Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

adware/malware potíže

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
zuzuzu
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 24 úno 2017 11:42

adware/malware potíže

#1 Příspěvek od zuzuzu »

Dobrý den, dnes jsem nedávalo pozor při instalaci programu, a počítač se mi zaplnil adware/malware.
Myslím, že nejhoršího jsem se zbavila skrze použití malwarebytes,
ale i tak moc prosím o kontrolu jestli tam někde něco nezůstalo
(nejdou mi například smazat některé nově vytvořené složky).
Mockrát děkuji!

log z rsit

část1:

Logfile of random's system information tool 1.15 (written by random/random)
Run by zuzu at 2017-02-24 12:12:03
Microsoft Windows 10 Home
System drive C: has 56 GB (26%) free of 219 GB
Total RAM: 3956 MB (34% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:08, on 24/02/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\syswow64\backgroundTaskHost.exe
C:\Program Files\trend micro\zuzu_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [KakaoTalk] "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
O4 - HKCU\..\Run: [msiql] C:\Users\Toshiba\AppData\Local\Temp\00016292\msiql.exe /RUNNING
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Amazon Assistant Service - Unknown owner - C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: GoogleChromeUpService - Unknown owner - C:\ProgramData\service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12850 bytes

====== Enumerating Processes ======

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\10L3620z1997c265\10L3620z1997c265.dll",LzcxHEfH
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-76d332b2-3118-49ae-b0b2-150ad1be79f5 -SystemEventPortName:HostProcess-611a6940-7879-4cc0-93c1-2c35f43e9803 -IoCancelEventPortName:HostProcess-20e977ae-80c4-4d9a-abde-d1e5d72f40c4 -NonStateChangingEventPortName:HostProcess-75efe271-8411-4a5d-b2dc-e4fb52afce68 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:bc641774-836b-4a00-8a02-abceeed9cfd9 -DeviceGroupId:WpdFsGroup
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session -first
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\AUDIODG.EXE 0x284
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe"
C:\WINDOWS\SysWoW64\svchost.exe -k hpdevmgmt
C:\WINDOWS\SysWoW64\svchost.exe -k kuaizipupdatesvc
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\mqsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51495 /local:br
C:\Windows\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 4b6c61a4-2212-4e97-b7f3-8b084713d075 1
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
C:\WINDOWS\system32\taskhostw.exe
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\System32\smartscreen.exe -Embedding
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 640 644 652 8192 648
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
"C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"
"C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe"
"C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F2400 series#1476884992" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
C:\WINDOWS\system32\fontdrvhost.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=56.0.2924.87 --initial-client-data=0x35c,0x340,0x344,0x358,0x360,0x73477598,0x734775bc,0x734775a4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=6888 --on-initialized-event-handle=968 --parent-handle=972 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled_SEI/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledInitialReceiveWindow1MBJanuary/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_Stable_50/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Control20170103/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsInterventionV2/Default/ --primordial-pipe-token=6962771533106B15328BDCB04AFC712F --lang=en-GB --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=6962771533106B15328BDCB04AFC712F --renderer-client-id=3 --mojo-platform-channel-handle=2972 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled_SEI/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledInitialReceiveWindow1MBJanuary/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_Stable_50/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Control20170103/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsInterventionV2/Default/ --primordial-pipe-token=32DFAC09C17916E2D00A0347FFF6C517 --lang=en-GB --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=32DFAC09C17916E2D00A0347FFF6C517 --renderer-client-id=4 --mojo-platform-channel-handle=2956 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled_SEI/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledInitialReceiveWindow1MBJanuary/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_Stable_50/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Control20170103/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=25D8A49245EA9EF21ACA3474158C1CF4 --lang=en-GB --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=25D8A49245EA9EF21ACA3474158C1CF4 --renderer-client-id=14 --mojo-platform-channel-handle=5156 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled_SEI/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledInitialReceiveWindow1MBJanuary/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_Stable_50/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Control20170103/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=31C672B549816FE0F1E1BA5D9B0DD582 --lang=en-GB --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=31C672B549816FE0F1E1BA5D9B0DD582 --renderer-client-id=15 --mojo-platform-channel-handle=5588 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled_SEI/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledInitialReceiveWindow1MBJanuary/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_Stable_50/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Control20170103/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=65F06DE9F68CF97E58A927E41E763A74 --lang=en-GB --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=65F06DE9F68CF97E58A927E41E763A74 --renderer-client-id=11 --mojo-platform-channel-handle=5884 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled_SEI/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledInitialReceiveWindow1MBJanuary/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_Stable_50/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Control20170103/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=5C687C3A7580AA5C07F26E51F64A56B8 --lang=en-GB --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=5C687C3A7580AA5C07F26E51F64A56B8 --renderer-client-id=10 --mojo-platform-channel-handle=6504 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled_SEI/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledInitialReceiveWindow1MBJanuary/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_Stable_50/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Control20170103/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=A0B1FF9BFEC95101166199BA9A6C2E50 --lang=en-GB --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=A0B1FF9BFEC95101166199BA9A6C2E50 --renderer-client-id=9 --mojo-platform-channel-handle=6920 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled_SEI/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledInitialReceiveWindow1MBJanuary/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_Stable_50/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Control20170103/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=78441FBA0053E2CC67175EAE674761F6 --lang=en-GB --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=78441FBA0053E2CC67175EAE674761F6 --renderer-client-id=19 --mojo-platform-channel-handle=7416 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled_SEI/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledInitialReceiveWindow1MBJanuary/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_Stable_50/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Control20170103/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=92B62D57FAB3BBFF6107855BB12E1A96 --lang=en-GB --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=92B62D57FAB3BBFF6107855BB12E1A96 --renderer-client-id=8 --mojo-platform-channel-handle=7720 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled_SEI/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledInitialReceiveWindow1MBJanuary/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_Stable_50/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Control20170103/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=353DA55B5E3BB4CDB1DA07221963AD12 --lang=en-GB --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=353DA55B5E3BB4CDB1DA07221963AD12 --renderer-client-id=12 --mojo-platform-channel-handle=7220 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled_SEI/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledInitialReceiveWindow1MBJanuary/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_Stable_50/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Control20170103/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=914759F9D9BA3D646D3081531FAB9B52 --lang=en-GB --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=914759F9D9BA3D646D3081531FAB9B52 --renderer-client-id=13 --mojo-platform-channel-handle=6156 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled_SEI/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/*PluginPowerSaverTiny/Enabled2/*QUIC/EnabledInitialReceiveWindow1MBJanuary/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_Stable_50/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Control20170103/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --use-gl=swiftshader --supports-dual-gpus=false --swiftshader-path="C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1" --gpu-driver-bug-workarounds=7,19,20,23,40,71 --gpu-vendor-id=0x10de --gpu-device-id=0x0a7a --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.4201 --gpu-driver-date=11-14-2016 --service-request-channel-token=994D59327C039017B5EBC51B34F2ADED --mojo-platform-channel-handle=3520 --ignored=" --type=renderer " /prefetch:2
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
"C:\WINDOWS\syswow64\backgroundTaskHost.exe" -ServerName:App.AppXkq9cej4n2ns798m84ss4d51m782errab.mca
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7912.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
"C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17012.10301.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 1 /status on true
C:\WINDOWS\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
"C:\Users\Toshiba\Downloads\Programs\RSITx64.exe"

====== Scheduled tasks folder ======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\Uninstaller_SkipUac_zuzu.job - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
C:\WINDOWS\tasks\update-S-1-5-21-1566398034-136460071-2575209188-1000.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\WINDOWS\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\WINDOWS\system32\tasks\10L3620z1997c265 - C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\10L3620z1997c265\10L3620z1997c265.dll",LzcxHEfH
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\DistromaticUpdater-logon - C:\Program Files (x86)\Amazon Browser Settings\updater.exe --launcher=logon-task
C:\WINDOWS\system32\tasks\DistromaticUpdater-periodic - C:\Program Files (x86)\Amazon Browser Settings\updater.exe --launcher=periodic-task
C:\WINDOWS\system32\tasks\Driver Booster Scheduler - C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe /scheduler
C:\WINDOWS\system32\tasks\Driver Booster SkipUAC (Toshiba) - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe /skipuac
C:\WINDOWS\system32\tasks\Driver Booster SkipUAC (zuzu) - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe /skipuac
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\Hybrid - C:\IORRT\IORRT.bat
C:\WINDOWS\system32\tasks\IORRT - C:\IORRT\IORRT.bat
C:\WINDOWS\system32\tasks\KuaiZip_Update - C:\PROGRA~1\F85A~1\X86\Update.exe
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\Uninstaller_SkipUac_zuzu - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
C:\WINDOWS\system32\tasks\update-S-1-5-21-1566398034-136460071-2575209188-1000 - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\WINDOWS\system32\tasks\update-sys - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - %systemroot%\system32\MusNotification.exe LogonDisplay
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\WINDOWS\system32\MRT.exe /EHB /Q
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\VCore - C:\\ProgramData\\vCore\\VCore.exe /check
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan - c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges

=========Mozilla firefox=========

ProfilePath - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\c6b01l9o.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\c6b01l9o.default\addons.json
Firefox Hello Beta (discontinued) - extension - loop@mozilla.org
Amazon Assistant for Firefox - extension - abb@amazon.com
Ant Video Downloader - extension - anttoolbar@ant.com

C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\c6b01l9o.default\extensions.json
HP Smart Web Printing - extension - smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
HP Smart Web Printing - extension - smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Amazon Assistant for Firefox - extension - abb@amazon.com - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\c6b01l9o.default\extensions\abb@amazon.com.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Firefox Hello - extension - loop@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\loop@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\c6b01l9o.default\pluginreg.dat
Plugin - AdobeAAMDetect - 1.0.0.0 - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
Plugin - Adobe Acrobat - 15.17.20050.61080 - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
Plugin - Google Update - 1.3.31.5 - C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
Plugin - Photo Gallery - 16.4.3528.331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Plugin - Microsoft Office 2010 - 14.0.4730.1010 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
Plugin - Microsoft Office 2010 - 14.0.4761.1000 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
Plugin - Silverlight Plug-In - 5.1.50428.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll
Plugin - Java(TM) Platform SE 8 U91 - 11.91.2.15 - C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
Plugin - Java Deployment Toolkit 8.0.910.15 - 11.91.2.15 - C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
Naposledy upravil(a) zuzuzu dne 24 úno 2017 12:16, celkem upraveno 1 x.
Nahoru
zuzuzu
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 24 úno 2017 11:42

Re: adware/malware potíže

#2 Příspěvek od zuzuzu »

část 2

=========Google Chrome=========

C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 0 Google Slides 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aiimdkdngfcipjohbjenkahhlhccpdbc 0 Flash Video Downloader 27.1.1
Extension aohghmighlieiainnegkcijnfilokake 0 Google Docs 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Google Drive 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Google Search 0.0.0.60
Extension deffladknimiikkjgkammfpiicnnjpfh
Extension dnhpdliibojhegemfjheidglijccjfmc 1 hotword helper 0.0.2.0
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efaidnbmnnnibpcajpcglclefindmkaj 2 Adobe Acrobat 15.1.0.3
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 0 Google Sheets 1.1
Extension fjnbnpbmkenffdnngjfgmeleoegfcffe 1 Stylish - Custom themes for any website 1.7.4
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 0 Google Docs Offline 1.4
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.8.7
Extension inobiceghmpkaklcknpniboilbjmlald 1 New XKit 7.7.1
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension laankejkbhbdhmipfmgcngdelahlfoji 0 StayFocusd 1.5.7
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension mihcahmgecmbnbcchbopgniflfhgnkff 1 Google Mail Checker 4.4.0
Extension nbpagnldghgfoolbancepceaanlmhfmd 1 Hotword triggering 0.0.1.4
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension ngpampappnmepgilojfohadhhmbhlaek 0 IDM Integration Module 6.27
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Chrome Web Store Payments 1.0.0.1
Extension oicmebkahbifjickpgjmdegihaekkiih 1 ThemeBeta.com 1
Extension pafkbggdmjlpgkdkcbjmhmfcdpncadgh 1 Google Now 1.2.0.1
Extension pbjikboenpfhbbejgkoklgkhjpfogcam 2 Amazon Assistant for Chrome 10.1602.8.800
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage:
default_search_provider.search_url:
C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek]
"Path"=C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08 500760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08 434712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19 186944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-11-28 16696832]
"TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2012-03-16 989056]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2012-03-02 595840]
"BatteryManager"=C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [2011-11-24 286632]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-09-25 631808]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-06-29 2585744]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2015-06-29 1514528]
"Wondershare Helper Compact.exe"=C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe []
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2017-01-20 2780112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2015-07-24 2895552]
"OneDrive"=C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-01-27 1517280]
"KakaoTalk"=C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [2017-02-20 7757120]
"msiql"=C:\Users\Toshiba\AppData\Local\Temp\00016292\msiql.exe /RUNNING []
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2016-06-10 3948600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"=C:\WINDOWS\system32\cmd.exe [2016-07-16 232960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TOSDCR"=C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe []
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
""= []
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5.5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
"Lightshot"=C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2016-07-11 225944]
"Wondershare Helper Compact.exe"=C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2016-10-08 2137744]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2017-02-24 11:36:22 ----A---- C:\WINDOWS\system32\drivers\MBAMChameleon.sys
2017-02-24 11:36:04 ----A---- C:\WINDOWS\system32\drivers\farflt.sys
2017-02-24 11:36:03 ----A---- C:\WINDOWS\system32\drivers\mwac.sys
2017-02-24 11:35:56 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2017-02-24 11:35:48 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2017-02-24 11:35:28 ----A---- C:\WINDOWS\system32\drivers\mbae64.sys
2017-02-24 11:35:17 ----D---- C:\ProgramData\Malwarebytes
2017-02-24 11:35:17 ----D---- C:\Program Files\Malwarebytes
2017-02-24 11:01:45 ----D---- C:\Users\Toshiba\AppData\Roaming\IDM
2017-02-24 10:58:24 ----D---- C:\Program Files (x86)\Internet Download Manager
2017-02-24 10:56:07 ----SHD---- C:\ProgramData\WindowsMsg
2017-02-24 10:55:37 ----D---- C:\Users\Toshiba\AppData\Roaming\KuaiZip
2017-02-24 10:55:37 ----A---- C:\WINDOWS\system32\drivers\KuaiZipDrive.sys
2017-02-24 10:55:36 ----D---- C:\Users\Toshiba\AppData\Roaming\Softlink
2017-02-24 10:55:21 ----D---- C:\Program Files\¿ìѹ
2017-02-24 10:55:10 ----D---- C:\Users\Toshiba\AppData\Roaming\UCChannel
2017-02-24 10:54:34 ----A---- C:\ProgramData\service.exe
2017-02-24 10:54:09 ----HD---- C:\ProgramData\10L3620z1997c265
2017-02-24 10:53:54 ----D---- C:\ProgramData\vCore
2017-02-03 16:36:30 ----D---- C:\ProgramData\IDM
2017-02-03 16:36:29 ----D---- C:\Users\Toshiba\AppData\Roaming\DMCache
2017-01-25 20:01:06 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2017-01-25 20:01:06 ----A---- C:\WINDOWS\system32\poqexec.exe

====== List of files/folders modified in the last 1 month ======

2017-02-24 12:12:09 ----D---- C:\WINDOWS\Prefetch
2017-02-24 12:12:08 ----D---- C:\Program Files\trend micro
2017-02-24 12:08:56 ----D---- C:\WINDOWS\system32\Tasks
2017-02-24 12:05:38 ----D---- C:\WINDOWS\Temp
2017-02-24 12:05:33 ----D---- C:\Program Files (x86)\Amazon Browser Settings
2017-02-24 12:02:52 ----D---- C:\WINDOWS\system32\sru
2017-02-24 12:02:11 ----D---- C:\WINDOWS\system32\catroot2
2017-02-24 11:53:38 ----D---- C:\Users\Toshiba\AppData\Roaming\uTorrent
2017-02-24 11:36:22 ----D---- C:\WINDOWS\system32\drivers
2017-02-24 11:35:17 ----RD---- C:\Program Files
2017-02-24 11:35:17 ----HD---- C:\ProgramData
2017-02-24 11:31:55 ----D---- C:\Program Files (x86)
2017-02-24 11:30:32 ----RSD---- C:\WINDOWS\Fonts
2017-02-24 11:30:10 ----SHD---- C:\WINDOWS\Installer
2017-02-24 11:30:10 ----HD---- C:\Config.Msi
2017-02-24 11:28:44 ----D---- C:\Users\Toshiba\AppData\Roaming\Andy
2017-02-24 11:28:09 ----D---- C:\Program Files (x86)\Common Files
2017-02-24 11:28:08 ----D---- C:\Program Files\Common Files
2017-02-24 11:28:05 ----D---- C:\WINDOWS\INF
2017-02-24 11:28:04 ----D---- C:\WINDOWS\system32\DriverStore
2017-02-24 11:27:46 ----D---- C:\WINDOWS\SysWOW64
2017-02-24 11:27:46 ----D---- C:\WINDOWS\System32
2017-02-24 11:23:32 ----D---- C:\WINDOWS\system32\SleepStudy
2017-02-24 08:42:39 ----D---- C:\WINDOWS\AppReadiness
2017-02-24 08:40:46 ----RD---- C:\WINDOWS\Microsoft.NET
2017-02-24 08:23:26 ----HD---- C:\Program Files\WindowsApps
2017-02-23 15:21:58 ----D---- C:\WINDOWS\system32\MRT
2017-02-23 15:16:25 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-02-23 10:11:55 ----D---- C:\WINDOWS\system32\config
2017-02-23 10:04:47 ----D---- C:\WINDOWS\WinSxS
2017-02-22 18:34:29 ----D---- C:\WINDOWS\CbsTemp
2017-02-22 09:41:53 ----D---- C:\ProgramData\ProductData
2017-02-21 21:50:29 ----SHD---- C:\System Volume Information
2017-02-18 14:31:00 ----D---- C:\Program Files (x86)\Amazon
2017-02-14 17:00:23 ----D---- C:\Users\Toshiba\AppData\Roaming\vlc
2017-02-06 20:48:07 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2017-01-29 19:14:59 ----D---- C:\WINDOWS\system32\CatRoot
2017-01-25 19:54:10 ----D---- C:\Windows

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R0 MBAMSwissArmy;MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2017-02-24 251848]
R1 dtsoftbus01;@oem35.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2015-02-08 283064]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\WINDOWS\system32\drivers\mbae64.sys [2017-01-20 77416]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-01-25 26528]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R2 IDMWFP;IDMWFP; C:\WINDOWS\system32\DRIVERS\idmwfp.sys [2016-05-24 207928]
R2 KuaiZipDrive;KuaiZipDrive; \??\C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [2017-02-24 92832]
R2 MBAMChameleon;MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [2017-02-24 176584]
R3 athr;@oem44.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\drivers\athw10x.sys [2016-12-14 4317112]
R3 HECIx64;@oem22.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface; C:\WINDOWS\System32\drivers\HECIx64.sys [2009-09-18 56344]
R3 MBAMFarflt;MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [2017-02-24 110536]
R3 MBAMProtection;MBAMProtection; \??\C:\WINDOWS\system32\drivers\mbam.sys [2017-02-24 43968]
R3 MBAMWebProtection;MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [2017-02-24 91584]
R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2016-09-25 175616]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2016-12-09 12914360]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-06-29 19600]
R3 nvvad_WaveExtensible;@oem89.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2017-01-19 46016]
R3 PGEffect;Pangu effect driver; C:\WINDOWS\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
R3 rt640x64;@oem76.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-12-14 946696]
R3 SynTP;@oem23.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2016-11-11 853096]
R3 Thotkey;@oem13.inf,%Thotkey%;Toshiba Hotkey Driver; C:\WINDOWS\System32\drivers\Thotkey.sys [2016-11-11 52816]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2017-01-08 608664]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2016-09-25 114176]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2016-10-05 128512]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2016-11-11 967168]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-09-25 84992]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 dot4;@oem11.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2015-09-11 151968]
S3 Dot4Print;@oem20.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\drivers\Dot4Prt.sys [2015-09-11 27040]
S3 dot4usb;@oem11.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2015-09-11 49056]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-09-25 73568]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2016-07-16 183808]
S3 RTSUER;@oem31.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2016-11-28 418784]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 Amazon Assistant Service;Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [2017-02-17 100528]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; %windir%\system32\svchost.exe -k apphost;"ServiceDll" = %windir%\system32\inetsrv\apphostsvc.dll
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CDPUserSvc_574b6;CDPUserSvc_574b6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-06-29 1148560]
R2 GoogleChromeUpService;GoogleChromeUpService; C:\ProgramData\service.exe [2017-02-24 1620992]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\syswow64\svchost.exe [2016-07-16 38792]
R2 KuaizipUpdateChecker;KuaizipUpdateChecker; %SystemRoot%\System32\svchost.exe -k kuaizipupdatesvc;"ServiceDll" = C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll
R2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-07-29 2909472]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-01-20 4355024]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2016-09-25 26112]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe -k HPZ12;"ServiceDll" = C:\Windows\system32\HPZinw12.dll
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-06-29 1706128]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-06-29 21833360]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2016-11-14 932728]
R2 OneSyncSvc_574b6;Sync Host_574b6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe -k HPZ12;"ServiceDll" = C:\Windows\system32\HPZipm12.dll
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-11-11 252008]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\syswow64\svchost.exe [2016-07-16 38792]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PimIndexMaintenanceSvc_574b6;Contact Data_574b6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\TimeBrokerServer.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 MessagingService_574b6;MessagingService_574b6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-08-17 146888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-07-24 838336]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-07-16 52920]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: adware/malware potíže

#3 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
zuzuzu
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 24 úno 2017 11:42

Re: adware/malware potíže

#4 Příspěvek od zuzuzu »

tady je ;_;

# AdwCleaner v6.043 - Log vytvořen 24/02/2017 v 13:28:45
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-23.4 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : zuzu - TOSHIBA-PC
# Spuštěno z : C:\Users\Toshiba\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: GoogleChromeUpService
[-] Služba smazána: KuaiZipDrive
[-] Služba smazána: KuaizipUpdateChecker


***** [ Složky ] *****

[-] Složka smazána: C:\Users\Toshiba\AppData\Roaming\Kuaizip
[-] Složka smazána: C:\Users\Toshiba\AppData\Roaming\Softlink
[-] Složka smazána: C:\Program Files\¿ìѹ
[-] Složka smazána: C:\ProgramData\WindowsMsg
[-] Složka smazána: C:\ProgramData\vCore
[-] Složka smazána: C:\Program Files (x86)\Amazon Browser Settings
[-] Složka smazána: C:\Users\Toshiba\AppData\Local\svchost


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk
[#] Soubor smazán: C:\WINDOWS\SysNative\drivers\KuaiZipDrive.sys
[-] Soubor smazán: C:\ProgramData\service.exe
[#] Soubor smazán: C:\ProgramData\service.exe
[-] Soubor smazán: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\c6b01l9o.default\extensions\abb@amazon.com.xpi


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: DistromaticUpdater-periodic
[-] Úloha smazána: DistromaticUpdater-logon
[-] Úloha smazána: KuaiZip_Update
[-] Úloha smazána: Microsoft\Windows\Media Center\VCore


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.001
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.002
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.003
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.004
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.005
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.006
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.007
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.008
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.009
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.01
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.010
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.011
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.012
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.013
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.014
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.015
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.016
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.017
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.018
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.019
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.02
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.020
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.021
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.022
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.023
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.024
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.025
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.026
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.027
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.028
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.029
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.03
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.030
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.031
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.032
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.033
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.034
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.035
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.036
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.037
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.038
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.039
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.04
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.040
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.041
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.042
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.043
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.044
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.045
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.046
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.047
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.048
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.049
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.05
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.050
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.051
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.052
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.053
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.054
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.055
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.056
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.057
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.058
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.059
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.06
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.060
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.061
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.062
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.063
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.064
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.065
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.066
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.067
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.068
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.069
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.07
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.070
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.071
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.072
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.073
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.074
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.075
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.076
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.077
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.078
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.079
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.08
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.080
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.081
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.082
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.083
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.084
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.085
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.086
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.087
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.088
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.089
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.09
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.090
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.091
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.092
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.093
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.094
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.095
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.096
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.097
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.098
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.099
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.7z
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.arj
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.bz2
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.cab
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.gz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.gzip
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.jar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.kz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.lzh
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.mou
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.rar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.rpm
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.tar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.tbz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.tgz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.wim
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.z
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip.zip
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[-] Klíč smazán: HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[-] Klíč smazán: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[-] Klíč smazán: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[-] Klíč smazán: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[-] Klíč smazán: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
[-] Klíč smazán: HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[-] Klíč smazán: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.001
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.002
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.003
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.004
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.005
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.006
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.007
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.008
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.009
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.01
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.010
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.011
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.012
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.013
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.014
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.015
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.016
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.017
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.018
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.019
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.02
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.020
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.021
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.022
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.023
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.024
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.025
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.026
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.027
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.028
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.029
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.03
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.030
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.031
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.032
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.033
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.034
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.035
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.036
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.037
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.038
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.039
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.04
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.040
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.041
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.042
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.043
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.044
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.045
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.046
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.047
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.048
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.049
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.05
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.050
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.051
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.052
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.053
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.054
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.055
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.056
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.057
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.058
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.059
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.06
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.060
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.061
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.062
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.063
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.064
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.065
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.066
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.067
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.068
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.069
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.07
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.070
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.071
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.072
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.073
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.074
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.075
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.076
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.077
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.078
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.079
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.08
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.080
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.081
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.082
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.083
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.084
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.085
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.086
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.087
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.088
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.089
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.09
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.090
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.091
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.092
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.093
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.094
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.095
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.096
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.097
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.098
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.099
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.7z
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.arj
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.bz2
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.cab
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gz
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gzip
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.jar
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.kz
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.lzh
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.mou
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rar
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rpm
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tar
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tbz
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tgz
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.wim
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.z
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip.zip
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
[-] Klíč smazán: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Klíč smazán: HKU\.DEFAULT\Software\UpgSvr
[-] Klíč smazán: HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\distromatic
[-] Klíč smazán: HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\Installer
[-] Klíč smazán: HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\AutoTime
[-] Klíč smazán: HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\KuaiZip
[-] Klíč smazán: HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\SNDA
[-] Klíč smazán: HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\KuaiZipSFX
[-] Klíč smazán: HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\VideoBox
[-] Klíč smazán: HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\dlr
[-] Klíč smazán: HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\PopWnd
[-] Klíč smazán: HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\UpgSvr
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\UpgSvr
[#] Klíč smazán po restartu: HKCU\Software\distromatic
[#] Klíč smazán po restartu: HKCU\Software\Installer
[#] Klíč smazán po restartu: HKCU\Software\AutoTime
[#] Klíč smazán po restartu: HKCU\Software\KuaiZip
[#] Klíč smazán po restartu: HKCU\Software\SNDA
[#] Klíč smazán po restartu: HKCU\Software\KuaiZipSFX
[#] Klíč smazán po restartu: HKCU\Software\VideoBox
[#] Klíč smazán po restartu: HKCU\Software\dlr
[#] Klíč smazán po restartu: HKCU\Software\PopWnd
[#] Klíč smazán po restartu: HKCU\Software\UpgSvr
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant
[#] Klíč smazán po restartu: [x64] HKCU\Software\distromatic
[#] Klíč smazán po restartu: [x64] HKCU\Software\Installer
[#] Klíč smazán po restartu: [x64] HKCU\Software\AutoTime
[#] Klíč smazán po restartu: [x64] HKCU\Software\KuaiZip
[#] Klíč smazán po restartu: [x64] HKCU\Software\SNDA
[#] Klíč smazán po restartu: [x64] HKCU\Software\KuaiZipSFX
[#] Klíč smazán po restartu: [x64] HKCU\Software\VideoBox
[#] Klíč smazán po restartu: [x64] HKCU\Software\dlr
[#] Klíč smazán po restartu: [x64] HKCU\Software\PopWnd
[#] Klíč smazán po restartu: [x64] HKCU\Software\UpgSvr
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
[-] Hodnota smazána: HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
[#] Hodnota smazána po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
[-] Klíč smazán: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Klíč smazán: HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
[#] Klíč smazán po restartu: [x64] HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam


***** [ Prohlížeče ] *****

[-] [C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: pbjikboenpfhbbejgkoklgkhjpfogcam


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [27815 Bajty] - [24/02/2017 13:28:45]
C:\AdwCleaner\AdwCleaner[S0].txt - [25032 Bajty] - [24/02/2017 13:24:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [27963 Bajty] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: adware/malware potíže

#5 Příspěvek od Rudy »

Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
zuzuzu
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 24 úno 2017 11:42

Re: adware/malware potíže

#6 Příspěvek od zuzuzu »

tady ;; ještě musím dodat, že mi nejde windows defender, pořád mi to říká 'this application is turned off by group policy'

first.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by zuzu (administrator) on TOSHIBA-PC (24-02-2017 15:43:03)
Running from C:\Users\Toshiba\Desktop
Loaded Profiles: zuzu (Available Profiles: zuzu & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: Czech (Czech Republic)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\Toshiba\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-28] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [286632 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-25] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-06-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1566398034-136460071-2575209188-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1566398034-136460071-2575209188-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-24] (Valve Corporation)
HKU\S-1-5-21-1566398034-136460071-2575209188-1000\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [7757120 2017-02-20] (Kakao Corp. )
HKU\S-1-5-21-1566398034-136460071-2575209188-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-10] (Tonec Inc.)
HKU\S-1-5-21-1566398034-136460071-2575209188-1000\...\MountPoints2: {6123f7f1-ac52-11e4-b18d-e069959321f1} - "H:\setup.exe"
HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-01-26]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0b9b4f96-6d23-4b70-9e03-54f00fcf0104}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{bfa8e98e-6c75-44b1-9e5b-ba75a936a7ea}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-1566398034-136460071-2575209188-1000 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File

FireFox:
========
FF DefaultProfile: c6b01l9o.default
FF ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\c6b01l9o.default [2016-08-23]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-01-26] [not signed]
FF HKU\S-1-5-21-1566398034-136460071-2575209188-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1566398034-136460071-2575209188-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF HKU\S-1-5-21-1566398034-136460071-2575209188-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1566398034-136460071-2575209188-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Toshiba\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Toshiba\AppData\Roaming\IDM\idmmzcc5 [2017-02-24] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://tabs.ultimate-guitar.com/b/bts/young_forever_acoustic_crd_1875166id_16092016date.htm
CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Google Slides) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Flash Video Downloader) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-23]
CHR Extension: (Google Docs) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-02-23]
CHR Extension: (Google Docs Offline) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27]
CHR Extension: (AdBlock) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-17]
CHR Extension: (New XKit) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-10-11]
CHR Extension: (StayFocusd) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-05-27]
CHR Extension: (Google Mail Checker) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-12-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (ThemeBeta.com) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\oicmebkahbifjickpgjmdegihaekkiih [2016-11-14]
CHR Extension: (Gmail) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-01-25]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [100528 2017-02-17] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-06-29] (NVIDIA Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-06-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-06-29] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-01-25] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [252008 2016-11-11] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4317112 2016-12-14] (Qualcomm Atheros Communications, Inc.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2015-09-11] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2015-09-11] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2015-02-08] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-25] (REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-24] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-24] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-24] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-19] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-12-14] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-11-28] (Realsil Semiconductor Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [52816 2016-11-11] (Toshiba Client Solutions Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-01-19] (Wellbia.com Co., Ltd.)
R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)
U3 idsvc; no ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; \SystemRoot\system32\DRIVERS\vmnetbridge.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 15:43 - 2017-02-24 15:45 - 00023650 _____ C:\Users\Toshiba\Desktop\FRST.txt
2017-02-24 15:42 - 2017-02-24 15:43 - 00000000 ____D C:\FRST
2017-02-24 15:41 - 2017-02-24 15:41 - 00112640 _____ (forum.viry.cz) C:\Users\Toshiba\Desktop\FRSTLauncher.exe
2017-02-24 15:41 - 2017-02-24 15:40 - 02423296 _____ (Farbar) C:\Users\Toshiba\Desktop\FRST64.exe
2017-02-24 15:40 - 2017-02-24 15:40 - 02423296 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64.exe
2017-02-24 13:22 - 2017-02-24 13:28 - 00000000 ____D C:\AdwCleaner
2017-02-24 13:21 - 2017-02-24 13:21 - 04015056 _____ C:\Users\Toshiba\Downloads\adwcleaner_6.043.exe
2017-02-24 11:36 - 2017-02-24 15:37 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-24 11:36 - 2017-02-24 13:31 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-24 11:36 - 2017-02-24 13:31 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-24 11:35 - 2017-02-24 13:31 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-24 11:35 - 2017-02-24 13:31 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-24 11:35 - 2017-02-24 11:35 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-24 11:35 - 2017-02-24 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-24 11:35 - 2017-02-24 11:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-24 11:35 - 2017-02-24 11:35 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-24 11:35 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-24 11:01 - 2017-02-24 11:48 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\IDM
2017-02-24 10:58 - 2017-02-24 11:03 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-02-24 10:58 - 2017-02-24 10:58 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-02-24 10:58 - 2017-02-24 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-02-24 10:55 - 2017-02-24 10:55 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
2017-02-24 10:55 - 2017-02-24 10:55 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\UCChannel
2017-02-24 10:54 - 2017-02-24 12:04 - 00000000 ___HD C:\ProgramData\10L3620z1997c265
2017-02-24 10:54 - 2017-02-24 10:54 - 00016826 _____ C:\WINDOWS\System32\Tasks\10L3620z1997c265
2017-02-17 16:43 - 2017-02-17 16:48 - 747692854 _____ C:\Users\Toshiba\Downloads\Our.Love.Story.2016.720p.HDRip.x264.AAC-indomoviemania.co.mkv
2017-02-03 16:36 - 2017-02-24 12:16 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\DMCache
2017-02-03 16:36 - 2017-02-24 11:56 - 00000000 ____D C:\Users\Toshiba\Downloads\Video
2017-02-03 16:36 - 2017-02-03 16:36 - 00000000 ____D C:\Users\Toshiba\Downloads\Compressed
2017-02-03 16:36 - 2017-02-03 16:36 - 00000000 ____D C:\ProgramData\IDM
2017-01-27 12:33 - 2017-01-27 12:41 - 00003278 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-25 20:01 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 20:01 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 15:31 - 2016-09-25 03:45 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-24 14:18 - 2015-04-07 13:57 - 00000132 _____ C:\Users\Toshiba\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-02-24 13:34 - 2016-09-25 04:29 - 00003012 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (zuzu)
2017-02-24 13:31 - 2016-11-14 16:42 - 00003320 _____ C:\WINDOWS\System32\Tasks\IORRT
2017-02-24 13:30 - 2016-09-25 04:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-24 13:29 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-24 12:39 - 2015-01-26 19:58 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\uTorrent
2017-02-24 12:12 - 2015-01-25 18:08 - 00000000 ____D C:\Program Files\trend micro
2017-02-24 12:04 - 2016-09-25 03:45 - 04805552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-24 12:01 - 2016-09-25 03:58 - 00000000 ____D C:\Users\Toshiba
2017-02-24 11:28 - 2016-07-21 14:30 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\Andy
2017-02-24 11:28 - 2016-07-16 23:25 - 00733136 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-24 11:28 - 2016-07-16 23:25 - 00182970 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-24 11:28 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-24 08:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-24 08:23 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-23 17:18 - 2015-11-22 10:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 15:21 - 2015-01-25 16:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 15:16 - 2015-01-25 16:50 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 23:36 - 2016-01-28 13:32 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Last.fm
2017-02-22 18:34 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 10:20 - 2016-08-23 11:12 - 00000000 ____D C:\Users\Toshiba\Documents\Lightshot
2017-02-22 09:41 - 2015-01-25 19:41 - 00000000 ____D C:\ProgramData\ProductData
2017-02-22 09:22 - 2015-08-07 11:25 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Packages
2017-02-21 19:55 - 2016-09-07 12:50 - 00000000 ____D C:\Users\Toshiba\Desktop\hd
2017-02-20 19:57 - 2016-03-15 00:21 - 00000000 ____D C:\Users\Toshiba\Documents\Anki
2017-02-19 18:02 - 2016-06-30 16:05 - 00000000 ____D C:\Users\Toshiba\Documents\Capture
2017-02-19 18:01 - 2015-04-07 13:30 - 00001456 _____ C:\Users\Toshiba\AppData\Local\Adobe Save for Web 12.0 Prefs
2017-02-19 13:38 - 2016-04-14 20:03 - 00000000 ____D C:\Users\Toshiba\Documents\KakaoTalk Downloads
2017-02-18 18:49 - 2015-01-31 21:45 - 00000000 ____D C:\Users\Toshiba\Desktop\Nová složka
2017-02-18 14:31 - 2016-03-27 00:59 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-02-14 17:00 - 2015-02-02 23:30 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\vlc
2017-02-07 19:15 - 2015-12-24 18:40 - 00000000 ___RD C:\Users\Toshiba\Documents\books
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 20:27 - 2015-01-25 16:09 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-27 12:41 - 2015-08-07 11:31 - 00002409 _____ C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 12:41 - 2015-08-07 11:31 - 00000000 ___RD C:\Users\Toshiba\OneDrive

==================== Files in the root of some directories =======

2015-04-07 13:57 - 2017-02-24 14:18 - 0000132 _____ () C:\Users\Toshiba\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-04-07 13:30 - 2017-02-19 18:01 - 0001456 _____ () C:\Users\Toshiba\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-08-23 11:11 - 2016-08-23 11:11 - 0000003 _____ () C:\Users\Toshiba\AppData\Local\updater.log
2016-08-23 11:11 - 2016-08-23 11:11 - 0000424 _____ () C:\Users\Toshiba\AppData\Local\UserProducts.xml
2017-01-16 19:33 - 2017-01-16 19:33 - 0004973 _____ () C:\ProgramData\czchsjpj.srw
2015-01-26 14:00 - 2016-10-19 14:51 - 0008990 _____ () C:\ProgramData\hpzinstall.log
2017-01-16 19:33 - 2017-01-16 19:33 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-02-24 10:53 - 2017-02-24 10:53 - 0856148 _____ ( ) C:\Users\Toshiba\AppData\Local\Temp\AutoTime51495.exe
2017-02-21 00:13 - 2017-02-03 16:45 - 0389765 _____ () C:\Users\Toshiba\AppData\Local\Temp\IDM Patch Uninstaller.exe
2016-12-23 09:09 - 2016-12-23 09:09 - 0737856 _____ (Oracle Corporation) C:\Users\Toshiba\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-19 14:53 - 2017-01-19 14:53 - 0739904 _____ (Oracle Corporation) C:\Users\Toshiba\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-02-24 10:53 - 2017-02-24 10:53 - 0286720 _____ () C:\Users\Toshiba\AppData\Local\Temp\offerpg3.exe
2017-02-24 11:03 - 2016-07-19 21:14 - 1328792 _____ (Andy OS, inc.) C:\Users\Toshiba\AppData\Local\Temp\RemoveTemp.exe
2017-02-24 11:23 - 2017-02-24 11:23 - 0210840 _____ () C:\Users\Toshiba\AppData\Local\Temp\Rho.exe
2017-02-24 10:53 - 2017-02-24 10:53 - 1199825 _____ () C:\Users\Toshiba\AppData\Local\Temp\unins000.exe
2017-02-24 10:53 - 2017-02-24 10:53 - 1239469 _____ (VideoBox ) C:\Users\Toshiba\AppData\Local\Temp\videobox.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_zuzu.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1566398034-136460071-2575209188-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Toshiba\Desktop" je 985 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================


addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by zuzu (24-02-2017 15:46:18)
Running from C:\Users\Toshiba\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-25 03:34:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1566398034-136460071-2575209188-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1566398034-136460071-2575209188-503 - Limited - Disabled)
Guest (S-1-5-21-1566398034-136460071-2575209188-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1566398034-136460071-2575209188-1002 - Limited - Enabled)
zuzu (S-1-5-21-1566398034-136460071-2575209188-1000 - Administrator - Enabled) => C:\Users\Toshiba

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Amazon Assistant (HKLM-x32\...\{C8D184AC-D6E2-411E-838C-468CB0E91DBF}) (Version: 10.17.0216 - Amazon) <==== ATTENTION
Anki (HKLM-x32\...\Anki) (Version: - )
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Black Desert Character Creator (HKLM-x32\...\{83AC6E37-6497-4A01-BB5D-AA845BA08832}) (Version: 1.0.0.2 - Daum Games EU)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
calibre 64bit (HKLM\...\{B1A4D7FA-D994-4304-8A31-D68ECF2B813D}) (Version: 2.47.0 - Kovid Goyal)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit)
F2400 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
IDM Crack 6.25 build 20 (HKLM-x32\...\IDM Crack 6.25 build 20) (Version: build 21 - Crackingpatching.com Team)
Inside (HKLM-x32\...\{9BD4503F-F711-491D-984A-AB4ABD66B8C2}_is1) (Version: - Playdead)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.5.3.1451 - Kakao Corp.)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1566398034-136460071-2575209188-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Movavi Video Suite 15 (HKLM-x32\...\Movavi Video Suite 15) (Version: 15.4.0 - Movavi)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 cs)) (Version: 48.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Potplayer-64 bit (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.5.21 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{CA3866DF-E8BB-4C27-A13C-49926C3C2C02}) (Version: 6.1.6.0 - Husdawg, LLC)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0130.640204 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.38 - TOSHIBA Corporation)
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Tropico 4 Collectors Bundle (HKLM-x32\...\Tropico 4 Collectors Bundle_is1) (Version: - )
Trove (HKLM-x32\...\Steam App 304050) (Version: - Trion Worlds)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.58 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{594AFF44-AE13-4CCE-B0CA-A48E56289502}) (Version: 2.8.1605.3142 - SplitmediaLabs)
Zaklínaè rozšíøená edice (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1566398034-136460071-2575209188-1000\...\ChromeHTML: -> <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05077355-6DC7-4445-8137-AA53F7B8E5A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {08C0E44D-59BB-42B8-A1D3-E4122BF3730F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {1AD3A070-C2E5-4D36-AA34-E269FDCA4784} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {20DBF5F1-8DE9-40DE-A47D-711E92CBAC8E} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {2800B8E0-69EA-49C4-A59F-40DC9B4F4F19} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-05-18] (IObit)
Task: {37A49359-9554-489B-91EF-3B97CCB019EC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3F7A6AE0-30B9-43B4-B3E5-9C57960D81CA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5881AF9F-DBE8-4018-B39F-B5393DED9A3C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-23] (Microsoft Corporation)
Task: {62608F3F-30F5-490E-9576-E7DA07293B15} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2015-03-28] () <==== ATTENTION
Task: {648D2C3C-D223-44EB-8AE4-D18DBCCE917B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6B452B15-64D9-42F1-B133-BF05BAF07638} - System32\Tasks\10L3620z1997c265 => Rundll32.exe "C:\ProgramData\10L3620z1997c265\10L3620z1997c265.dll",LzcxHEfH <==== ATTENTION
Task: {739399ED-9B5A-42B3-9331-0751778FDB57} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {788814E4-F699-4D72-B0B0-005B77FC211D} - System32\Tasks\update-S-1-5-21-1566398034-136460071-2575209188-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {8852C79E-6412-4FEF-A4A6-E5D3036BC3A9} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2015-03-28] () <==== ATTENTION
Task: {92E9C9E6-09F3-490F-A2DA-5C2B61D5C48C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9F576091-3B17-4FA1-88C7-79E350B9BACF} - System32\Tasks\Driver Booster SkipUAC (zuzu) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-05-23] (IObit)
Task: {A785B6D2-699D-46FE-912D-3AA3E1C1B0C0} - System32\Tasks\Uninstaller_SkipUac_zuzu => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {B260E190-2A1A-4D6F-9540-FD09DAE897C6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B2A79264-AAF0-4289-8329-900AD42FF4CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {C7E58385-DD3A-4EFF-A2D2-F01E8C68319B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CA32BDE3-B033-48D9-8FE9-6E7A0D3E88A9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CB23E247-92F4-4F07-ACD1-B800FB74C0A4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CE385498-D5E4-4CE4-8949-9C687654261E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {CEBA44D2-6F17-4EBD-AD88-AF452A51D5AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {DE9B8AA6-193B-4CC9-B126-0E251A386D52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {EF283B7C-6D82-42B3-8D43-564C131E3774} - System32\Tasks\Driver Booster SkipUAC (Toshiba) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-05-23] (IObit)
Task: {FB9FFC90-BCB9-45ED-8D47-12AFA2CC9C6A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FE5ED54D-73C2-4C8E-8DE3-2D2027564152} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_zuzu.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1566398034-136460071-2575209188-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: adware/malware potíže

#7 Příspěvek od Rudy »

Defender je vypnut (podle té hlášky). Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
Toolbar: HKU\S-1-5-21-1566398034-136460071-2575209188-1000 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
U3 idsvc; no ImagePath
C:\WINDOWS\System32\Tasks\10L3620z1997c265
Task: {05077355-6DC7-4445-8137-AA53F7B8E5A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {37A49359-9554-489B-91EF-3B97CCB019EC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3F7A6AE0-30B9-43B4-B3E5-9C57960D81CA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {62608F3F-30F5-490E-9576-E7DA07293B15} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2015-03-28] () <==== ATTENTION
Task: {648D2C3C-D223-44EB-8AE4-D18DBCCE917B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6B452B15-64D9-42F1-B133-BF05BAF07638} - System32\Tasks\10L3620z1997c265 => Rundll32.exe "C:\ProgramData\10L3620z1997c265\10L3620z1997c265.dll",LzcxHEfH <==== ATTENTION
Task: {8852C79E-6412-4FEF-A4A6-E5D3036BC3A9} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2015-03-28] () <==== ATTENTION
Task: {92E9C9E6-09F3-490F-A2DA-5C2B61D5C48C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B260E190-2A1A-4D6F-9540-FD09DAE897C6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7E58385-DD3A-4EFF-A2D2-F01E8C68319B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CA32BDE3-B033-48D9-8FE9-6E7A0D3E88A9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CB23E247-92F4-4F07-ACD1-B800FB74C0A4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CE385498-D5E4-4CE4-8949-9C687654261E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FB9FFC90-BCB9-45ED-8D47-12AFA2CC9C6A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FE5ED54D-73C2-4C8E-8DE3-2D2027564152} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
zuzuzu
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 24 úno 2017 11:42

Re: adware/malware potíže

#8 Příspěvek od zuzuzu »

A jak jej prosím znovu zapnu? V okně které mi vyskočí ohledně toho, že nemám zapnutou antivirovou ochranu to píše, že je to 'off' ale když kliknu 'turn on' nic se neděje :(.


log

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by zuzu (24-02-2017 19:22:23) Run:2
Running from C:\Users\Toshiba\Desktop
Loaded Profiles: zuzu (Available Profiles: zuzu & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
Toolbar: HKU\S-1-5-21-1566398034-136460071-2575209188-1000 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
U3 idsvc; no ImagePath
C:\WINDOWS\System32\Tasks\10L3620z1997c265
Task: {05077355-6DC7-4445-8137-AA53F7B8E5A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {37A49359-9554-489B-91EF-3B97CCB019EC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3F7A6AE0-30B9-43B4-B3E5-9C57960D81CA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {62608F3F-30F5-490E-9576-E7DA07293B15} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2015-03-28] () <==== ATTENTION
Task: {648D2C3C-D223-44EB-8AE4-D18DBCCE917B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6B452B15-64D9-42F1-B133-BF05BAF07638} - System32\Tasks\10L3620z1997c265 => Rundll32.exe "C:\ProgramData\10L3620z1997c265\10L3620z1997c265.dll",LzcxHEfH <==== ATTENTION
Task: {8852C79E-6412-4FEF-A4A6-E5D3036BC3A9} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2015-03-28] () <==== ATTENTION
Task: {92E9C9E6-09F3-490F-A2DA-5C2B61D5C48C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B260E190-2A1A-4D6F-9540-FD09DAE897C6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7E58385-DD3A-4EFF-A2D2-F01E8C68319B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CA32BDE3-B033-48D9-8FE9-6E7A0D3E88A9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CB23E247-92F4-4F07-ACD1-B800FB74C0A4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CE385498-D5E4-4CE4-8949-9C687654261E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FB9FFC90-BCB9-45ED-8D47-12AFA2CC9C6A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FE5ED54D-73C2-4C8E-8DE3-2D2027564152} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key not found.
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found.
HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.
HKU\S-1-5-21-1566398034-136460071-2575209188-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => value not found.
HKCR\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => key not found.
idsvc => service not found.
"C:\WINDOWS\System32\Tasks\10L3620z1997c265" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05077355-6DC7-4445-8137-AA53F7B8E5A6} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37A49359-9554-489B-91EF-3B97CCB019EC} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F7A6AE0-30B9-43B4-B3E5-9C57960D81CA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62608F3F-30F5-490E-9576-E7DA07293B15} => key not found.
C:\WINDOWS\System32\Tasks\Hybrid => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hybrid => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{648D2C3C-D223-44EB-8AE4-D18DBCCE917B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B452B15-64D9-42F1-B133-BF05BAF07638} => key not found.
C:\WINDOWS\System32\Tasks\10L3620z1997c265 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10L3620z1997c265 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8852C79E-6412-4FEF-A4A6-E5D3036BC3A9} => key not found.
C:\WINDOWS\System32\Tasks\IORRT => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IORRT => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92E9C9E6-09F3-490F-A2DA-5C2B61D5C48C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B260E190-2A1A-4D6F-9540-FD09DAE897C6} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7E58385-DD3A-4EFF-A2D2-F01E8C68319B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA32BDE3-B033-48D9-8FE9-6E7A0D3E88A9} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB23E247-92F4-4F07-ACD1-B800FB74C0A4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE385498-D5E4-4CE4-8949-9C687654261E} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB9FFC90-BCB9-45ED-8D47-12AFA2CC9C6A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE5ED54D-73C2-4C8E-8DE3-2D2027564152} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 0 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 20480 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Toshiba => 25592778036 B
DefaultAppPool => 6144 B

RecycleBin => 2458308 B
EmptyTemp: => 23.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:22:14 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: adware/malware potíže

#9 Příspěvek od Rudy »

Smazáno. Ještě proveďte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
zuzuzu
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 24 úno 2017 11:42

Re: adware/malware potíže

#10 Příspěvek od zuzuzu »

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/24/17
Scan Time: 9:43 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1343
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: Toshiba-PC\zuzu

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 479055
Time Elapsed: 13 min, 41 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.Kuaizip, C:\WINDOWS\SYSTEM32\DRIVERS\KUAIZIPDRIVE.SYS, No Action By User, [1412], [329545],1.0.1343

Physical Sector: 0
(No malicious items detected)


(end)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: adware/malware potíže

#11 Příspěvek od Rudy »

Nález MBAM smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
zuzuzu
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 24 úno 2017 11:42

Re: adware/malware potíže

#12 Příspěvek od zuzuzu »

Smazáno :3 myslíte, že už teda vše ok?? ;-;
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: adware/malware potíže

#13 Příspěvek od Rudy »

Mělo by být. Záleží na tom, zda vaše potíže pominuly.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
zuzuzu
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 24 úno 2017 11:42

Re: adware/malware potíže

#14 Příspěvek od zuzuzu »

Vše se zdá v pořádku :3 mockrát vám děkuji ♥♥♥
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118254
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: adware/malware potíže

#15 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“