Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

modifierBrowser.

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
eugenija
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 30 dub 2016 13:39

modifierBrowser.

#1 Příspěvek od eugenija »

Dobrý deň,

prosím o pomoc pri odstránení Browser modifierov a podobného. Neustále mi vo všetkých prehliadačoch presmerováva adresy na reklamy a popupads aj po úplnom preinštalovaní a vešia mi na stránky transparentné bannery a neviem to vôbec odstrániť, anitívíry nájdu vždy len časť a po chvíli to pokračuje.
Vopred Vám veľmi pekne ďakujem.

Prikladam RSIT log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Linda at 2016-04-30 14:20:36
Microsoft Windows 7 Professional N Service Pack 1
System drive C: has 66 GB (22%) free of 305 GB
Total RAM: 3980 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:20:39, on 30. 4. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18283)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Users\Linda\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Linda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 1824EE0386
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 1824EE0386
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://get-access.me/wpad.dat?e99f2e7aa ... 8681243478
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKCU\..\Run: [f.lux] "C:\Users\Linda\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2467833258-3242942816-315545646-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2467833258-3242942816-315545646-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Stiahnuť &všetky odkazy pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Stiahnuť odkaz &pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~3\VKSaver\vksaver3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Windows Connectivity Manager for Gramblr (gramblrclient) - Unknown owner - C:\Program Files\Gramblr\gramblr.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Innovative Solutions Service Monitor (InnovativeSolutions_monitor) - Unknown owner - C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 11693 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
C:\Windows\system32\WLANExt.exe 30342960
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
\??\C:\Windows\system32\conhost.exe "-5015009621340026867-995466706-981626055116179135713828587337796604726780428
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
ATKOSD.exe
taskeng.exe {E1028DA5-3E04-415A-9540-6AE561010DFD}
taskeng.exe {1DE37B2B-C757-4DB3-810B-F1430F47C1F8}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe" -startup
"C:\Windows\system32\Dwm.exe"
WDC.exe
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe" -AUSCAN
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files\Gramblr\gramblr.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Users\Linda\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 1"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=49.0.2623.112 --handshake-handle=0xd8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_72/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="4580.2.1926998078\1747394762" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_72/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="4580.3.1877328674\515831330" /prefetch:1
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4580.10.228509552\1614587199" --use-gl=swiftshader --supports-dual-gpus=false --swiftshader-path="C:\Users\Linda\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159" --gpu-driver-bug-workarounds=3,11,16,25,54 --gpu-vendor-id=0x8086 --gpu-device-id=0x0106 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.2843 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_72/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="4580.14.1516092591\63614770" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4580.27.636044994\597942037" --ppapi-flash-args --lang=sk --device-scale-factor=1 --ignored=" --type=renderer " /prefetch:3
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_72/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="4580.28.794825261\1082923139" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_72/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/*WebRTC-LocalIPPermissionCheck/Enabled/*WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="4580.32.469957223\1557850951" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_72/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/*WebRTC-LocalIPPermissionCheck/Enabled/*WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="4580.34.730215491\1853971095" /prefetch:1
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_72/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/*WebRTC-LocalIPPermissionCheck/Enabled/*WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="4580.39.273589444\2033477292" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_72/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/*WebRTC-LocalIPPermissionCheck/Enabled/*WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="4580.41.2003431704\1046521081" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_72/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/*WebRTC-LocalIPPermissionCheck/Enabled/*WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="4580.42.1137908931\1432628604" /prefetch:1

C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Linda\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\Health-Check-auto.job - C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe -startup
C:\Windows\tasks\Health-Check-deep.job - C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe -deepscan
C:\Windows\tasks\Health-Check.job - C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe -scan

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-16 551520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78234974-0C4B-4111-BDEB-D9A104418772}]
ASUS Browser Extension x64 - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll [2012-09-11 23424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-16 212576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11 767280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-16 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78234974-0C4B-4111-BDEB-D9A104418771}]
ASUS Browser Extension x86 - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll [2012-09-11 21376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-16 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-08-31 170304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-08-31 398656]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-08-31 441152]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-08-30 13192848]
"ASUSQuickGesture(x86)"=C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [2012-09-11 20352]
"ASUSTPLoader(x64)"=C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [2012-09-11 169856]
"ASUSQuickGesture(x64)"=C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [2012-09-11 22400]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2016-01-29 1340192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"f.lux"=C:\Users\Linda\AppData\Local\FluxSoftware\Flux\flux.exe [2013-10-24 1017224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CDAServer]
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-03-09 462712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2014-01-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-10-06 596528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VKSaver]
C:\ProgramData\VKSaver\VKSaver.exe [2015-10-28 239616]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-07-06 322208]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2012-07-17 178848]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-08-31 441856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe","%1"

======List of files/folders created in the last 1 month======

2016-04-30 14:16:50 ----D---- C:\rsit
2016-04-30 14:16:50 ----D---- C:\Program Files\trend micro
2016-04-18 21:40:50 ----A---- C:\Windows\system32\samsrv.dll
2016-04-18 21:40:49 ----A---- C:\Windows\SYSWOW64\samlib.dll
2016-04-18 21:40:49 ----A---- C:\Windows\system32\samlib.dll
2016-04-18 21:40:29 ----A---- C:\Windows\system32\mtxoci.dll
2016-04-18 21:40:24 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-04-18 21:40:24 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-04-18 21:39:58 ----A---- C:\Windows\system32\rpcss.dll
2016-04-18 21:39:56 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2016-04-18 21:39:56 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2016-04-18 21:39:56 ----A---- C:\Windows\system32\msxml3r.dll
2016-04-18 21:39:56 ----A---- C:\Windows\system32\msxml3.dll
2016-04-18 21:39:46 ----A---- C:\Windows\system32\ole32.dll
2016-04-18 21:39:45 ----A---- C:\Windows\SYSWOW64\ole32.dll
2016-04-18 21:39:45 ----A---- C:\Windows\system32\lsasrv.dll
2016-04-18 21:39:44 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-04-18 21:39:44 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-04-18 21:39:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-04-18 21:39:43 ----A---- C:\Windows\system32\ntdll.dll
2016-04-18 21:39:42 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-04-18 21:39:41 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-04-18 21:39:41 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-04-18 21:39:40 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-04-18 21:39:40 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-04-18 21:39:40 ----A---- C:\Windows\system32\smss.exe
2016-04-18 21:39:40 ----A---- C:\Windows\system32\rpcrt4.dll
2016-04-18 21:39:40 ----A---- C:\Windows\system32\kernel32.dll
2016-04-18 21:39:40 ----A---- C:\Windows\system32\kerberos.dll
2016-04-18 21:39:40 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-04-18 21:39:40 ----A---- C:\Windows\system32\certcli.dll
2016-04-18 21:39:40 ----A---- C:\Windows\system32\advapi32.dll
2016-04-18 21:39:39 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-04-18 21:39:39 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-04-18 21:39:39 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-04-18 21:39:39 ----A---- C:\Windows\system32\wow64win.dll
2016-04-18 21:39:39 ----A---- C:\Windows\system32\winsrv.dll
2016-04-18 21:39:39 ----A---- C:\Windows\system32\TSpkg.dll
2016-04-18 21:39:39 ----A---- C:\Windows\system32\schannel.dll
2016-04-18 21:39:39 ----A---- C:\Windows\system32\ncrypt.dll
2016-04-18 21:39:39 ----A---- C:\Windows\system32\msv1_0.dll
2016-04-18 21:39:39 ----A---- C:\Windows\system32\KernelBase.dll
2016-04-18 21:39:39 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-04-18 21:39:38 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-04-18 21:39:38 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-04-18 21:39:38 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-04-18 21:39:38 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-04-18 21:39:38 ----A---- C:\Windows\system32\wow64.dll
2016-04-18 21:39:38 ----A---- C:\Windows\system32\wdigest.dll
2016-04-18 21:39:38 ----A---- C:\Windows\system32\sspicli.dll
2016-04-18 21:39:38 ----A---- C:\Windows\system32\srcore.dll
2016-04-18 21:39:38 ----A---- C:\Windows\system32\rpchttp.dll
2016-04-18 21:39:38 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-04-18 21:39:38 ----A---- C:\Windows\system32\csrsrv.dll
2016-04-18 21:39:38 ----A---- C:\Windows\system32\cryptbase.dll
2016-04-18 21:39:38 ----A---- C:\Windows\system32\conhost.exe
2016-04-18 21:39:37 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-04-18 21:39:37 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-04-18 21:39:37 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-04-18 21:39:37 ----A---- C:\Windows\system32\wow64cpu.dll
2016-04-18 21:39:37 ----A---- C:\Windows\system32\sspisrv.dll
2016-04-18 21:39:37 ----A---- C:\Windows\system32\srclient.dll
2016-04-18 21:39:37 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-04-18 21:39:37 ----A---- C:\Windows\system32\secur32.dll
2016-04-18 21:39:37 ----A---- C:\Windows\system32\rstrui.exe
2016-04-18 21:39:37 ----A---- C:\Windows\system32\lsass.exe
2016-04-18 21:39:37 ----A---- C:\Windows\system32\drivers\appid.sys
2016-04-18 21:39:37 ----A---- C:\Windows\system32\appidapi.dll
2016-04-18 21:39:36 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-04-18 21:39:36 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-04-18 21:39:36 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-04-18 21:39:36 ----A---- C:\Windows\system32\ntvdm64.dll
2016-04-18 21:39:36 ----A---- C:\Windows\system32\appidsvc.dll
2016-04-18 21:39:36 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-04-18 21:39:35 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-04-18 21:39:35 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-04-18 21:39:35 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-04-18 21:39:35 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-04-18 21:39:35 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-04-18 21:39:35 ----A---- C:\Windows\system32\credssp.dll
2016-04-18 21:39:35 ----A---- C:\Windows\system32\auditpol.exe
2016-04-18 21:39:35 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-04-18 21:39:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-18 21:39:34 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-18 21:39:34 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-04-18 21:39:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-18 21:39:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-18 21:39:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-18 21:39:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-18 21:39:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-18 21:39:33 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-18 21:39:33 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-18 21:39:33 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-18 21:39:33 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-18 21:39:33 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-18 21:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-18 21:39:32 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-04-18 21:39:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-18 21:39:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-18 21:39:31 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-18 21:39:31 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-18 21:39:31 ----A---- C:\Windows\SYSWOW64\user.exe
2016-04-18 21:39:31 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-04-18 21:39:31 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-04-18 21:39:31 ----A---- C:\Windows\system32\apisetschema.dll
2016-04-18 21:39:30 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-04-18 21:39:30 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-04-18 21:39:30 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-04-18 21:39:30 ----A---- C:\Windows\system32\msobjs.dll
2016-04-18 21:39:30 ----A---- C:\Windows\system32\msaudite.dll
2016-04-18 21:39:30 ----A---- C:\Windows\system32\adtschema.dll
2016-04-18 21:39:05 ----A---- C:\Windows\system32\drivers\disk.sys
2016-04-18 21:39:01 ----A---- C:\Windows\system32\win32k.sys
2016-04-18 21:38:49 ----A---- C:\Windows\SYSWOW64\tbs.dll
2016-04-18 21:38:49 ----A---- C:\Windows\system32\tbs.dll
2016-04-18 21:38:49 ----A---- C:\Windows\system32\fveapibase.dll
2016-04-18 21:38:49 ----A---- C:\Windows\system32\fveapi.dll
2016-04-18 21:38:34 ----A---- C:\Windows\system32\generaltel.dll
2016-04-18 21:38:33 ----A---- C:\Windows\system32\invagent.dll
2016-04-18 21:38:33 ----A---- C:\Windows\system32\devinv.dll
2016-04-18 21:38:33 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-04-18 21:38:33 ----A---- C:\Windows\system32\appraiser.dll
2016-04-18 21:38:33 ----A---- C:\Windows\system32\aepic.dll
2016-04-18 21:38:33 ----A---- C:\Windows\system32\aeinv.dll
2016-04-18 21:38:33 ----A---- C:\Windows\system32\acmigration.dll
2016-04-18 21:38:29 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-04-18 21:38:29 ----A---- C:\Windows\system32\tzres.dll
2016-04-18 21:37:20 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-04-18 21:37:20 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-04-18 21:37:20 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-04-18 21:37:19 ----A---- C:\Windows\system32\iernonce.dll
2016-04-18 21:37:19 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-04-18 21:37:19 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-04-18 21:37:18 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-04-18 21:37:17 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-04-18 21:37:17 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-04-18 21:37:16 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-04-18 21:37:16 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-04-18 21:37:16 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-04-18 21:37:16 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-04-18 21:37:16 ----A---- C:\Windows\system32\inseng.dll
2016-04-18 21:37:16 ----A---- C:\Windows\system32\ie4uinit.exe
2016-04-18 21:37:15 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-04-18 21:37:15 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-18 21:37:14 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-04-18 21:37:14 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-04-18 21:37:11 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-04-18 21:37:11 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-04-18 21:37:11 ----A---- C:\Windows\system32\occache.dll
2016-04-18 21:37:10 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-04-18 21:37:10 ----A---- C:\Windows\system32\urlmon.dll
2016-04-18 21:37:10 ----A---- C:\Windows\system32\iedkcs32.dll
2016-04-18 21:37:09 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-04-18 21:37:08 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-04-18 21:37:06 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-04-18 21:37:06 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-04-18 21:37:04 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-04-18 21:37:04 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-04-18 21:37:04 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-18 21:37:04 ----A---- C:\Windows\system32\dxtrans.dll
2016-04-18 21:37:03 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-04-18 21:37:03 ----A---- C:\Windows\system32\msfeeds.dll
2016-04-18 21:37:01 ----A---- C:\Windows\system32\iesetup.dll
2016-04-18 21:37:00 ----A---- C:\Windows\system32\ieapfltr.dll
2016-04-18 21:36:58 ----A---- C:\Windows\system32\iertutil.dll
2016-04-18 21:36:57 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-04-18 21:36:56 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-04-18 21:36:56 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-04-18 21:36:56 ----A---- C:\Windows\system32\vbscript.dll
2016-04-18 21:36:55 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-04-18 21:36:55 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-04-18 21:36:55 ----A---- C:\Windows\system32\jsproxy.dll
2016-04-18 21:36:54 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-04-18 21:36:52 ----A---- C:\Windows\system32\ieui.dll
2016-04-18 21:36:52 ----A---- C:\Windows\system32\dxtmsft.dll
2016-04-18 21:36:51 ----A---- C:\Windows\system32\ieframe.dll
2016-04-18 21:36:50 ----A---- C:\Windows\system32\mshtmled.dll
2016-04-18 21:36:49 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-04-18 21:36:49 ----A---- C:\Windows\system32\ieUnatt.exe
2016-04-18 21:36:48 ----A---- C:\Windows\system32\webcheck.dll
2016-04-18 21:36:48 ----A---- C:\Windows\system32\jscript.dll
2016-04-18 21:36:47 ----A---- C:\Windows\system32\jscript9diag.dll
2016-04-18 21:36:47 ----A---- C:\Windows\system32\jscript9.dll
2016-04-18 21:36:46 ----A---- C:\Windows\system32\wininet.dll
2016-04-18 21:36:44 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-04-18 21:36:43 ----A---- C:\Windows\system32\msrating.dll
2016-04-18 21:36:41 ----A---- C:\Windows\system32\mshtml.dll
2016-04-08 10:37:05 ----D---- C:\Users\Linda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2016-04-08 10:37:02 ----D---- C:\Users\Linda\AppData\Roaming\chc
2016-04-07 13:56:15 ----D---- C:\Users\Linda\AppData\Roaming\OpenPilot
2016-04-07 13:51:48 ----D---- C:\Program Files (x86)\OpenPilot
2016-03-31 15:31:03 ----D---- C:\Users\Linda\AppData\Roaming\Processing

======List of files/folders modified in the last 1 month======

2016-04-30 14:20:33 ----D---- C:\ProgramData\Gramblr
2016-04-30 14:18:55 ----D---- C:\Windows\Temp
2016-04-30 14:16:50 ----RD---- C:\Program Files
2016-04-30 14:11:27 ----D---- C:\Users\Linda\AppData\Roaming\Skype
2016-04-30 14:01:00 ----D---- C:\Windows\system32\Tasks
2016-04-30 11:26:42 ----D---- C:\Users\Linda\AppData\Roaming\BitComet
2016-04-30 11:11:38 ----D---- C:\Downloads
2016-04-30 10:58:46 ----SHD---- C:\System Volume Information
2016-04-30 10:50:14 ----D---- C:\Windows\system32\config
2016-04-30 10:45:27 ----D---- C:\ProgramData\NVIDIA
2016-04-29 17:27:22 ----D---- C:\Windows\Prefetch
2016-04-29 10:33:48 ----D---- C:\Windows\System32
2016-04-29 10:33:48 ----D---- C:\Windows\inf
2016-04-29 10:33:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-29 10:07:08 ----D---- C:\Windows\Logs
2016-04-28 18:30:06 ----D---- C:\Program Files (x86)\Opera
2016-04-28 09:57:46 ----RSD---- C:\Windows\Fonts
2016-04-26 15:58:36 ----SHD---- C:\Windows\Installer
2016-04-26 15:58:31 ----D---- C:\ProgramData\Microsoft Help
2016-04-25 20:39:38 ----D---- C:\Users\Linda\AppData\Roaming\foobar2000
2016-04-24 13:18:41 ----D---- C:\Windows\rescache
2016-04-22 19:33:24 ----D---- C:\Users\Linda\AppData\Roaming\vlc
2016-04-22 09:57:45 ----N---- C:\Windows\system32\MpSigStub.exe
2016-04-21 17:30:45 ----D---- C:\Windows\Microsoft.NET
2016-04-19 12:36:23 ----D---- C:\Program Files\Gramblr
2016-04-19 10:06:17 ----RSD---- C:\Windows\assembly
2016-04-19 09:36:11 ----D---- C:\Windows\winsxs
2016-04-19 09:30:59 ----D---- C:\Windows\SysWOW64
2016-04-19 09:30:40 ----D---- C:\Windows\SYSWOW64\en-US
2016-04-19 09:30:33 ----D---- C:\Windows\system32\drivers
2016-04-19 09:30:32 ----D---- C:\Windows\system32\en-US
2016-04-19 09:30:24 ----D---- C:\Windows\AppPatch
2016-04-19 09:30:21 ----D---- C:\Windows\system32\Boot
2016-04-19 09:30:15 ----D---- C:\Windows\SYSWOW64\wbem
2016-04-19 09:30:15 ----D---- C:\Windows\system32\drivers\en-US
2016-04-19 09:30:14 ----D---- C:\Windows\system32\wbem
2016-04-19 09:30:11 ----D---- C:\Windows\system32\appraiser
2016-04-19 09:29:25 ----D---- C:\Windows\SYSWOW64\sk-SK
2016-04-19 09:29:24 ----D---- C:\Windows\system32\sk-SK
2016-04-19 09:29:20 ----D---- C:\Program Files\Internet Explorer
2016-04-19 09:28:41 ----D---- C:\Program Files (x86)\Internet Explorer
2016-04-19 09:28:30 ----D---- C:\Windows\system32\DriverStore
2016-04-19 00:34:49 ----D---- C:\Windows\system32\MRT
2016-04-19 00:24:52 ----A---- C:\Windows\system32\MRT.exe
2016-04-18 21:34:17 ----D---- C:\Windows\system32\catroot2
2016-04-08 12:05:59 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-04-07 13:55:50 ----D---- C:\Program Files\DIFX
2016-04-07 13:51:48 ----RD---- C:\Program Files (x86)
2016-04-05 14:46:47 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-11-13 289120]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-08-28 30056]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2013-04-10 11576]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
R3 ATP;ASUS PS/2 Port Input Device; C:\Windows\system32\DRIVERS\AsusTP.sys [2012-09-11 56704]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-08-31 9000256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-09-11 4142864]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-08-27 342528]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\Netwsw00.sys [2012-03-12 11471872]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-11-13 133816]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA; C:\Windows\system32\DRIVERS\RtsBaStor.sys [2012-02-01 292968]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-04-03 707688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol; C:\Windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2012-07-23 105120]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EpsonScanSvc;Epson Scanner Service; C:\Windows\system32\EscSvc64.exe [2011-12-12 135824]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2012-03-29 626960]
R2 gramblrclient;Windows Connectivity Manager for Gramblr; C:\Program Files\Gramblr\gramblr.exe [2016-04-19 9627728]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-01-29 23808]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-08-28 891240]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-28 1258856]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2012-03-29 148752]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-28 382824]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [2012-06-19 77824]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-03-29 2669840]
R3 InnovativeSolutions_monitor;Innovative Solutions Service Monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [2015-10-23 1064520]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-01-29 374344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-28 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-08-31 276288]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-03-31 114688]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-03-29 273168]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-17 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: modifierBrowser.

#2 Příspěvek od Márty84 »

Zdravim :)

:arrow: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

eugenija
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 30 dub 2016 13:39

Re: modifierBrowser.

#3 Příspěvek od eugenija »

Dobrý deň,
ďakujem za promptnú odpoveď!
Nechala som prebehnúť adwcleaner ako ste mi odporúčali, prikladám nižšie vzniknutý log.
Taktiež medzi rsit logom a spustením cleanera mi diagnostikoval antivírus spomínaný browser modifier, nachádzajúci sa v systémovom windows priečinku/temporary internet files/ s názvom picx1116[1].exe a odtránil ho. tento súbor mi však diagnostikuje dookola asi tak raz do týždňa a je to jediný z spomínaných problémov, ktorý mi vie nájsť, avšak sa nanovo vždy objaví. preto neviem zaručiť úplnosť výsledného logu (asi).
Ďakujem ešte raz!

# AdwCleaner v5.115 - Logfile created 02/05/2016 at 12:42:10
# Updated 01/05/2016 by Xplode
# Database : 2016-05-01.2 [Server]
# Operating system : Windows 7 Professional N Service Pack 1 (X64)
# Username : Linda - AUGUSTÍN
# Running from : C:\Users\Linda\Desktop\adwcleaner_5.115.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Innovative Solutions
[-] Folder Deleted : C:\ProgramData\LuckyBrowse
[#] Folder Deleted : C:\ProgramData\Application Data\Innovative Solutions
[#] Folder Deleted : C:\ProgramData\Application Data\LuckyBrowse
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
[-] Folder Deleted : C:\Program Files (x86)\Innovative Solutions
[-] Folder Deleted : C:\Program Files (x86)\Common Files\Innovative Solutions
[-] Folder Deleted : C:\Users\Linda\AppData\Local\Innovative Solutions
[-] Folder Deleted : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476\extensions\yahooprotected@gmail.com

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[#] File Deleted : C:\ProgramData\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
[-] Task Deleted : LuckyBrowse

***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [default_newtabff@gmail.com]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKLM\SOFTWARE\FFPluginHp
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
[-] Key Deleted : HKLM\SOFTWARE\LuckyBrowse
[-] Key Deleted : HKLM\SOFTWARE\omniboxesSoftware
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\TSv
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{525FAEF0-2221-493A-A120-58B41594BADA}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{1E1A7148-0184-4F7B-86D5-D25C6DCC7617}]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []

***** [ Web browsers ] *****

[-] [C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476\prefs.js] Deleted : user_pref("browser.newtab.url", "hxxp://www.omniboxes.com/newtab/?type=nt&ts=14 ... D3TKDAD3TX");
[-] [C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476\prefs.js] Deleted : user_pref("browser.search.searchengine.alias", "omniboxes");
[-] [C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476\prefs.js] Deleted : user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
[-] [C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476\prefs.js] Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.omniboxes.com/favicon.ico");
[-] [C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476\prefs.js] Deleted : user_pref("browser.search.searchengine.name", "omniboxes");
[-] [C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476\prefs.js] Deleted : user_pref("browser.search.searchengine.ptid", "ient07031");
[-] [C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476\prefs.js] Deleted : user_pref("browser.search.searchengine.uid", "HitachiXHTS545032A7E380_TA8B123VKDAD3TKDAD3TX");
[-] [C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476\prefs.js] Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.omniboxes.com/web/?type=ds&ts=14483 ... 123VKDAD3T[...]

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5180 bytes] - [02/05/2016 12:42:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [6104 bytes] - [02/05/2016 12:38:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5326 bytes] ##########

eugenija
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 30 dub 2016 13:39

Re: modifierBrowser.

#4 Příspěvek od eugenija »

mám nechať prebehnúť aj MBAM?

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: modifierBrowser.

#5 Příspěvek od Márty84 »

eugenija píše:mám nechať prebehnúť aj MBAM?
Ano. Je potreba to procistit poradne, aby se to uz nevratilo. Takze to projedem dukladne :-)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

eugenija
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 30 dub 2016 13:39

Re: modifierBrowser.

#6 Příspěvek od eugenija »

Nechala som bežať ten mbam a asi po 4 hodinách ma vyhodilo do modrej obrazovky ako samoochrana systému a že mám skontrolovať posledné nainštalované súbory.
počítač sa mi načítal normálne ale program som už nespustila nanovo, no asi po pol hodine mi vyhodilo modrú obrazovku keď som s počítačom chvíľku nič nerobila. To sa mi ešte doteraz nestalo.
Do tretice funguje, no neviem, či ma nevyhodí hocikedy opäť, ani či mám teda spúšťať mbam znova alebo nie.
Každopádne adwcleaner mi problém neodstránil, pretrváva a dosť agresívne.
Čo teraz?
Ďakujem Vám za Váš čas.

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: modifierBrowser.

#7 Příspěvek od Márty84 »

:arrow: Kouknete do slozky C:\Windows\Minidump . Pokud v ni budou nejake soubory, uplodnete je treba na leteckou postu http://leteckaposta.cz/ a sem dejte odkaz na stazeni.



:arrow: Postupujte podle navodu kolegy
vyosek píše: :arrow: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
  • Ulozte nejlepe na plochu
  • Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
  • Probehne vytvoreni zalohy a nasledne prohledavani
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

:arrow: Postupujte podle navodu kolegy
vyosek píše: :arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize
  • Kód: Vybrat vše

    autoclean;
    autoclean;
    resethosts;
    emptyclsid;
    IEdefaults;
    FFdefaults;
    CHRdefaults;
    emptyIEcache;
    emptyFFcache;
    emptyCHRcache;
    emptyalltemp;
    emptyflash;
    emptyjava;
    emptyrecycle.bin;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

eugenija
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 30 dub 2016 13:39

Re: modifierBrowser.

#8 Příspěvek od eugenija »

Dobrý deň.
V Minidumpe mám dva súbory a ani za nič mi s nimi nejde nič robiť, tobôž ich uploadnúť.

Log z JRT je tu:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional N x64
Ran by Linda (Administrator) on ne 08. 05. 2016 at 14:28:27,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 57

Successfully deleted: C:\Windows\system32\Tasks\VKSaverUpdate (Task)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0EBDO9PH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0X1INXCU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1067V00M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GRN90HV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NO61QBZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2J6ND1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QF8P9ZX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22UGUFFU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KZKM7OQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9ZM3JC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3R22639M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RUXGK2R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DNG706Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK62WIUL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FSCGVB3M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GN0O9V73 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L41TVLOP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3V0MKLV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSRUU20G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZC4G5JA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEBR4NKX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCL69U04 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V4RWT2D5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEZTO4AH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL0OYNEW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2VHTLYW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF0ZUA3Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZU7AQDGS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0EBDO9PH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0X1INXCU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1067V00M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GRN90HV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NO61QBZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2J6ND1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QF8P9ZX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22UGUFFU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KZKM7OQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9ZM3JC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3R22639M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RUXGK2R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DNG706Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK62WIUL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FSCGVB3M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GN0O9V73 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L41TVLOP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3V0MKLV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSRUU20G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZC4G5JA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEBR4NKX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCL69U04 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V4RWT2D5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEZTO4AH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XL0OYNEW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2VHTLYW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF0ZUA3Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZU7AQDGS (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 08. 05. 2016 at 14:33:44,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




a log z Zoeku je tu:

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Linda on ne 08. 05. 2016 at 14:36:23,20.
Microsoft Windows 7 Professional N 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Linda\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8. 5. 2016 14:38:42 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Sierra On-Line deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\Users\Linda\AppData\Local\EmieSiteList deleted successfully
C:\Users\Linda\AppData\Local\EmieUserList deleted successfully
C:\Users\Linda\AppData\Local\PACE Anti-Piracy deleted successfully
C:\Users\Linda\AppData\Local\Skype deleted successfully
C:\Users\Linda\AppData\Local\Windows Live deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2467833258-3242942816-315545646-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-

30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_USERS\S-1-5-21-2467833258-3242942816-315545646-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-

30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_USERS\S-1-5-21-2467833258-3242942816-315545646-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78234974-

0C4B-4111-BDEB-D9A104418772} deleted successfully
HKEY_USERS\S-1-5-21-2467833258-3242942816-315545646-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78234974-

0C4B-4111-BDEB-D9A104418772} deleted successfully
HKEY_USERS\S-1-5-21-2467833258-3242942816-315545646-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-

5BF6-4665-A8A3-CFA9672E4291} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{72853161-30C5-4D22-B7F9-

0BBC1D38A37E} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-

0BBC1D38A37E} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{78234974-0C4B-4111-BDEB-D9A104418772} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78234974-0C4B-4111-BDEB-

D9A104418772} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}

deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A541AE1-5BF6-4665-A8A3-

CFA9672E4291} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72853161-30C5-4D22-B7F9-

0BBC1D38A37E} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2A541AE1-5BF6-4665-A8A3-

CFA9672E4291} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476\prefs.js:
user_pref("browser.startup.homepage", "about:home");

Added to C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"yahooprotected@gmail.com\":{\"d\":\"C:\\\\Users\\\\Linda\\\\AppData\

\\\Roaming\\\\Mozilla\\\\Fir
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_201608.05._1507_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Sierra On-Line not found
C:\PROGRA~2\SamsungPrinterLiveUpdateInstaller deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\PROGRA~3\VKSaver\VKSaver.exe" deleted
"C:\PROGRA~3\VKSaver\vksaver3.dll" deleted
"C:\PROGRA~3\VKSaver" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}"="C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin

\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}" [03. 11. 2015 07:57]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476
88041A1D3DB193614C1DD264CDD7417E - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll - Shockwave for

Director / Shockwave for Director


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86


Avast Online Security - Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chromium Fix ======================

C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_land.pckeeper.software_0.localstorage

deleted successfully
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_land.pckeeper.software_0.localstorage-

journal deleted successfully
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage deleted

successfully
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage-journal

deleted successfully
C:\Users\Linda\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_mozilla-

firefox.en.softonic.com_0.localstorage deleted successfully
C:\Users\Linda\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_mozilla-

firefox.en.softonic.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID= ... 4D2A-99C7-

AD1824EE0386"
"Search Page"="https://www.google.com/search?trackid=s ... earchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/search?trackid=s ... earchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/search?trackid=s ... earchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkID= ... 4D2A-99C7-

AD1824EE0386"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}

&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - http://www.bing.com/search?q={searchTerms}

&form=MSSEDF&pc=MSSE
HKCU\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-

SearchBox&FORM=IESR02
HKCU\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - http://www.bing.com/search?q={searchTer ... DF&pc=MSSE

==== Reset Google Chrome ======================

C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Linda\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully
C:\Users\Linda\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Linda\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VKSaver deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied

successfully
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied

successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied

successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied

successfully

==== Empty FireFox Cache ======================

C:\Users\Linda\AppData\Local\Mozilla\Firefox\Profiles\ah8mozv5.default-1447833134476\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Linda\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=22 folders=3 3833658 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Linda\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Linda\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\VKSaver" not found
"C:\Users\Linda\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKUNP4R5\pagead2.googlesyndication.com" not found
"C:\Users\Linda\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKUNP4R5\static.muzu.tv" not found
"C:\Users\Linda\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKUNP4R5\tag.kineto.hiro.tv" not found

==== EOF on ne 08. 05. 2016 at 15:22:49,11 ======================





teraz?
ďakujem.

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: modifierBrowser.

#9 Příspěvek od Márty84 »

eugenija píše:V Minidumpe mám dva súbory a ani za nič mi s nimi nejde nič robiť, tobôž ich uploadnúť.
Zkuste je nejdrive zkopirovat na plochu. Od tama by uz s nimi mohlo jit pracovat.


:!: Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) :!:

:!: Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

:arrow: Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

eugenija
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 30 dub 2016 13:39

Re: modifierBrowser.

#10 Příspěvek od eugenija »

Nejde mi s nimi pracovať ani z plochy ani nijak ani ak zmením povolenia. stále mi píše že nemám právo s nimi nič robiť. (minidump)

okrem toho ten combofix znie dosť radikálne, čo je dobre ale trochu mám obavu, lebo najbližší týždeň akútne potrebujem používať počítač denne v plnej funkčnosti so všetkými programami a nemôžem si dovoliť ak by niečo nešlo, najmä ak mi odporúčate zálohovať všetko. (čo mám, ale čo keď).
beztak mi už predošlé procesy znefunkčnili zopár mne dosť dôležitých programov, tak sa radšej chcem opýtať, čo mi odporúčate v tejto situácií. problému sa chcem zbaviť ale nemám čas preinštalovávať teraz(obdobie deadlinov).
Mimo to mi problém stále pretrváva v pôvodnom rozsahu, nič sa nezlepšilo ani po všetkých Vami odporúčaných programoch. :(:(:(
Prepáčte mi, radšej sa pýtam, nechcem to komplikovať ale som z toho na nervy. Mrzí ma to. Čo mám očakávať ďalej?
nech si na to vyhradím priestor a pripravím sa na možné reinštalácie a podobne.
ďakujem Vám srdečne a ešte raz prepáčte.

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: modifierBrowser.

#11 Příspěvek od Márty84 »

Co vam mam na to napsat?

V pc mate havet. Bud se ji pokusime odstranit, coz chvili trva a dokud se to nevycisti uplne, budou se priznaky nakazy stale objevovat, nebo si ji tam nechate a bude se to dale sirit a zhorsovat. Mnou pouzite programy a kroky obvykle zadne vase programy neznici, pokud tedy nejsou samy havet, nebo napadene. ComboFix vypada radikalne a taky je, je to silny nastroj. Havet se muze branit, takze vzdycky je mala moznost, ze to system nevydrzi, proto doporuceni zalohy. Ostatne zalohovat se ma neustale, i kdyz s pc nic neni. Pak uz totiz byva pozde.

Takze zalezi na vas, jestli se rozhodnete pokracovat, nebo to odlozite treba o ten tyden...
Mi je to celkem jedno, ja tady nakukuju kazdy den a proste bud tu bude log, nebo ne :-)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

eugenija
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 30 dub 2016 13:39

Re: modifierBrowser.

#12 Příspěvek od eugenija »

Dobrý deň,
ďakujem za pochopenie.
K minidumpu sa neviem dostať ani ak je na ploche.
z combofixu posielam log tu.
ComboFix 16-05-18.01 - Linda . 05. 2016 22:54:12.1.2 - x64
Microsoft Windows 7 Professional N 6.1.7601.1.1250.421.1051.18.3980.1987 [GMT 2:00]
Running from: c:\users\Linda\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver
c:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver\Launch VKSaver.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver\Readme.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver\Uninstall.lnk
c:\programdata\Roaming
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2016-04-21 to 2016-05-21 )))))))))))))))))))))))))))))))
.
.
2016-05-21 21:05 . 2016-05-21 21:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-05-21 21:05 . 2016-05-21 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-21 20:48 . 2016-05-17 22:56 11898512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1453F7A-A88F-4689-BFF1-E6536EF9A0A5}\mpengine.dll
2016-05-19 19:55 . 2016-05-09 10:10 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FD2C98C-5ACD-493C-AB97-3BEEF65A9257}\gapaengine.dll
2016-05-19 19:54 . 2016-04-20 01:13 11695896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-05-11 12:02 . 2016-04-23 17:08 394960 ----a-w- c:\windows\system32\iedkcs32.dll
2016-05-11 12:01 . 2016-04-09 07:01 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-05-11 12:00 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2016-05-11 12:00 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2016-05-08 17:02 . 2016-05-08 17:02 -------- d-----w- c:\programdata\ALM
2016-05-08 16:10 . 2016-05-08 16:10 -------- d-----w- c:\program files (x86)\My Company Name
2016-05-08 13:16 . 2016-05-08 12:36 24064 ----a-w- c:\windows\zoek-delete.exe
2016-05-08 13:16 . 2016-05-21 21:05 -------- d-----w- c:\users\Linda\AppData\Local\Temp
2016-05-08 12:36 . 2016-05-08 13:11 -------- d-----w- C:\zoek_backup
2016-05-02 16:06 . 2016-05-02 16:07 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-02 16:05 . 2016-05-02 16:05 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-02 16:05 . 2016-05-02 16:05 -------- d-----w- c:\programdata\Malwarebytes
2016-05-02 16:05 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-02 16:05 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-02 16:05 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-02 10:38 . 2016-05-02 10:42 -------- d-----w- C:\AdwCleaner
2016-04-30 14:21 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2016-04-30 12:16 . 2016-04-30 12:20 -------- d-----w- c:\program files\trend micro
2016-04-30 12:16 . 2016-04-30 12:17 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-13 13:05 . 2013-07-20 23:15 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-13 13:05 . 2013-07-20 23:15 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-05-11 21:09 . 2013-07-17 16:46 139319312 ----a-w- c:\windows\system32\MRT.exe
2016-05-09 10:10 . 2013-09-18 22:15 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-04-22 07:57 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-04-09 06:58 . 2016-05-11 12:01 344064 ----a-w- c:\windows\system32\schannel.dll
2016-04-09 06:58 . 2016-05-11 12:01 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-04-09 06:54 . 2016-05-11 12:01 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-04-09 06:54 . 2016-05-11 12:01 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-04-09 06:54 . 2016-05-11 12:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-04-04 18:14 . 2016-04-18 19:38 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-18 19:38 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-18 19:38 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-03-23 14:02 . 2016-04-18 19:38 215040 ----a-w- c:\windows\system32\aepic.dll
2016-03-17 22:56 . 2016-04-18 19:39 2084864 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-18 19:39 1414144 ----a-w- c:\windows\SysWow64\ole32.dll
2016-03-17 18:04 . 2016-04-18 19:38 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-18 19:38 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-18 19:38 279040 ----a-w- c:\windows\system32\invagent.dll
2016-03-17 18:04 . 2016-04-18 19:38 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-16 18:50 . 2016-04-18 19:40 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-16 18:28 . 2016-04-18 19:40 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-03-16 18:28 . 2016-04-18 19:40 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-03-16 00:16 . 2016-04-18 19:40 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-03-16 00:16 . 2016-04-18 19:40 106496 ----a-w- c:\windows\system32\samlib.dll
2016-03-15 23:53 . 2016-04-18 19:40 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2016-03-06 18:53 . 2016-04-18 19:39 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-03-06 18:53 . 2016-04-18 19:39 1885696 ----a-w- c:\windows\system32\msxml3.dll
2016-03-06 18:38 . 2016-04-18 19:39 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-03-06 18:38 . 2016-04-18 19:39 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\Linda\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-07-06 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-07-17 178848]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe;c:\program files\BitComet\tools\BitCometService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InnovativeSolutions_monitor;Innovative Solutions Service Monitor;c:\program files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe;c:\program files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys;c:\windows\SYSNATIVE\DRIVERS\AsusTP.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 06:36 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-14 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe [2016-05-13 13:05]
.
2016-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20 13:05]
.
2016-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-28 12:04]
.
2016-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-28 12:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-31 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-31 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-31 441152]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-30 13192848]
"ASUSQuickGesture(x86)"="c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe" [2012-09-11 20352]
"ASUSTPLoader(x64)"="c:\program files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe" [2012-09-11 169856]
"ASUSQuickGesture(x64)"="c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe" [2012-09-11 22400]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 1340192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-AU11_is1 - c:\program files (x86)\Innovative Solutions\Advanced Uninstaller PRO\unins000.exe
AddRemove-Samsung Printer Live Update - c:\program files (x86)\SamsungPrinterLiveUpdateInstaller\uninstall.exe
AddRemove-VKSaver - c:\programdata\VKSaver\VKSaver.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:31,08,a8,23,7f,38,a4,e9,8e,38,64,70,a3,8c,f8,50,60,e8,41,34,2b,
de,08,10,71,b0,e9,ea,69,39,a8,9c,02,b9,01,d5,e9,e0,cc,c1,85,3f,11,b3,6a,4f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-05-21 23:09:17
ComboFix-quarantined-files.txt 2016-05-21 21:09
.
Pre-Run: 66 109 685 760 bytes free
Post-Run: 65 615 613 952 bytes free
.
- - End Of File - - 6A6A50C1DFD525B739C272B30C5D7F64
A36C5E4F47E84449FF07ED3517B43A31

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: modifierBrowser.

#13 Příspěvek od Márty84 »

:???: A bjevila se znovu nejaka modra obrazovka?


:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"=-
"SwitchBoard"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
SkypeUpdate
NAUpdate

Reboot::
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

eugenija
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 30 dub 2016 13:39

Re: modifierBrowser.

#14 Příspěvek od eugenija »

Nebola modrá obrazovka, po prvom combofixe dokonca ani nereštartovalo počítač, urobila som to ručne potom.
toto je druhý log:

ComboFix 16-05-18.01 - Linda . 05. 2016 9:26.2.2 - x64
Microsoft Windows 7 Professional N 6.1.7601.1.1250.421.1051.18.3980.2588 [GMT 2:00]
Running from: c:\users\Linda\Desktop\ComboFix.exe
Command switches used :: c:\users\Linda\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-04-22 to 2016-05-22 )))))))))))))))))))))))))))))))
.
.
2016-05-22 07:34 . 2016-05-22 07:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-05-22 07:34 . 2016-05-22 07:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-21 20:48 . 2016-05-17 22:56 11898512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1453F7A-A88F-4689-BFF1-E6536EF9A0A5}\mpengine.dll
2016-05-19 19:55 . 2016-05-09 10:10 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FD2C98C-5ACD-493C-AB97-3BEEF65A9257}\gapaengine.dll
2016-05-19 19:54 . 2016-04-20 01:13 11695896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-05-11 12:02 . 2016-04-23 17:08 394960 ----a-w- c:\windows\system32\iedkcs32.dll
2016-05-11 12:01 . 2016-04-09 07:01 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-05-11 12:00 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2016-05-11 12:00 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2016-05-08 17:02 . 2016-05-08 17:02 -------- d-----w- c:\programdata\ALM
2016-05-08 16:10 . 2016-05-08 16:10 -------- d-----w- c:\program files (x86)\My Company Name
2016-05-08 13:16 . 2016-05-08 12:36 24064 ----a-w- c:\windows\zoek-delete.exe
2016-05-08 13:16 . 2016-05-22 07:34 -------- d-----w- c:\users\Linda\AppData\Local\Temp
2016-05-08 12:36 . 2016-05-08 13:11 -------- d-----w- C:\zoek_backup
2016-05-02 16:06 . 2016-05-02 16:07 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-02 16:05 . 2016-05-02 16:05 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-02 16:05 . 2016-05-02 16:05 -------- d-----w- c:\programdata\Malwarebytes
2016-05-02 16:05 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-02 16:05 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-02 16:05 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-02 10:38 . 2016-05-02 10:42 -------- d-----w- C:\AdwCleaner
2016-04-30 14:21 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2016-04-30 12:16 . 2016-04-30 12:20 -------- d-----w- c:\program files\trend micro
2016-04-30 12:16 . 2016-04-30 12:17 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-13 13:05 . 2013-07-20 23:15 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-13 13:05 . 2013-07-20 23:15 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-05-11 21:09 . 2013-07-17 16:46 139319312 ----a-w- c:\windows\system32\MRT.exe
2016-05-09 10:10 . 2013-09-18 22:15 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-04-22 07:57 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-04-09 06:58 . 2016-05-11 12:01 344064 ----a-w- c:\windows\system32\schannel.dll
2016-04-09 06:58 . 2016-05-11 12:01 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-04-09 06:54 . 2016-05-11 12:01 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-04-09 06:54 . 2016-05-11 12:01 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-04-09 06:54 . 2016-05-11 12:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-04-04 18:14 . 2016-04-18 19:38 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-18 19:38 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-18 19:38 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-03-23 14:02 . 2016-04-18 19:38 215040 ----a-w- c:\windows\system32\aepic.dll
2016-03-17 22:56 . 2016-04-18 19:39 2084864 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-18 19:39 1414144 ----a-w- c:\windows\SysWow64\ole32.dll
2016-03-17 18:04 . 2016-04-18 19:38 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-18 19:38 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-18 19:38 279040 ----a-w- c:\windows\system32\invagent.dll
2016-03-17 18:04 . 2016-04-18 19:38 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-16 18:50 . 2016-04-18 19:40 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-16 18:28 . 2016-04-18 19:40 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-03-16 18:28 . 2016-04-18 19:40 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-03-16 00:16 . 2016-04-18 19:40 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-03-16 00:16 . 2016-04-18 19:40 106496 ----a-w- c:\windows\system32\samlib.dll
2016-03-15 23:53 . 2016-04-18 19:40 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2016-03-06 18:53 . 2016-04-18 19:39 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-03-06 18:53 . 2016-04-18 19:39 1885696 ----a-w- c:\windows\system32\msxml3.dll
2016-03-06 18:38 . 2016-04-18 19:39 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-03-06 18:38 . 2016-04-18 19:39 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\Linda\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-07-06 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-07-17 178848]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe;c:\program files\BitComet\tools\BitCometService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InnovativeSolutions_monitor;Innovative Solutions Service Monitor;c:\program files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe;c:\program files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys;c:\windows\SYSNATIVE\DRIVERS\AsusTP.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-21 21:31 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-21 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe [2016-05-13 13:05]
.
2016-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20 13:05]
.
2016-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-05-21 21:30]
.
2016-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-05-21 21:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-31 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-31 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-31 441152]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-30 13192848]
"ASUSQuickGesture(x86)"="c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe" [2012-09-11 20352]
"ASUSTPLoader(x64)"="c:\program files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe" [2012-09-11 169856]
"ASUSQuickGesture(x64)"="c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe" [2012-09-11 22400]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 1340192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-AU11_is1 - c:\program files (x86)\Innovative Solutions\Advanced Uninstaller PRO\unins000.exe
AddRemove-Samsung Printer Live Update - c:\program files (x86)\SamsungPrinterLiveUpdateInstaller\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:31,08,a8,23,7f,38,a4,e9,8e,38,64,70,a3,8c,f8,50,60,e8,41,34,2b,
de,08,10,71,b0,e9,ea,69,39,a8,9c,02,b9,01,d5,e9,e0,cc,c1,85,3f,11,b3,6a,4f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2016-05-22 09:44:13 - machine was rebooted
ComboFix-quarantined-files.txt 2016-05-22 07:44
ComboFix2.txt 2016-05-21 21:09
.
Pre-Run: 66 533 675 008 bytes free
Post-Run: 66 230 325 248 bytes free
.
- - End Of File - - 0EB5989003C3F1400CCE3B412EE34B53
A36C5E4F47E84449FF07ED3517B43A31

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: modifierBrowser.

#15 Příspěvek od Márty84 »

Hm, zvlastni, CF nemazal.

Tak jinak....

:arrow: Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach :)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

Zamčeno