C:\WINDOWS\WinSxS
2017-01-25 11:54:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-25 11:52:01 ----D---- C:\ProgramData\NVIDIA Corporation
2017-01-25 11:51:37 ----D---- C:\WINDOWS\system32\Tasks
2017-01-25 11:51:18 ----D---- C:\WINDOWS\system32\DriverStore
2017-01-25 11:51:18 ----D---- C:\WINDOWS\system32\drivers
2017-01-25 11:51:18 ----D---- C:\WINDOWS\system32\CatRoot
2017-01-25 11:51:16 ----D---- C:\WINDOWS\system32\catroot2
2017-01-25 11:50:28 ----D---- C:\Program Files\NVIDIA Corporation
2017-01-25 11:50:25 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2017-01-25 09:11:54 ----RD---- C:\Program Files (x86)
2017-01-25 07:32:30 ----D---- C:\WINDOWS\LiveKernelReports
2017-01-23 07:55:44 ----D---- C:\WINDOWS\system32\Macromed
2017-01-23 07:55:41 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-01-20 10:47:59 ----SHDC---- C:\WINDOWS\Installer
2017-01-14 16:59:42 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2017-01-14 15:00:37 ----RSD---- C:\WINDOWS\Fonts
2017-01-14 14:59:48 ----AD---- C:\Program Files (x86)\Adobe
2017-01-14 14:52:56 ----D---- C:\WINDOWS\system32\drivers\etc
2017-01-14 12:30:04 ----HD---- C:\ProgramData
2017-01-13 17:54:59 ----D---- C:\Users\darkane\AppData\Roaming\Adobe
2017-01-12 10:05:20 ----D---- C:\WINDOWS\rescache
2017-01-11 19:02:11 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 19:02:10 ----D---- C:\WINDOWS\system32\wbem
2017-01-11 19:02:10 ----D---- C:\WINDOWS\system32\oobe
2017-01-11 19:02:09 ----D---- C:\WINDOWS\ShellExperiences
2017-01-11 19:02:08 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2017-01-11 19:02:08 ----D---- C:\WINDOWS\Provisioning
2017-01-11 19:02:08 ----D---- C:\Program Files\Internet Explorer
2017-01-11 19:02:08 ----D---- C:\Program Files (x86)\Internet Explorer
2017-01-11 18:48:21 ----D---- C:\WINDOWS\system32\MRT
2017-01-11 18:44:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-01-07 19:43:50 ----D---- C:\Users\darkane\AppData\Roaming\.minecraft
2017-01-07 16:41:20 ----D---- C:\WINDOWS\OCR
2017-01-07 11:58:04 ----D---- C:\WINDOWS\SoftwareDistribution
2017-01-06 09:11:31 ----D---- C:\Users\darkane\AppData\Roaming\AIMP

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R0 nvpciflt;nvpciflt; C:\WINDOWS\system32\DRIVERS\nvpciflt.sys [2016-12-09 48696]
R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-09-29 84992]
R3 ETD;@oem12.inf,%PS2DeviceDesc%;ELAN Input Device; C:\WINDOWS\system32\DRIVERS\ETD.sys [2016-11-15 588880]
R3 ETDSMBus;ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [2016-11-15 31816]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 18224]
R3 ibtfltcoex;@oem17.inf,%PROVIDER_NAME%;Intel Corporation; C:\WINDOWS\system32\DRIVERS\ibtfltcoex.sys [2015-07-01 79632]
R3 iwdbus;@oem14.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-01 38896]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\WINDOWS\System32\drivers\NETwew01.sys [2016-07-16 3343872]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmi.inf_amd64_ae396a6228d16bb2\nvlddmkm.sys [2016-12-09 14190528]
R3 nvvad_WaveExtensible;@oem1.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2017-01-06 47672]
R3 nvvhci;@oem24.inf,%ServiceDesc%;NVVHCI Enumerator Service; C:\WINDOWS\System32\drivers\nvvhci.sys [2017-01-20 57792]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-16 589824]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth stereo; C:\WINDOWS\system32\drivers\BthA2DP.sys [2016-09-15 168448]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2016-09-29 114176]
S3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth handsfree; C:\WINDOWS\system32\DRIVERS\BthHfAud.sys [2016-07-16 37376]
S3 BthLEEnum;@BthLEEnum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2016-09-15 249856]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2016-10-05 128512]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2016-11-11 967168]
S3 dg_ssudbus;@oem4.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-09-29 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-12-01 50160]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-09-23 192216]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-01-20 27584]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2016-07-16 183808]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 ssudmdm;@oem10.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-09-05 165504]
S3 ssudserd;@oem16.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudserd.sys [2016-09-05 165504]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-09-26 2207960]
R2 CDPUserSvc_5548ff5;CDPUserSvc_5548ff5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2016-11-15 144088]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2016-05-03 337888]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20 462784]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-12-02 458176]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-01-20 425408]
R2 OneSyncSvc_5548ff5;Hostitel synchronizace_5548ff5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\RMapi.dll
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\TimeBrokerServer.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=%SystemRoot%\System32\CDPUserSvc.dll
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll"=%SystemRoot%\system32\FrameServer.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\hvhostsvc.dll
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\irmon.dll
S3 MessagingService_5548ff5;Služba zasílání zpráv_5548ff5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-27 172488]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20 462784]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PimIndexMaintenanceSvc_5548ff5;Data kontaktů_5548ff5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

[Roli]

Zdravím, s tím nelegálním produktem od Microsoftu uděláme co ?

[darkane]

Zdravím. S kterým produktem Microsoftu? Asi odinstalovat?

[Roli]

Zdravím. S kterým produktem Microsoftu? Asi odinstalovat?

Nepoznám jestli jsou to Office nebo systém, ale v každém případě odinstalovat poté poprosím o aktuální log z Rsit.

[darkane]

nový log z Rsit
Logfile of random's system information tool 1.14 (written by random/random)
Run by darkane at 2017-01-30 19:07:35
Microsoft Windows 10 Home
System drive C: has 350 GB (72%) free of 486 GB
Total RAM: 2961 MB (50% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:07:42, on 30.01.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files\trend micro\darkane_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\darkane\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\darkane\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\darkane\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
O4 - HKLM\..\Policies\Explorer\Run: [Adobe Flash Player] C:\ProgramData\Adobe\adobe_flash_player.exe /00000052
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10131 bytes

======Enumerating Processes======

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ffa82c2b-5edd-495e-9ca9-cf103bdfa13b -SystemEventPortName:HostProcess-89be7eea-be53-48c8-b88f-afb4b5d4e71d -IoCancelEventPortName:HostProcess-830f5f83-2424-464d-826c-585e8eb0094e -NonStateChangingEventPortName:HostProcess-6089bb76-3f16-4c00-ad7a-5f80917bc4f7 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d68b6060-310b-471b-bc92-0915c4d34b6a -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b8659dbc-5705-4bdd-837e-950a6f419b4e -SystemEventPortName:HostProcess-96d46538-af51-40c1-882c-2b88a4804925 -IoCancelEventPortName:HostProcess-227587f0-ecd3-4452-b154-576a0e7f8ddb -NonStateChangingEventPortName:HostProcess-24fdedf9-14bf-44ae-a7b1-f8ee4fb7e378 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4813a173-eaef-4b6d-9ea3-1f3e90f108dc -DeviceGroupId:WpdFsGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
"C:\Program Files\Elantech\ETDService.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
"C:\Program Files (x86)\System Control Manager\MSIService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Elantech\ETDCtrl.exe"
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -c
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 648 652 660 8192 656
C:\Windows\System32\smartscreen.exe -Embedding
"C:\ProgramData\Adobe\adobe_flash_player.exe" /00000052
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe"
"C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\AUDIODG.EXE 0x2cc
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.7608.23501.0_x64__8wekyb3d8bbwe\HubTaskHost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.AppXczch7hf9576qpxqh411t8e5g6baj2p43.mca
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7812.42257.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
"C:\Users\darkane\Desktop\RSITx64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe"
"C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\WINDOWS\system32\conhost.exe 0x4

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\AutoKMS - C:\WINDOWS\AutoKMS\AutoKMS.exe
C:\WINDOWS\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\WINDOWS\system32\tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
C:\WINDOWS\system32\tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
C:\WINDOWS\system32\tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\WINDOWS\system32\tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\WINDOWS\system32\tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
C:\WINDOWS\system32\tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
C:\WINDOWS\system32\tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{505078B4-899D-4F28-BC03-C7C73D6D64A6} - C:\Windows\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\{014E0C7E-EFDF-41F2-B432-AE66CC42E41E} - "c:\windows\system32\launchwinapp.exe" http://ui.skype.com/ui/0/7.18.0.112/cs/ ... age=tsMain
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - C:\Windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.111.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default\addons.json
Youtube Mp3 Downloader - extension - 6asa42dfa4784fsf368g@youtubeconverter.me
Download YouTube Videos as MP4 - extension - {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}

C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default\extensions.json
Youtube Mp3 Downloader - extension - 6asa42dfa4784fsf368g@youtubeconverter.me - C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default\extensions\6asa42dfa4784fsf368g@youtubeconverter.me.xpi
Download YouTube Videos as MP4 - extension - {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
Adobe Acrobat DC - Create PDF - extension - web2pdfextension.15@web2pdf.adobedotcom - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
MEGA - extension - firefox@mega.co.nz - C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default\extensions\firefox@mega.co.nz.xpi

C:\Users\darkane\AppData\Roaming\Mozilla\Firefox\Profiles\6kn16a85.default\pluginreg.dat
Plugin - AdobeAAMDetect - 1.0.0.0 - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
Plugin - Adobe Acrobat - 15.23.20053.15062 - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll
Plugin - Photo Gallery - 16.4.3528.331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Plugin - Microsoft Office 2010 - 14.0.4730.1010 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
Plugin - Microsoft Office 2010 - 14.0.4761.1000 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
Plugin - Java(TM) Platform SE 8 U111 - 11.111.2.14 - C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
Plugin - Java Deployment Toolkit 8.0.1110.14 - 11.111.2.14 - C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
Plugin - Shockwave Flash - 24.0.0.194 - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll
Plugin - Unity Player - 2.6.1.31223 - C:\Users\darkane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
Plugin - Roblox Launcher Plugin - 1.2.8.25 - C:\Users\darkane\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\NPRobloxProxy.dll

=========Google Chrome=========


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-05 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23 141496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-05 186944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23 141496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23 141496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2016-11-15 3366616]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01 508128]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-09-29 631808]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2017-01-20 1872320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Adobe Flash Player"=C:\ProgramData\Adobe\adobe_flash_player.exe [2015-08-03 112640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\darkane\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-09-29 554184]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-12-20 27262432]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-12-21 9292504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\darkane\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"=C:\WINDOWS\system32\cmd.exe [2016-07-16 232960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"MGSysCtrl"=C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2009-11-06 2244608]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22 587288]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [2016-12-23 1870928]
""= []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Adobe Flash Player"=C:\ProgramData\Adobe\adobe_flash_player.exe [2015-08-03 112640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=%SystemRoot%\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-30 19:00:03 ----SHD---- C:\Config.Msi
2017-01-27 13:34:03 ----D---- C:\Program Files\trend micro
2017-01-27 13:34:02 ----D---- C:\rsit
2017-01-25 12:00:50 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2017-01-25 12:00:50 ----A---- C:\WINDOWS\system32\poqexec.exe
2017-01-25 09:11:54 ----D---- C:\Program Files (x86)\ASIOProxy
2017-01-24 12:49:49 ----A---- C:\WINDOWS\SYSWOW64\vulkaninfo.exe
2017-01-24 12:49:49 ----A---- C:\WINDOWS\SYSWOW64\vulkan-1.dll
2017-01-24 12:49:49 ----A---- C:\WINDOWS\system32\vulkaninfo.exe
2017-01-24 12:49:49 ----A---- C:\WINDOWS\system32\vulkan-1.dll
2017-01-24 12:49:48 ----D---- C:\Program Files (x86)\VulkanRT
2017-01-24 11:38:11 ----A---- C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-24 11:38:09 ----A---- C:\WINDOWS\system32\nvspbridge64.dll
2017-01-24 11:38:08 ----A---- C:\WINDOWS\system32\nvspcap64.dll
2017-01-24 11:38:06 ----A---- C:\WINDOWS\SYSWOW64\nvspbridge.dll
2017-01-24 11:38:04 ----A---- C:\WINDOWS\SYSWOW64\nvspcap.dll
2017-01-24 11:36:52 ----A---- C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-24 11:36:52 ----A---- C:\WINDOWS\NvContainerRecovery.bat
2017-01-24 11:35:55 ----A---- C:\WINDOWS\system32\drivers\nvvhci.sys
2017-01-24 11:35:52 ----A---- C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-24 11:35:52 ----A---- C:\WINDOWS\system32\drivers\nvvad64v.sys
2017-01-24 11:35:51 ----A---- C:\WINDOWS\SYSWOW64\nvaudcap32v.dll
2017-01-19 15:35:25 ----D---- C:\Portables
2017-01-14 12:30:14 ----A---- C:\Users\darkane\AppData\Roaming\svshosts.exe
2017-01-14 12:30:04 ----SHD---- C:\ProgramData\Recycler
2017-01-14 10:49:02 ----D---- C:\Users\darkane\AppData\Roaming\dvdcss
2017-01-11 17:14:51 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 17:14:50 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 17:14:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2017-01-11 17:14:48 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 17:14:48 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 17:14:48 ----A---- C:\WINDOWS\system32\mfcore.dll
2017-01-11 17:14:47 ----A---- C:\WINDOWS\SYSWOW64\StoreAgent.dll
2017-01-11 17:14:47 ----A---- C:\WINDOWS\SYSWOW64\InstallAgentUserBroker.exe
2017-01-11 17:14:47 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2017-01-11 17:14:47 ----A---- C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 17:14:47 ----A---- C:\WINDOWS\system32\d2d1.dll
2017-01-11 17:14:46 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 17:14:46 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 17:14:45 ----A---- C:\WINDOWS\system32\rdpcore.dll
2017-01-11 17:14:45 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 17:14:45 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 17:14:45 ----A---- C:\WINDOWS\system32\aeinv.dll
2017-01-11 17:14:43 ----A---- C:\WINDOWS\system32\mstscax.dll
2017-01-11 17:14:43 ----A---- C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.CredDialogController.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BioFeedback.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\system32\wuuhext.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\system32\rdpencom.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 17:14:42 ----A---- C:\WINDOWS\system32\D3D12.dll
2017-01-11 17:14:41 ----A---- C:\WINDOWS\SYSWOW64\offlinesam.dll
2017-01-11 17:14:41 ----A---- C:\WINDOWS\system32\wuaueng.dll
2017-01-11 17:14:41 ----A---- C:\WINDOWS\system32\winlogon.exe
2017-01-11 17:14:41 ----A---- C:\WINDOWS\system32\sppobjs.dll
2017-01-11 17:14:41 ----A---- C:\WINDOWS\system32\samsrv.dll
2017-01-11 17:14:41 ----A---- C:\WINDOWS\system32\offlinesam.dll
2017-01-11 17:14:41 ----A---- C:\WINDOWS\system32\lsasrv.dll
2017-01-11 17:14:40 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2017-01-11 17:14:40 ----A---- C:\WINDOWS\SYSWOW64\aclui.dll
2017-01-11 17:14:40 ----A---- C:\WINDOWS\system32\shell32.dll
2017-01-11 17:14:39 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2017-01-11 17:14:38 ----A---- C:\WINDOWS\system32\wuapi.dll
2017-01-11 17:14:38 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2017-01-11 17:14:37 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2017-01-11 17:14:37 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2017-01-11 17:14:37 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 17:14:37 ----A---- C:\WINDOWS\system32\msv1_0.dll
2017-01-11 17:14:37 ----A---- C:\WINDOWS\system32\kerberos.dll
2017-01-11 17:14:37 ----A---- C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\SYSWOW64\cryptui.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\system32\wow64.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\system32\WinSCard.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\system32\cryptui.dll
2017-01-11 17:14:36 ----A---- C:\WINDOWS\system32\certprop.dll
2017-01-11 17:14:35 ----A---- C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 17:14:34 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 17:14:34 ----A---- C:\WINDOWS\SYSWOW64\indexeddbserver.dll
2017-01-11 17:14:34 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2017-01-11 17:14:34 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2017-01-11 17:14:33 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2017-01-11 17:14:33 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2017-01-11 17:14:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2017-01-11 17:14:31 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2017-01-11 17:14:31 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:14:30 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2017-01-11 17:14:30 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2017-01-11 17:14:29 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2017-01-11 17:14:29 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 17:14:28 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2017-01-11 17:14:28 ----A---- C:\WINDOWS\system32\win32kbase.sys
2017-01-11 17:14:28 ----A---- C:\WINDOWS\system32\Chakra.dll
2017-01-11 17:14:27 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2017-01-11 17:14:27 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 17:14:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2017-01-11 17:14:26 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 17:14:26 ----A---- C:\WINDOWS\system32\mshtml.dll
2017-01-11 17:14:26 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 17:14:25 ----A---- C:\WINDOWS\system32\winmde.dll
2017-01-11 17:14:25 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 17:14:25 ----A---- C:\WINDOWS\system32\twinui.dll
2017-01-11 17:14:25 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 17:14:24 ----A---- C:\WINDOWS\system32\edgehtml.dll
2017-01-11 17:14:21 ----A---- C:\WINDOWS\system32\aadtb.dll
2017-01-11 17:14:18 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:14:18 ----A---- C:\WINDOWS\system32\usocore.dll
2017-01-11 17:14:17 ----A---- C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:14:17 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 17:14:17 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 17:14:16 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2017-01-11 17:14:16 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2017-01-11 17:14:16 ----A---- C:\WINDOWS\SYSWOW64\LaunchWinApp.exe
2017-01-11 17:14:16 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 17:14:16 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 17:14:15 ----A---- C:\WINDOWS\system32\rdpudd.dll
2017-01-11 17:14:14 ----A---- C:\WINDOWS\SYSWOW64\SyncSettings.dll
2017-01-11 17:14:14 ----A---- C:\WINDOWS\SYSWOW64\rdpencom.dll
2017-01-11 17:14:14 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2017-01-11 17:14:14 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2017-01-11 17:14:14 ----A---- C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 17:14:14 ----A---- C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 17:14:13 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2017-01-11 17:14:13 ----A---- C:\WINDOWS\SYSWOW64\LogonController.dll
2017-01-11 17:14:13 ----A---- C:\WINDOWS\SYSWOW64\CloudBackupSettings.dll
2017-01-11 17:14:13 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 17:14:13 ----A---- C:\WINDOWS\system32\win32kfull.sys
2017-01-11 17:14:13 ----A---- C:\WINDOWS\system32\win32k.sys
2017-01-11 17:14:12 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2017-01-11 17:14:12 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 17:14:12 ----A---- C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 17:14:12 ----A---- C:\WINDOWS\system32\SRH.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\dosvc.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\domgmt.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\audiosrv.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\AudioSes.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\AudioEng.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 17:14:11 ----A---- C:\WINDOWS\system32\aclui.dll
2017-01-11 17:14:10 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 17:14:10 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 17:14:10 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 17:14:10 ----A---- C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 17:14:10 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 17:14:10 ----A---- C:\WINDOWS\system32\ClipUp.exe
2017-01-11 17:14:09 ----A---- C:\WINDOWS\SYSWOW64\mfnetsrc.dll
2017-01-11 17:14:09 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2017-01-11 17:14:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 17:14:08 ----A---- C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 17:14:08 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 17:14:08 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2017-01-11 17:14:07 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2017-01-11 17:14:07 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 17:14:06 ----A---- C:\WINDOWS\SYSWOW64\mfnetcore.dll
2017-01-11 17:14:06 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2017-01-11 17:14:06 ----A---- C:\WINDOWS\SYSWOW64\MCRecvSrc.dll
2017-01-11 17:14:06 ----A---- C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 17:14:06 ----A---- C:\WINDOWS\system32\cloudAP.dll
2017-01-11 17:14:05 ----A---- C:\WINDOWS\system32\winsrv.dll
2017-01-11 17:14:05 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 17:14:05 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 17:14:05 ----A---- C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 17:14:05 ----A---- C:\WINDOWS\system32\fhcfg.dll
2017-01-11 17:14:05 ----A---- C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 17:14:04 ----A---- C:\WINDOWS\system32\securekernel.exe
2017-01-11 17:14:04 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 17:14:04 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2017-01-11 17:13:58 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 17:13:57 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 17:13:56 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2017-01-11 17:13:55 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2017-01-11 17:13:55 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2017-01-11 17:13:54 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2017-01-11 17:13:54 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2017-01-11 17:13:54 ----A---- C:\WINDOWS\system32\LogonController.dll
2017-01-11 17:13:52 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2017-01-11 17:13:52 ----A---- C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 17:13:52 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 17:13:51 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2017-01-11 17:13:51 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2017-01-11 17:13:51 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 17:13:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:13:50 ----A---- C:\WINDOWS\system32\provengine.dll
2017-01-11 17:13:48 ----A---- C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 17:13:48 ----A---- C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 17:13:47 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2017-01-11 17:13:47 ----A---- C:\WINDOWS\system32\KnobsCsp.dll
2017-01-07 12:54:05 ----A---- C:\WINDOWS\SYSWOW64\NlsLexicons0009.dll
2017-01-07 12:54:05 ----A---- C:\WINDOWS\SYSWOW64\NlsData0009.dll
2017-01-07 12:54:05 ----A---- C:\WINDOWS\system32\prm0009.dll
2017-01-07 12:54:05 ----A---- C:\WINDOWS\system32\NlsLexicons0009.dll
2017-01-07 12:54:05 ----A---- C:\WINDOWS\system32\NlsData0009.dll

======List of files/folders modified in the last 1 month======

2017-01-30 19:07:14 ----D---- C:\WINDOWS\Temp
2017-01-30 19:06:02 ----D---- C:\WINDOWS\Prefetch
2017-01-30 19:05:39 ----D---- C:\ProgramData\NVIDIA
2017-01-30 19:04:32 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-30 19:04:32 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-01-30 19:04:31 ----D---- C:\WINDOWS\system32\drivers
2017-01-30 19:04:31 ----D---- C:\Windows
2017-01-30 19:02:58 ----D---- C:\WINDOWS\system32\sru
2017-01-30 19:02:51 ----D---- C:\WINDOWS\system32\config
2017-01-30 19:02:28 ----SHDC---- C:\WINDOWS\Installer
2017-01-30 19:02:06 ----RD---- C:\WINDOWS\Microsoft.NET
2017-01-30 19:02:06 ----D---- C:\ProgramData\Microsoft Help
2017-01-30 19:02:05 ----RD---- C:\WINDOWS\assembly
2017-01-30 19:01:44 ----D---- C:\WINDOWS\INF
2017-01-30 19:01:39 ----SD---- C:\ProgramData\Microsoft
2017-01-30 19:01:39 ----RD---- C:\Program Files (x86)
2017-01-30 19:01:39 ----RD---- C:\Program Files
2017-01-30 19:01:39 ----AD---- C:\Program Files\Common Files\microsoft shared
2017-01-30 19:01:26 ----RSD---- C:\WINDOWS\Fonts
2017-01-30 19:01:12 ----AD---- C:\Program Files (x86)\MSBuild
2017-01-30 19:01:11 ----D---- C:\WINDOWS\System32
2017-01-30 19:01:11 ----D---- C:\Program Files\Common Files
2017-01-30 19:00:10 ----D---- C:\WINDOWS\ShellNew
2017-01-30 18:59:57 ----D---- C:\Program Files\Common Files\System
2017-01-30 18:59:57 ----A---- C:\WINDOWS\win.ini
2017-01-30 18:58:56 ----D---- C:\WINDOWS\system32\catroot2
2017-01-30 18:58:55 ----SHD---- C:\System Volume Information
2017-01-30 18:22:38 ----D---- C:\WINDOWS\system32\SleepStudy
2017-01-28 12:38:37 ----D---- C:\WINDOWS\AppReadiness
2017-01-27 17:12:56 ----D---- C:\Users\darkane\AppData\Roaming\Skype
2017-01-27 13:43:19 ----D---- C:\ProgramData\Skype
2017-01-27 13:27:42 ----D---- C:\WINDOWS\debug
2017-01-27 12:30:36 ----HD---- C:\Program Files\WindowsApps
2017-01-26 17:22:39 ----D---- C:\Users\darkane\AppData\Roaming\Mp3tag
2017-01-26 14:06:20 ----D---- C:\Users\darkane\AppData\Roaming\vlc
2017-01-25 12:57:12 ----D---- C:\WINDOWS\CbsTemp
2017-01-25 12:57:04 ----D---- C:\WINDOWS\SysWOW64
2017-01-25 12:56:59 ----D---- C:\WINDOWS\WinSxS
2017-01-25 11:54:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-25 11:52:01 ----D---- C:\ProgramData\NVIDIA Corporation
2017-01-25 11:51:37 ----D---- C:\WINDOWS\system32\Tasks
2017-01-25 11:51:18 ----D---- C:\WINDOWS\system32\DriverStore
2017-01-25 11:51:18 ----D---- C:\WINDOWS\system32\CatRoot
2017-01-25 11:50:28 ----D---- C:\Program Files\NVIDIA Corporation
2017-01-25 11:50:25 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2017-01-25 07:32:30 ----D---- C:\WINDOWS\LiveKernelReports
2017-01-23 07:55:44 ----D---- C:\WINDOWS\system32\Macromed
2017-01-23 07:55:41 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-01-14 16:59:42 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2017-01-14 14:59:48 ----AD---- C:\Program Files (x86)\Adobe
2017-01-14 14:52:56 ----D---- C:\WINDOWS\system32\drivers\etc
2017-01-14 12:30:04 ----HD---- C:\ProgramData
2017-01-13 17:54:59 ----D---- C:\Users\darkane\AppData\Roaming\Adobe
2017-01-12 10:05:20 ----D---- C:\WINDOWS\rescache
2017-01-11 19:02:11 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 19:02:10 ----D---- C:\WINDOWS\system32\wbem
2017-01-11 19:02:10 ----D---- C:\WINDOWS\system32\oobe
2017-01-11 19:02:09 ----D---- C:\WINDOWS\ShellExperiences
2017-01-11 19:02:08 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2017-01-11 19:02:08 ----D---- C:\WINDOWS\Provisioning
2017-01-11 19:02:08 ----D---- C:\Program Files\Internet Explorer
2017-01-11 19:02:08 ----D---- C:\Program Files (x86)\Internet Explorer
2017-01-11 18:48:21 ----D---- C:\WINDOWS\system32\MRT
2017-01-11 18:44:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-01-07 19:43:50 ----D---- C:\Users\darkane\AppData\Roaming\.minecraft
2017-01-07 16:41:20 ----D---- C:\WINDOWS\OCR
2017-01-07 11:58:04 ----D---- C:\WINDOWS\SoftwareDistribution
2017-01-06 09:11:31 ----D---- C:\Users\darkane\AppData\Roaming\AIMP

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R0 nvpciflt;nvpciflt; C:\WINDOWS\system32\DRIVERS\nvpciflt.sys [2016-12-09 48696]
R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-09-29 84992]
R3 ETD;@oem12.inf,%PS2DeviceDesc%;ELAN Input Device; C:\WINDOWS\system32\DRIVERS\ETD.sys [2016-11-15 588880]
R3 ETDSMBus;ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [2016-11-15 31816]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 18224]
R3 ibtfltcoex;@oem17.inf,%PROVIDER_NAME%;Intel Corporation; C:\WINDOWS\system32\DRIVERS\ibtfltcoex.sys [2015-07-01 79632]
R3 iwdbus;@oem14.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-01 38896]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\WINDOWS\System32\drivers\NETwew01.sys [2016-07-16 3343872]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmi.inf_amd64_ae396a6228d16bb2\nvlddmkm.sys [2016-12-09 14190528]
R3 nvvad_WaveExtensible;@oem1.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2017-01-06 47672]
R3 nvvhci;@oem24.inf,%ServiceDesc%;NVVHCI Enumerator Service; C:\WINDOWS\System32\drivers\nvvhci.sys [2017-01-20 57792]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-16 589824]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth stereo; C:\WINDOWS\system32\drivers\BthA2DP.sys [2016-09-15 168448]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2016-09-29 114176]
S3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth handsfree; C:\WINDOWS\system32\DRIVERS\BthHfAud.sys [2016-07-16 37376]
S3 BthLEEnum;@BthLEEnum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2016-09-15 249856]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2016-10-05 128512]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2016-11-11 967168]
S3 dg_ssudbus;@oem4.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-09-29 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-12-01 50160]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-09-23 192216]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-01-20 27584]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2016-07-16 183808]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 ssudmdm;@oem10.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-09-05 165504]
S3 ssudserd;@oem16.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudserd.sys [2016-09-05 165504]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-01-19 2227312]
R2 CDPUserSvc_3bb24;CDPUserSvc_3bb24; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2016-11-15 144088]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2016-05-03 337888]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20 462784]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-12-02 458176]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-01-20 425408]
R2 OneSyncSvc_3bb24;Hostitel synchronizace_3bb24; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\TimeBrokerServer.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=%SystemRoot%\System32\CDPUserSvc.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll"=%SystemRoot%\system32\FrameServer.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\hvhostsvc.dll
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\irmon.dll
S3 MessagingService_3bb24;Služba zasílání zpráv_3bb24; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-27 172488]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20 462784]
S3 PimIndexMaintenanceSvc_3bb24;Data kontaktů_3bb24; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\RMapi.dll
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UnistoreSvc_3bb24;Úložiště uživatelských dat_3bb24; C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

[Roli]

Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files
C:\WINDOWS\system32\tasks\AutoKMS
C:\WINDOWS\AutoKMS

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem zkopíruj obsah logu uloženého na C:\_OTMoveIt\MovedFiles\


Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


Nakonec použij Mbam z mého podisu a dej mi sem z něj log po smazání nepořádku.

[darkane]

zdravím
... všechny tři logy za sebou

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\tasks\AutoKMS not found.
C:\WINDOWS\AutoKMS folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: darkane
->Temp folder emptied: 60213 bytes
->Temporary Internet Files folder emptied: 7434596 bytes
->Java cache emptied: 227288 bytes
->FireFox cache emptied: 376677529 bytes
->Flash cache emptied: 697 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Ondra135
->Temp folder emptied: 10541714 bytes
->Temporary Internet Files folder emptied: 148928 bytes
->Java cache emptied: 1194242 bytes
->FireFox cache emptied: 100692422 bytes
->Flash cache emptied: 56475 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 754241 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 475,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 01312017_195121

Files moved on Reboot...
C:\Users\darkane\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

Registry entries deleted on Reboot...

************************************************************************************************************************

# AdwCleaner v6.043 - Logfile created 31/01/2017 at 20:00:02
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-30.3 [Server]
# Operating System : Windows 10 Home (X64)
# Username : darkane - DESKTOP-RCQ3LLK
# Running from : C:\Users\darkane\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\403ba04fa2379fe49c021ecdf24b9f4e


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2340 Bytes] - [11/04/2016 14:46:07]
C:\AdwCleaner\AdwCleaner[C2].txt - [1331 Bytes] - [24/05/2016 17:58:10]
C:\AdwCleaner\AdwCleaner[C3].txt - [972 Bytes] - [31/01/2017 20:00:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [2136 Bytes] - [11/04/2016 14:44:06]
C:\AdwCleaner\AdwCleaner[S2].txt - [1142 Bytes] - [24/05/2016 17:55:55]
C:\AdwCleaner\AdwCleaner[S3].txt - [1467 Bytes] - [31/01/2017 19:58:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1263 Bytes] ##########

*******************************************************************************************************************

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 31.01.17
Čas skenování: 20:08
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.50
Aktualizovat verzi balíku komponent: 1.0.1145
Licence: Zkušební

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-RCQ3LLK\darkane

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 439747
Uplynulý čas: 6 min, 42 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 1
Worm.AutoRun, C:\PROGRAMDATA\Recycler, V karanténě, [284], [173015],1.0.1145

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Roli]

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


No a máme čisto tak že, pokud není s PC nějaký problém je to z mé strany vše.

[darkane]

Všechno v pořádku. Mockrát děkuji.

[Roli]

Mockrát děkuji.

Není zač a