Podozrivá hláška pri spustení Windows 8.1

Zpráva

Sinus · #1 Příspěvek od **Sinus** » 20 zář 2017 01:02

Dobrý deň.

Chcem Vás poprosiť o pomoc. Po spustení systému Windows 8.1 X64 mi nabehne táto hláška :

Autolt Error

Line 0 (File"C:\Users\Es\AppData\Roaming\fGhgiAEZTJBHIVPOGHd"):
Error: Error opening the file.

Ako sa zdá , počítač funguje bez chýb, ale rád by som Vás poprosil aj o celkové jeho vyšetrenie, či tomu tak naozaj je, pretože už niekoľkokrát som chcel nainštalovať nejaké hry a nešlo to.

Tu je LOG :
Logfile of random's system information tool 1.10 (written by random/random)
Run by Es at 2017-09-20 01:34:40
Microsoft Windows 8.1
System drive C: has 378 GB (80%) free of 470 GB
Total RAM: 8043 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:34:44, on 20.9.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18792)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Corel\Graphics9\Register\Remind32.exe
C:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Es.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... SRB15ESRBX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... SRB15ESRBX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type= ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... SRB15ESRBX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - (no file)
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O2 - BHO: PriceMinus - {F02B436F-D9F9-44A2-998C-1806FE41268E} - (no file)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [CLWCSM] "c:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe"
O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [YouCam Mirage] "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] C:\Users\Es\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S235C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Es\AppData\Roaming\BitTorrent\updates\7.10.0_43917.exe" /MINIMIZED
O4 - Startup: GZdWaOAIIMQaGLPH.cmd.lnk = Es\AppData\Roaming\SRaSaBhYUNIYIKIPQKOcP.cmd
O4 - Startup: Reminder-cor40212.lnk = C:\Program Files (x86)\Corel\Graphics9\Register\Remind32.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Digital Wave Update Service (DigitalWave.Update.Service) - Digital Wave Ltd. - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
O23 - Service: DigitalPersona Authentication Service (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HP HotSpot 1.0 Service (HotSpotSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe
O23 - Service: HP File Sanitizer (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem34.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\SysWOW64\NLSSRV32.EXE
O23 - Service: RoxMediaDB13 - Rovi Corporation - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Rovi Corporation - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10129 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\WINDOWS\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15216 bytes

======Listing Processes======

wininit.exe

winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\WINDOWS\system32\Hpservice.exe
C:\WINDOWS\system32\vcsFPService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
dashost.exe {ecb3fc9f-9ae5-465e-a4eef74da47a56a5}
"C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe"
C:\WINDOWS\SysWOW64\NLSSRV32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
atieclxx
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\WINDOWS\Explorer.EXE
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
"C:\Windows\RtsCM64.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Corel\Graphics9\Register\Remind32.exe"
"C:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe"
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"
"C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\WINDOWS\system32\mspaint.exe"
"C:\Program Files (x86)\totalcmd\TOTALCMD.EXE"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="5580.0.120743705\1359086000" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 5580 "\\.\pipe\gecko-crash-server-pipe.5580" gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="5580.3.1223505993\1141409832" -childID 1 -isForBrowser -intPrefs 5:50|6:-1|28:1000|33:20|34:10|43:128|44:10000|49:0|51:400|52:1|53:0|54:0|59:0|60:120|61:120|91:2|92:1|106:5000|117:0|119:0|130:10000|142:-1|147:128|148:10000|149:0|155:24|156:32768|158:0|159:0|167:5|171:1048576|172:100|173:5000|175:600|177:1|186:1|190:0|200:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|35:1|36:0|37:0|38:0|41:1|42:1|45:0|46:0|47:0|48:0|50:0|55:1|56:1|57:0|58:1|62:1|63:1|64:0|65:1|66:1|67:0|68:1|71:0|72:0|75:1|76:1|80:1|81:1|82:1|83:0|85:0|86:0|87:1|88:0|93:1|94:0|100:0|105:0|108:1|109:1|112:1|114:1|118:0|121:1|124:1|125:1|131:0|132:0|133:1|135:0|141:0|143:1|144:0|145:1|146:0|153:0|154:0|157:1|160:1|162:1|164:1|165:0|170:0|174:1|179:0|180:0|181:0|182:1|183:0|184:0|185:1|188:0|192:0|193:0|194:1|195:1|196:0|197:1|198:1|199:1|201:0|202:0|204:0|212:1|213:1|214:0|215:0|216:0| -stringPrefs "3:7;release|134:3;1.0|151:332; ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵ ‎‏‐’․‧  ‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ￹￺￻�|152:8;moderate|187:38;{a8c38558-32d3-42db-99e1-a6a4f2a48bd4}|" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 5580 "\\.\pipe\gecko-crash-server-pipe.5580" tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="5580.17.2103965713\1924065440" -childID 2 -isForBrowser -intPrefs 5:50|6:-1|28:1000|33:20|34:10|43:128|44:10000|49:0|51:400|52:1|53:0|54:0|59:0|60:120|61:120|91:2|92:1|106:5000|117:0|119:0|130:10000|142:-1|147:128|148:10000|149:0|155:24|156:32768|158:0|159:0|167:5|171:1048576|172:100|173:5000|175:600|177:1|186:1|190:0|200:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|35:1|36:0|37:0|38:0|41:1|42:1|45:0|46:0|47:0|48:0|50:0|55:1|56:1|57:0|58:1|62:1|63:1|64:0|65:1|66:1|67:0|68:1|71:0|72:0|75:1|76:1|80:1|81:1|82:1|83:0|85:0|86:0|87:1|88:0|93:1|94:0|100:0|105:0|108:1|109:1|112:1|114:1|118:0|121:1|124:1|125:1|131:0|132:0|133:1|135:0|141:0|143:1|144:0|145:1|146:0|153:0|154:0|157:1|160:1|162:1|164:1|165:0|170:0|174:1|179:0|180:0|181:0|182:1|183:0|184:0|185:1|188:0|192:0|193:0|194:1|195:1|196:0|197:1|198:1|199:1|201:0|202:0|204:0|212:1|213:1|214:0|215:0|216:0| -stringPrefs "3:7;release|134:3;1.0|151:332; ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵ ‎‏‐’․‧  ‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ￹￺￻�|152:8;moderate|187:38;{a8c38558-32d3-42db-99e1-a6a4f2a48bd4}|" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 5580 "\\.\pipe\gecko-crash-server-pipe.5580" tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="5580.40.1940891738\955786466" -childID 5 -isForBrowser -intPrefs 5:50|6:-1|28:1000|33:20|34:10|43:128|44:10000|49:0|51:400|52:1|53:0|54:0|59:0|60:120|61:120|91:2|92:1|106:5000|117:0|119:0|130:10000|142:-1|147:128|148:10000|149:0|155:24|156:32768|158:0|159:0|167:5|171:1048576|172:100|173:5000|175:600|177:1|186:1|190:0|200:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|35:1|36:0|37:0|38:0|41:1|42:1|45:0|46:0|47:0|48:0|50:0|55:1|56:1|57:0|58:1|62:1|63:1|64:0|65:1|66:1|67:0|68:1|71:0|72:0|75:1|76:1|80:1|81:1|82:1|83:0|85:0|86:0|87:1|88:0|93:1|94:0|100:0|105:0|108:1|109:1|112:1|114:1|118:0|121:1|124:1|125:1|131:0|132:0|133:1|135:0|141:0|143:1|144:0|145:1|146:0|153:0|154:0|157:1|160:1|162:1|164:1|165:0|170:0|174:1|179:0|180:0|181:0|182:1|183:0|184:0|185:1|188:0|192:0|193:0|194:1|195:1|196:0|197:1|198:1|199:1|201:0|202:0|204:0|212:1|213:1|214:0|215:0|216:0| -stringPrefs "3:7;release|134:3;1.0|151:332; ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵ ‎‏‐’․‧  ‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ￹￺￻�|152:8;moderate|187:38;{a8c38558-32d3-42db-99e1-a6a4f2a48bd4}|" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 5580 "\\.\pipe\gecko-crash-server-pipe.5580" tab

"C:\My downloads\FRST64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
"C:\My downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\Bidaily Synchronize Task[973b].job - c:\programdata\{176d1195-c756-1122-176d-d1195c754657}\ccleaner 5.06.5219 business, technician and professional incl crack key.exe --startup=1 --single
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /c
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-574935564-1413127515-271748262-1002Core.job - C:\Users\Es\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-574935564-1413127515-271748262-1002Core1cffa789df265a9.job - C:\Users\Es\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-574935564-1413127515-271748262-1002Core1d0006f7d554cf0.job - C:\Users\Es\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-574935564-1413127515-271748262-1002Core1d0430e8a5fa63d.job - C:\Users\Es\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-574935564-1413127515-271748262-1002Core1d09275fa7167d0.job - C:\Users\Es\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-574935564-1413127515-271748262-1002Core1d0ceebe29f2744.job - C:\Users\Es\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-574935564-1413127515-271748262-1002Core1d0e3779fa7a39e.job - C:\Users\Es\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-574935564-1413127515-271748262-1002Core1d0f17e66f9fe86.job - C:\Users\Es\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-574935564-1413127515-271748262-1002Core1d134dd788c030e.job - C:\Users\Es\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-574935564-1413127515-271748262-1002Core1d15ebc15f2d890.job - C:\Users\Es\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-574935564-1413127515-271748262-1002Core1d1aafc46890c30.job - C:\Users\Es\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\HPCeeScheduleForEs.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForEs (null)
C:\WINDOWS\tasks\SpyHunter4.job - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe -scan

=========Mozilla firefox=========

ProfilePath - C:\Users\Es\AppData\Roaming\Mozilla\Firefox\Profiles\0y7ys885.default-1463519265204

prefs.js - "browser.startup.homepage" - "https://www.google.sk/?gws_rd=ssl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 27.0.0.130 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.111.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\digitalpersona.com/ChromeDPAgent]
"Description"=
"Path"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 27.0.0.130 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
DVDVideoSoft IE Extension - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-04-15 357376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F02B436F-D9F9-44A2-998C-1806FE41268E}]
PriceMinus

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
HP File Sanitizer - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-03-06 107736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20 186944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
DVDVideoSoft IE Extension - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-12-09 322408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F02B436F-D9F9-44A2-998C-1806FE41268E}]
PriceMinus

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtsCM"=C:\WINDOWS\RTSCM64.EXE [2013-03-07 144456]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2014-03-01 1703424]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2015-01-28 5595848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"Google Update"=C:\Users\Es\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [2017-04-29 601168]
"EPSON SX100 Series"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [2008-02-05 221696]
"BitTorrent"=C:\Users\Es\AppData\Roaming\BitTorrent\updates\7.10.0_43917.exe [2017-08-12 2150088]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-01-10 56568]
"CLWCSM"=c:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe [2013-02-20 249096]
"File Sanitizer"=c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2013-03-06 13685464]
"YouCam Mirage"=c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-02-01 136488]
"YouCam Tray"=c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2013-02-01 167488]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-21 111136]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-11-21 493088]
"RoxWatchTray"=C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [2011-07-13 293360]
"ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2010-05-21 324976]
"CPMonitor"=C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe [2011-07-08 84464]
"Desktop Disc Tool"=C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe [2011-06-12 506352]
"mobilegeni daemon"=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe []
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2014-05-16 336672]
""= []
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-08-19 767176]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe []

C:\Users\Es\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
GZdWaOAIIMQaGLPH.cmd.lnk - C:\Users\Es\AppData\Roaming\SRaSaBhYUNIYIKIPQKOcP.cmd
Reminder-cor40212.lnk - C:\Program Files (x86)\Corel\Graphics9\Register\Remind32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-09-20 01:34:40 ----D---- C:\rsit
2017-09-20 01:34:40 ----D---- C:\Program Files\trend micro
2017-09-20 01:31:53 ----D---- C:\FRST
2017-09-15 01:16:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2017-09-15 01:16:03 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2017-09-15 01:16:02 ----A---- C:\WINDOWS\system32\win32spl.dll
2017-09-15 01:16:01 ----A---- C:\WINDOWS\system32\shell32.dll
2017-09-15 01:16:00 ----A---- C:\WINDOWS\system32\ieframe.dll
2017-09-15 01:15:59 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2017-09-15 01:15:58 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2017-09-15 01:15:58 ----A---- C:\WINDOWS\system32\jscript9.dll
2017-09-15 01:15:57 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2017-09-15 01:15:57 ----A---- C:\WINDOWS\system32\glcndFilter.dll
2017-09-15 01:15:56 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2017-09-15 01:15:56 ----A---- C:\WINDOWS\SYSWOW64\glcndFilter.dll
2017-09-15 01:15:56 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-15 01:15:56 ----A---- C:\WINDOWS\system32\win32k.sys
2017-09-15 01:15:55 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2017-09-15 01:15:55 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2017-09-15 01:15:55 ----A---- C:\WINDOWS\system32\wininet.dll
2017-09-15 01:15:55 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-15 01:15:54 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2017-09-15 01:15:54 ----A---- C:\WINDOWS\system32\puiobj.dll
2017-09-15 01:15:54 ----A---- C:\WINDOWS\system32\iertutil.dll
2017-09-15 01:15:54 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2017-09-15 01:15:53 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2017-09-15 01:15:53 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2017-09-15 01:15:53 ----A---- C:\WINDOWS\system32\wevtapi.dll
2017-09-15 01:15:53 ----A---- C:\WINDOWS\system32\wer.dll
2017-09-15 01:15:53 ----A---- C:\WINDOWS\system32\urlmon.dll
2017-09-15 01:15:53 ----A---- C:\WINDOWS\system32\localspl.dll
2017-09-15 01:15:53 ----A---- C:\WINDOWS\system32\gdi32.dll
2017-09-15 01:15:53 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2017-09-15 01:15:52 ----A---- C:\WINDOWS\SYSWOW64\wevtapi.dll
2017-09-15 01:15:52 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2017-09-15 01:15:52 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2017-09-15 01:15:52 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2017-09-15 01:15:52 ----A---- C:\WINDOWS\system32\srvsvc.dll
2017-09-15 01:15:52 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2017-09-15 01:15:52 ----A---- C:\WINDOWS\system32\msfeeds.dll
2017-09-15 01:15:51 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2017-09-15 01:15:51 ----A---- C:\WINDOWS\SYSWOW64\gdi32.dll
2017-09-15 01:15:51 ----A---- C:\WINDOWS\system32\tpmvsc.dll
2017-09-15 01:15:51 ----A---- C:\WINDOWS\system32\ntdll.dll
2017-09-15 01:15:51 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2017-09-15 01:15:51 ----A---- C:\WINDOWS\system32\drivers\disk.sys
2017-09-15 01:15:50 ----A---- C:\WINDOWS\SYSWOW64\rastls.dll
2017-09-15 01:15:50 ----A---- C:\WINDOWS\SYSWOW64\PCPTpm12.dll
2017-09-15 01:15:50 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2017-09-15 01:15:50 ----A---- C:\WINDOWS\SYSWOW64\appidapi.dll
2017-09-15 01:15:50 ----A---- C:\WINDOWS\system32\TpmTasks.dll
2017-09-15 01:15:50 ----A---- C:\WINDOWS\system32\PCPTpm12.dll
2017-09-15 01:15:50 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2017-09-15 01:15:50 ----A---- C:\WINDOWS\system32\drivers\srvnet.sys
2017-09-15 01:15:50 ----A---- C:\WINDOWS\system32\drivers\netbt.sys
2017-09-15 01:15:49 ----A---- C:\WINDOWS\SYSWOW64\ntprint.dll
2017-09-15 01:15:49 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2017-09-15 01:15:49 ----A---- C:\WINDOWS\system32\shdocvw.dll
2017-09-15 01:15:49 ----A---- C:\WINDOWS\system32\rastls.dll
2017-09-15 01:15:49 ----A---- C:\WINDOWS\system32\drivers\nsiproxy.sys
2017-09-15 01:15:49 ----A---- C:\WINDOWS\system32\appidapi.dll
2017-09-15 01:15:48 ----A---- C:\WINDOWS\SYSWOW64\shdocvw.dll
2017-09-15 01:15:48 ----A---- C:\WINDOWS\system32\wermgr.exe
2017-09-15 01:15:48 ----A---- C:\WINDOWS\system32\ntprint.dll
2017-09-15 01:15:47 ----A---- C:\WINDOWS\SYSWOW64\wermgr.exe
2017-09-15 01:15:47 ----A---- C:\WINDOWS\system32\iscsium.dll
2017-09-15 01:15:47 ----A---- C:\WINDOWS\system32\appidpolicyconverter.exe
2017-09-15 01:15:46 ----A---- C:\WINDOWS\SYSWOW64\iscsium.dll
2017-09-15 01:15:46 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2017-09-15 01:15:46 ----A---- C:\WINDOWS\system32\webcheck.dll
2017-09-15 01:15:46 ----A---- C:\WINDOWS\system32\appidcertstorecheck.exe
2017-09-15 01:15:45 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\system32\vbscript.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\system32\mshtmled.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\system32\jscript.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\system32\inetcomm.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\system32\iepeers.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\system32\dxtrans.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\system32\certcli.dll
2017-09-15 01:15:45 ----A---- C:\WINDOWS\system32\appidsvc.dll
2017-09-15 01:15:44 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2017-09-15 01:15:44 ----A---- C:\WINDOWS\system32\lsasrv.dll

======List of files/folders modified in the last 1 month======

2017-09-20 01:34:40 ----RD---- C:\Program Files
2017-09-20 01:34:29 ----D---- C:\WINDOWS\Temp
2017-09-20 01:34:29 ----D---- C:\My downloads
2017-09-20 01:34:05 ----D---- C:\WINDOWS\Prefetch
2017-09-20 01:34:05 ----AD---- C:\Windows
2017-09-20 01:22:47 ----D---- C:\WINDOWS\system32\Tasks
2017-09-20 01:17:27 ----D---- C:\WINDOWS\Inf
2017-09-20 01:17:27 ----D---- C:\WINDOWS\debug
2017-09-20 01:08:53 ----HD---- C:\Program Files\WindowsApps
2017-09-20 01:06:48 ----D---- C:\WINDOWS\AppReadiness
2017-09-20 01:02:04 ----D---- C:\WINDOWS\system32\sru
2017-09-20 00:48:21 ----D---- C:\WINDOWS\system32\config
2017-09-20 00:40:13 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2017-09-20 00:37:04 ----D---- C:\WINDOWS\Microsoft.NET
2017-09-20 00:37:01 ----D---- C:\WINDOWS\WinSxS
2017-09-20 00:36:09 ----D---- C:\WINDOWS\system32\DriverStore
2017-09-18 08:59:55 ----RD---- C:\WINDOWS\ToastData
2017-09-18 08:59:47 ----D---- C:\WINDOWS\SYSWOW64\wbem
2017-09-18 08:59:47 ----D---- C:\WINDOWS\SYSWOW64\sk-SK
2017-09-18 08:59:47 ----D---- C:\WINDOWS\SysWOW64
2017-09-18 08:59:47 ----D---- C:\Program Files\Internet Explorer
2017-09-18 08:59:47 ----D---- C:\Program Files (x86)\Internet Explorer
2017-09-18 08:59:45 ----D---- C:\WINDOWS\system32\drivers
2017-09-18 08:59:44 ----RD---- C:\WINDOWS\System32
2017-09-18 08:59:44 ----D---- C:\WINDOWS\system32\wbem
2017-09-18 08:59:44 ----D---- C:\WINDOWS\system32\sk-SK
2017-09-18 08:59:05 ----D---- C:\WINDOWS\system32\MRT
2017-09-18 08:54:05 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-09-16 12:25:04 ----D---- C:\WINDOWS\system32\NDF
2017-09-15 23:36:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-15 23:35:45 ----D---- C:\Users\Es\AppData\Roaming\DAEMON Tools Lite
2017-09-15 23:35:45 ----D---- C:\Users\Es\AppData\Roaming\BitTorrent
2017-09-15 11:54:58 ----D---- C:\WINDOWS\CbsTemp
2017-09-15 11:50:00 ----SHD---- C:\System Volume Information
2017-09-15 11:21:37 ----D---- C:\WINDOWS\system32\Macromed
2017-09-15 11:21:32 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-09-15 01:02:38 ----D---- C:\WINDOWS\system32\catroot2
2017-09-15 00:52:15 ----D---- C:\WINDOWS\Tasks
2017-09-06 02:23:54 ----SHD---- C:\WINDOWS\Installer
2017-09-06 02:06:43 ----RD---- C:\Program Files (x86)
2017-09-05 01:42:37 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-05 01:42:37 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-09-02 01:54:50 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2017-08-28 12:53:39 ----RD---- C:\Users
2017-08-25 18:41:31 ----AD---- C:\SWSETUP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;@oem48.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\WINDOWS\System32\drivers\amdkmpfd.sys [2013-12-13 36096]
R0 edevmon;edevmon; C:\WINDOWS\system32\DRIVERS\edevmon.sys [2015-03-10 241880]
R0 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2015-03-10 64208]
R0 hpdskflt;@oem34.inf,%service_desc%;HP Filter; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2013-03-02 30520]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2013-01-02 641672]
R0 PinFile;PinFile; C:\WINDOWS\system32\DRIVERS\PinFile.sys [2013-03-18 49856]
R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2011-05-24 55952]
R0 Sahdad64;HDD Filter Driver; C:\WINDOWS\System32\Drivers\Sahdad64.sys [2011-02-09 27120]
R0 Saibad64;Volume Filter Driver; C:\WINDOWS\System32\Drivers\Saibad64.sys [2011-02-09 19952]
R0 SDDisk2K;SDDisk2K; C:\WINDOWS\system32\DRIVERS\SDDisk2K.sys [2013-03-27 212672]
R0 SDDToki;SDDToki; C:\WINDOWS\system32\DRIVERS\SDDToki.sys [2013-01-07 131928]
R0 SysCow;SysCow; C:\WINDOWS\system32\drivers\syscowad64v.sys [2010-05-23 164848]
R1 CLVirtualDrive;CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 dtsoftbus01;@oem36.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2014-03-01 283064]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2015-03-10 246000]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2015-03-10 169792]
R1 EpfwLWF;@oem62.inf,%EpfwLWF_Desc%;Epfw NDIS LightWeight Filter; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [2015-03-10 44632]
R1 Eve;@oem33.inf,%EVE_Desc%;EVE Protocol Driver; C:\WINDOWS\system32\DRIVERS\eve.sys [2014-04-10 41304]
R1 SaibVdAd64;Virtual Disk Driver; C:\WINDOWS\System32\Drivers\SaibVdAd64.sys [2011-02-09 27632]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2015-03-10 222280]
R3 Accelerometer;@oem34.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2013-03-02 43320]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2016-01-14 21645320]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2016-01-14 676360]
R3 BTHUSB;@Bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 clwcsm;@oem27.inf,%clwcsm.DeviceDesc%;CyberLink Webcam Sharing Manager 4.2; C:\WINDOWS\system32\DRIVERS\clwcsm.sys [2013-02-19 42944]
R3 HpqKbFiltr;@oem43.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys [2014-05-15 28376]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2017-06-02 3802600]
R3 IntcDAud;@oem15.inf,%IntcDAud.SvcDesc%;Intel(R) Zvuk pre obrazovky; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-07-03 454416]
R3 iwdbus;@oem28.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-01 38896]
R3 MEIx64;@oem39.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-07-12 62784]
R3 netr28x;@oem18.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2014-08-12 2432656]
R3 rtbth;@oem16.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\WINDOWS\System32\drivers\rtbth.sys [2015-11-19 1205872]
R3 RTL8168;@oem14.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-02-26 772680]
R3 rtsuvc;@oem22.inf,%rtsuvc.DeviceDesc%;HP HD Webcam [Fixed]; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2013-03-07 8243144]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10329; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [2014-03-01 551936]
R3 SynTP;@oem103.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2017-08-19 639584]
S2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS []
S3 AndnetBus;@oem9.inf,%LGSI.Service.Desc%;LGE Mobile USB Composite Device; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [2016-08-31 30208]
S3 AndNetDiag;@oem67.inf,%Lgsi.Service.Name%;LGE AndroidNet USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [2016-08-24 30720]
S3 ANDNetModem;@oem70.inf,%LGSI.Service.Name%;LGE AndroidNet USB Modem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [2016-08-24 37376]
S3 BtAudioBusSrv;@oem19.inf,%SvcDesc%;Ralink Bluetooth Audio Bus Service; C:\WINDOWS\System32\Drivers\BtAudioBus.sys []
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2014-10-29 53248]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\WINDOWS\System32\Drivers\BtL2caScoIf.sys []
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\BthLEEnum.sys [2013-12-04 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2017-07-06 119296]
S3 BTHPORT;@Bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-10-29 1198080]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys []
S3 dg_ssudbus;@oem66.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-07-22 130688]
S3 dot4;@oem52.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2012-10-19 151968]
S3 Dot4Print;@oem53.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\drivers\Dot4Prt.sys [2012-10-19 27040]
S3 Dot4Scan;@oem54.inf,%Dot4Scan_Name%;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2012-10-19 19872]
S3 dot4usb;@oem52.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2012-10-19 49056]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 intaud_WaveExtensible;@oem13.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-12-01 50160]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys []
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-01-30 167424]
S3 RSP2STOR;@oem4.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [2013-01-23 288328]
S3 RTSPER;Realtek PCIe CardReader Driver; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [2013-02-01 448072]
S3 SmbDrv;SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2013-01-11 28400]
S3 SmbDrvI;SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2013-01-11 32496]
S3 ssudmdm;@oem68.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-07-22 164992]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2011-02-09 457200]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-07-19 83032]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2016-01-14 255504]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2014-10-29 38792]
R2 BOT4Service;BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2011-07-15 21488]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
R2 DigitalWave.Update.Service;Digital Wave Update Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [2015-12-09 388968]
R2 DpHost;DigitalPersona Authentication Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2013-03-12 491320]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2015-01-28 1349576]
R2 HPFSService;HP File Sanitizer; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2013-03-06 1730776]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2014-05-16 683296]
R2 hpsrv;@oem34.inf,%hpservice_desc%;HP Service; C:\WINDOWS\system32\Hpservice.exe [2013-03-02 43320]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2017-07-06 321896]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-01-02 15496]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2017-06-02 319096]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-07-27 636952]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-10-22 130592]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-10-22 166432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-10-22 278560]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [2014-02-18 230920]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\WINDOWS\SysWOW64\NLSSRV32.EXE [2014-02-18 69640]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10129; C:\Program Files\IDT\WDM\STacSV64.exe [2014-03-01 340480]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2017-08-19 255584]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-22 365600]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2015-04-28 1102472]
S2 ba96e052;SystemPlus; C:\WINDOWS\syswow64\rundll32.exe [2014-10-29 51200]
S2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2014-10-29 38792]
S2 RoxWatch12;Roxio Hard Drive Watcher 12; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2011-07-13 340976]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-15 272384]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-10 50784]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2017-06-02 280696]
S3 HotSpotSrv;HP HotSpot 1.0 Service; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe [2013-09-18 372920]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-09-04 175568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB13;RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2011-07-13 1095664]
S4 BOTService;BOTService; C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2011-07-14 211440]

-----------------EOF-----------------

#2 Příspěvek od **JaRon** » 20 zář 2017 07:46

ahoj,
log nie je cely, co teraz az tak nevadi
najprv vycisti PC S ADWCleanerom - log sem

Sinus · #3 Příspěvek od **Sinus** » 20 zář 2017 10:40

# AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 20 09:37:49 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-18-2017.1
# Running on Windows 8.1 (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Es\AppData\Local\Mobogenie
PUP.Optional.Legacy, C:\Users\All Users\Documents\iWin
PUP.Optional.Legacy, C:\Users\Public\Documents\iWin
PUP.Optional.Legacy, C:\Users\Es\AppData\Local\Popajar
PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group
PUP.Adware.Heuristic, C:\ProgramData\6362324272360999088

***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\Es\daemonprocess.txt
PUP.Optional.Legacy, C:\END
PUP.Optional.SpyHunter, C:\spyhunter.fix

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, globalUpdateUpdateTaskMachineCore
PUP.Optional.Legacy, globalUpdateUpdateTaskMachineUA
PUP.Optional.BoBrowser, Run_Bobby_Browser
PUP.Optional.SpyHunter, SpyHunter4
PUP.Adware.Heuristic, Bidaily Synchronize Task[973b]

***** [ Registry ] *****

PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\www.mystartsearch.com\?type=hp&ts=1432857081&z=76b8f243ae971cb6ee6d546g3z5c6ocbawfm3e0m4q&from=wpc&uid=HGSTXHTS541010A9E680_JB10001315ESRB15ESRBX]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\www.mystartsearch.com\?type=hp&ts=1432857081&z=76b8f243ae971cb6ee6d546g3z5c6ocbawfm3e0m4q&from=wpc&uid=HGSTXHTS541010A9E680_JB10001315ESRB15ESRBX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [http:\\www.mystartsearch.com\web\?type=ds&ts=1432857081&z=76b8f243ae971cb6ee6d546g3z5c6ocbawfm3e0m4q&from=wpc&uid=HGSTXHTS541010A9E680_JB10001315ESRB15ESRBX&q={searchTerms}]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [http:\\www.mystartsearch.com\web\?type=ds&ts=1432857081&z=76b8f243ae971cb6ee6d546g3z5c6ocbawfm3e0m4q&from=wpc&uid=HGSTXHTS541010A9E680_JB10001315ESRB15ESRBX&q={searchTerms}]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [http:\\www.mystartsearch.com\web\?type=ds&ts=1432857081&z=76b8f243ae971cb6ee6d546g3z5c6ocbawfm3e0m4q&from=wpc&uid=HGSTXHTS541010A9E680_JB10001315ESRB15ESRBX&q={searchTerms}]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [http:\\www.mystartsearch.com\web\?type=ds&ts=1432857081&z=76b8f243ae971cb6ee6d546g3z5c6ocbawfm3e0m4q&from=wpc&uid=HGSTXHTS541010A9E680_JB10001315ESRB15ESRBX&q={searchTerms}]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\www.mystartsearch.com\?type=hp&ts=1432857081&z=76b8f243ae971cb6ee6d546g3z5c6ocbawfm3e0m4q&from=wpc&uid=HGSTXHTS541010A9E680_JB10001315ESRB15ESRBX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\www.mystartsearch.com\?type=hp&ts=1432857081&z=76b8f243ae971cb6ee6d546g3z5c6ocbawfm3e0m4q&from=wpc&uid=HGSTXHTS541010A9E680_JB10001315ESRB15ESRBX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [http:\\www.mystartsearch.com\?type=hp&ts=1432857081&z=76b8f243ae971cb6ee6d546g3z5c6ocbawfm3e0m4q&from=wpc&uid=HGSTXHTS541010A9E680_JB10001315ESRB15ESRBX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [http:\\www.mystartsearch.com\?type=hp&ts=1432857081&z=76b8f243ae971cb6ee6d546g3z5c6ocbawfm3e0m4q&from=wpc&uid=HGSTXHTS541010A9E680_JB10001315ESRB15ESRBX]
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command |
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command |
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Clara
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-574935564-1413127515-271748262-1002\Software\OB
PUP.Optional.Legacy, [Key] - HKCU\Software\OB
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-574935564-1413127515-271748262-1002\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-574935564-1413127515-271748262-1002\Software\Mozilla\Extends
PUP.Optional.Legacy, [Key] - HKCU\Software\Mozilla\Extends
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-574935564-1413127515-271748262-1002\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{BBE09607-D9BF-4B2E-88C2-C8D5DF7A7D37}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-574935564-1413127515-271748262-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | UpdateChecker
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | mobilegeni daemon
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | mobilegeni daemon
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@staging.google.com\globalUpdate Update;version=10
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@staging.google.com\globalUpdate Update;version=4
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | mobilegeni daemon
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
Adware.FileTour, [Key] - HKU\S-1-5-21-574935564-1413127515-271748262-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
PUP.Optional.CrossRider, [Key] - HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
PUP.Optional.CrossRider, [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
PUP.Optional.CrossRider, [Key] - HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
PUP.Optional.CrossRider, [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
PUP.Optional.CrossRider, [Key] - HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
PUP.Optional.CrossRider, [Key] - HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
PUP.Optional.CrossRider, [Key] - HKU\S-1-5-21-574935564-1413127515-271748262-1002\Software\AppDataLow\Software\Crossrider
PUP.Optional.CrossRider, [Key] - HKCU\Software\AppDataLow\Software\Crossrider
PUP.Optional.SpyHunter, [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup
PUP.Optional.GlobalUpdate.C, [Key] - HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
PUP.Optional.CrossRider.C, [Key] - HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
PUP.Optional.CrossRider.C, [Key] - HKU\S-1-5-21-574935564-1413127515-271748262-1002\Software\AppDataLow\Software\Crossrider
PUP.Optional.CrossRider.C, [Key] - HKCU\Software\AppDataLow\Software\Crossrider
PUP.Optional.FreeDelivery, [Key] - HKLM\SOFTWARE\Classes\Interface\{4B7F06A6-CDE6-45C1-A22E-CBD2C7F03309}
PUP.Optional.FreeDelivery, [Key] - HKLM\SOFTWARE\Classes\Interface\{4EEB251A-47F6-4C51-8524-999E6DCE9594}
PUP.Optional.FreeDelivery, [Key] - HKLM\SOFTWARE\Classes\Interface\{E787F4E7-0A49-4311-8608-FCEE25B742D0}
PUP.Optional.FreeDelivery, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A63C49A5-6CC1-4579-A883-AE6B3E91108D}
PUP.Optional.FreeDelivery, [Key] - HKLM\SOFTWARE\Classes\Interface\{9AFF75CE-8D3F-4245-A616-52C2570CC00B}

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

#4 Příspěvek od **JaRon** » 20 zář 2017 13:40

aj si tak este neurobil, daj najdene zmazat a po restarte napis, ci su nejake problemy ?

Sinus · #5 Příspěvek od **Sinus** » 20 zář 2017 15:48

zmazal, ale hláška stále naskakuje.
nejaké iné problémy s PC žiadne nepociťujem

#6 Příspěvek od **JaRon** » 20 zář 2017 16:56

Vycisti registre CCleanerom, ak bude hlaska naskakovat aj po restarte, vloz oba logy Frst, zajtra pozriem

Sinus · #7 Příspěvek od **Sinus** » 20 zář 2017 19:18

Addition.zip: (12.56 KiB) Staženo 81 x

Vyčistené CCleanerom, ale hláška bohužiaľ stále vyskakuje.

FRST log (Addition.txt v prílohe) :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
Ran by Es (administrator) on WORK (20-09-2017 20:12:48)
Running from C:\My downloads
Loaded Profiles: Es (Available Profiles: Es & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(IntelliQuest Communications, Inc.) C:\Program Files (x86)\Corel\Graphics9\Register\Remind32.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
() C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(C. Ghisler & Co.) C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [144456 2013-03-07] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-01] (IDT, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285832 2013-01-02] (Intel Corporation)
HKLM-x32\...\Run: [CLWCSM] => c:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe [249096 2013-02-20] (cyberlink)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [13685464 2013-03-06] (Hewlett-Packard)
HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2013-02-01] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167488 2013-02-01] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111136 2012-11-21] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [493088 2012-11-21] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [293360 2011-07-13] (Rovi Corporation)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe [84464 2011-07-08] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe [506352 2011-06-12] ()
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-574935564-1413127515-271748262-1002\...\Run: [DAEMON Tools Lite] => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-574935564-1413127515-271748262-1002\...\Run: [Google Update] => C:\Users\Es\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-574935564-1413127515-271748262-1002\...\Run: [EPSON SX100 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [221696 2008-02-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-574935564-1413127515-271748262-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9855192 2017-09-07] (Piriform Ltd)
HKU\S-1-5-21-574935564-1413127515-271748262-1002\...\MountPoints2: {1807b9b6-1e69-11e6-beee-a019167d5c86} - "G:\LGAutoRun.exe"
HKU\S-1-5-21-574935564-1413127515-271748262-1002\...\MountPoints2: {414a23c6-8973-11e7-bf1b-a45d36c98ace} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-574935564-1413127515-271748262-1002\...\MountPoints2: {455fc1d8-a146-11e3-be79-70188bb44244} - "G:\setup.exe"
HKU\S-1-5-21-574935564-1413127515-271748262-1002\...\MountPoints2: {4d386fe8-f9ec-11e6-bf0e-a45d36c98ace} - "G:\autorun.exe"
HKU\S-1-5-21-574935564-1413127515-271748262-1002\...\MountPoints2: {5d400dfb-30b1-11e7-bf10-a45d36c98ace} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-574935564-1413127515-271748262-1002\...\MountPoints2: {921febbe-c270-11e3-be84-70188bb44244} - "H:\LGAutoRun.exe"
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Es\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GZdWaOAIIMQaGLPH.cmd.lnk [2016-10-16]
ShortcutTarget: GZdWaOAIIMQaGLPH.cmd.lnk -> C:\Users\Es\AppData\Roaming\SRaSaBhYUNIYIKIPQKOcP.cmd (AutoIt Team)
Startup: C:\Users\Es\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Reminder-cor40212.lnk [2014-07-11]
ShortcutTarget: Reminder-cor40212.lnk -> C:\Program Files (x86)\Corel\Graphics9\Register\Remind32.exe (IntelliQuest Communications, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.20
Tcpip\..\Interfaces\{E973C583-2497-4367-AE7B-1474390BBDF6}: [DhcpNameServer] 192.168.1.20

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-574935564-1413127515-271748262-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-574935564-1413127515-271748262-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-04-15] (DVDVideoSoft Ltd.)
BHO: PriceMinus -> {F02B436F-D9F9-44A2-998C-1806FE41268E} -> No File
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-03-06] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-12-09] (DVDVideoSoft Ltd.)
BHO-x32: PriceMinus -> {F02B436F-D9F9-44A2-998C-1806FE41268E} -> No File

FireFox:
========
FF ProfilePath: C:\Users\Es\AppData\Roaming\Mozilla\Firefox\Profiles\0y7ys885.default-1463519265204 [2017-09-20]
FF Homepage: Mozilla\Firefox\Profiles\0y7ys885.default-1463519265204 -> hxxps://www.google.sk/?gws_rd=ssl
FF Extension: (uBlock Origin) - C:\Users\Es\AppData\Roaming\Mozilla\Firefox\Profiles\0y7ys885.default-1463519265204\Extensions\uBlock0@raymondhill.net.xpi [2017-09-15]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-09-13] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-18] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll [2013-02-27] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-574935564-1413127515-271748262-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Es\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-574935564-1413127515-271748262-1002: @talk.google.com/O1DPlugin -> C:\Users\Es\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-574935564-1413127515-271748262-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Es\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-574935564-1413127515-271748262-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Es\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-574935564-1413127515-271748262-1002: hp.com/HPDetect -> C:\Users\Es\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin ProgramFiles/Appdata: C:\Users\Es\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Es\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR dev: Chrome dev build detected! <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [fdjkhamgopgokjmllcmpkiijndjeidcl] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2013-02-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [21488 2011-07-15] ()
S4 BOTService; C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [211440 2011-07-14] (Rovi Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-09] (Digital Wave Ltd.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [491320 2013-03-12] (DigitalPersona, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET)
S3 HotSpotSrv; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe [372920 2013-09-18] (Hewlett-Packard Development Company, L.P.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2017-06-02] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-22] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-22] (Intel Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-18] (Nitro PDF Software)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095664 2011-07-13] (Rovi Corporation)
S2 RoxWatch12; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [340976 2011-07-13] (Rovi Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-01] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255584 2017-08-19] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 ba96e052; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\SystemPlus\SystemPlus.dll",serv
S2 HPSLPSVC; C:\Users\Es\AppData\Local\Temp\7zS63EC\hpslpsvc64.dll [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2013-12-13] (Advanced Micro Devices, Inc.)
S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [30208 2016-08-31] (LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.)
S2 Angelnt; C:\Windows\SysWOW64\Drivers\ANGELNT.SYS [51072 2015-03-25] (Identcode Ltd.) [File not signed]
U3 BthHFSrv; C:\WINDOWS\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U3 BthHFSrv; C:\WINDOWS\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 clwcsm; C:\WINDOWS\system32\DRIVERS\clwcsm.sys [42944 2013-02-19] (CyberLink Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-03-01] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [241880 2015-03-10] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
R2 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [64208 2015-03-10] (ESET)
R1 Eve; C:\WINDOWS\system32\DRIVERS\eve.sys [41304 2014-04-10] ()
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys [28376 2014-05-15] (Hewlett-Packard Company)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2432656 2014-08-12] (MediaTek Inc.)
R0 PinFile; C:\WINDOWS\System32\DRIVERS\PinFile.sys [49856 2013-03-18] (WinMagic, Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1205872 2015-11-19] (Ralink Technology, Corp.)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8243144 2013-03-07] (Realtek Semiconductor Corp.)
R0 SDDisk2K; C:\WINDOWS\System32\DRIVERS\SDDisk2K.sys [212672 2013-03-27] (WinMagic Inc.)
R0 SDDToki; C:\WINDOWS\System32\DRIVERS\SDDToki.sys [131928 2013-01-07] (WinMagic Inc.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-01-11] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [32496 2013-01-11] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R0 SysCow; C:\WINDOWS\System32\drivers\syscowad64v.sys [164848 2010-05-23] (Sonic Solutions)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-02-08] (Hewlett-Packard Development Company, L.P.)
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 btUrbFilterDrv; \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys [X]
U3 DfSdkS; no ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 zerqkygg; \??\C:\WINDOWS\system32\drivers\zerqkygg.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-20 20:03 - 2017-09-20 20:04 - 000001078 _____ C:\WINDOWS\system32dbgraw.bmp
2017-09-20 19:43 - 2017-09-20 19:43 - 000000827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk
2017-09-20 19:43 - 2017-09-20 19:43 - 000000815 _____ C:\Users\Public\Desktop\Total Uninstall 6.lnk
2017-09-20 19:43 - 2017-09-20 19:43 - 000000016 _____ C:\ProgramData\mntemp
2017-09-20 19:43 - 2017-09-20 19:43 - 000000000 ____D C:\ProgramData\Martau
2017-09-20 19:43 - 2017-09-20 19:43 - 000000000 ____D C:\Program Files\Total Uninstall 6
2017-09-20 18:56 - 2017-09-20 18:57 - 000000000 ____D C:\Program Files\CCleaner
2017-09-20 18:56 - 2017-09-20 18:56 - 000002776 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-09-20 18:56 - 2017-09-20 18:56 - 000000798 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-20 11:35 - 2017-09-20 20:01 - 000000000 ____D C:\AdwCleaner
2017-09-20 02:01 - 2017-09-20 02:01 - 000034973 _____ C:\Users\Es\Desktop\info.txt
2017-09-20 01:34 - 2017-09-20 01:34 - 000000000 ____D C:\rsit
2017-09-20 01:34 - 2017-09-20 01:34 - 000000000 ____D C:\Program Files\trend micro
2017-09-20 01:31 - 2017-09-20 20:12 - 000000000 ____D C:\FRST
2017-09-15 01:16 - 2017-08-15 16:06 - 015260160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-15 01:16 - 2017-08-13 20:58 - 025730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-15 01:16 - 2017-08-13 18:54 - 020269056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-15 01:16 - 2017-08-12 11:30 - 022361344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-15 01:16 - 2017-08-11 03:43 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-15 01:15 - 2017-08-19 19:27 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-15 01:15 - 2017-08-19 18:48 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-15 01:15 - 2017-08-18 00:07 - 000537200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-15 01:15 - 2017-08-18 00:07 - 000140016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-15 01:15 - 2017-08-18 00:03 - 000450392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-15 01:15 - 2017-08-18 00:03 - 000136832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-15 01:15 - 2017-08-15 16:01 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-15 01:15 - 2017-08-15 16:01 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-15 01:15 - 2017-08-15 16:01 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-15 01:15 - 2017-08-15 15:58 - 013673984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-15 01:15 - 2017-08-13 19:19 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-15 01:15 - 2017-08-13 19:05 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-09-15 01:15 - 2017-08-13 19:04 - 002899968 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-15 01:15 - 2017-08-13 18:51 - 005981696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-15 01:15 - 2017-08-13 18:50 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-09-15 01:15 - 2017-08-13 18:29 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-09-15 01:15 - 2017-08-13 18:28 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-15 01:15 - 2017-08-13 18:24 - 002291200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-15 01:15 - 2017-08-13 18:23 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-15 01:15 - 2017-08-13 18:21 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-15 01:15 - 2017-08-13 18:20 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-15 01:15 - 2017-08-13 18:17 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-09-15 01:15 - 2017-08-13 18:15 - 007078912 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-09-15 01:15 - 2017-08-13 18:14 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-09-15 01:15 - 2017-08-13 18:07 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-15 01:15 - 2017-08-13 18:05 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-15 01:15 - 2017-08-13 18:04 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-15 01:15 - 2017-08-13 18:04 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-15 01:15 - 2017-08-13 18:01 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-15 01:15 - 2017-08-13 17:52 - 005274624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-09-15 01:15 - 2017-08-13 17:52 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-15 01:15 - 2017-08-13 17:51 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-09-15 01:15 - 2017-08-13 17:48 - 004547072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-15 01:15 - 2017-08-13 17:46 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-15 01:15 - 2017-08-13 17:44 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-15 01:15 - 2017-08-13 17:44 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-15 01:15 - 2017-08-13 17:43 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-15 01:15 - 2017-08-13 17:40 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-15 01:15 - 2017-08-13 17:27 - 001544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-15 01:15 - 2017-08-13 17:25 - 007797248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-15 01:15 - 2017-08-13 17:18 - 005270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-15 01:15 - 2017-08-13 17:18 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-15 01:15 - 2017-08-13 17:17 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-15 01:15 - 2017-08-13 17:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-15 01:15 - 2017-08-13 17:13 - 001314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-15 01:15 - 2017-08-12 11:26 - 019789736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-15 01:15 - 2017-08-12 02:39 - 001364552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-09-15 01:15 - 2017-08-12 01:59 - 007440728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-15 01:15 - 2017-08-12 01:58 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-15 01:15 - 2017-08-12 01:58 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-15 01:15 - 2017-08-11 22:46 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-09-15 01:15 - 2017-08-11 22:29 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-09-15 01:15 - 2017-08-11 22:13 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-15 01:15 - 2017-08-11 05:30 - 004170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-15 01:15 - 2017-08-11 05:27 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-15 01:15 - 2017-08-11 05:27 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-15 01:15 - 2017-08-11 04:38 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-09-15 01:15 - 2017-08-11 04:08 - 001753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-15 01:15 - 2017-08-11 04:08 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-09-15 01:15 - 2017-08-11 04:02 - 001084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-09-15 01:15 - 2017-08-11 03:52 - 001491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-15 01:15 - 2017-08-11 03:49 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-15 01:15 - 2017-08-11 03:44 - 001095680 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-15 01:15 - 2017-08-11 03:41 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-15 01:15 - 2017-08-06 23:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-09-15 01:15 - 2017-08-06 09:13 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-09-15 01:15 - 2017-07-22 20:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-09-15 01:15 - 2017-07-22 19:32 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-09-15 01:15 - 2017-07-17 21:53 - 004298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-15 01:15 - 2017-07-17 01:55 - 003551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-15 01:15 - 2017-07-14 01:03 - 002013528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-09-15 01:15 - 2017-07-12 22:29 - 000420440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-15 01:15 - 2017-07-12 22:29 - 000075440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-15 01:15 - 2017-07-12 22:25 - 000308872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-15 01:15 - 2017-07-12 22:25 - 000066112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-15 01:15 - 2017-07-08 21:03 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-09-15 01:15 - 2017-07-08 20:43 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-09-15 01:15 - 2017-07-08 20:30 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-09-15 01:15 - 2017-07-08 20:20 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-09-15 01:15 - 2017-07-08 19:25 - 001436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-15 01:15 - 2017-07-08 19:00 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-09-15 01:15 - 2017-07-08 05:14 - 000100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2017-09-06 02:11 - 2017-09-06 02:11 - 000000000 ____D C:\Users\Es\AppData\LocalLow\Mobsoftware
2017-09-06 02:01 - 2017-09-06 02:01 - 000000000 ____D C:\Users\Es\AppData\LocalLow\Wales Interactive
2017-08-25 10:59 - 2017-08-25 11:04 - 000077312 _____ C:\Users\Es\Desktop\01 Smenovka 09-2017.xls
2017-08-24 11:00 - 2017-08-24 12:17 - 000077824 _____ C:\Users\Es\Desktop\Smenovka+1 09-2017.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-20 20:12 - 2014-02-27 02:15 - 000000000 ____D C:\My downloads
2017-09-20 20:11 - 2016-11-20 02:55 - 000000000 ____D C:\Users\Es\AppData\LocalLow\Mozilla
2017-09-20 20:09 - 2014-02-26 18:48 - 000003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-574935564-1413127515-271748262-1002
2017-09-20 20:04 - 2014-07-04 23:50 - 000000000 __SHD C:\Users\Es\IntelGraphicsProfiles
2017-09-20 20:03 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-20 20:03 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2017-09-20 19:51 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-09-20 19:48 - 2013-04-29 07:57 - 000000000 ____D C:\WINDOWS\Hewlett-Packard
2017-09-20 19:25 - 2014-02-26 11:42 - 000000000 ___HD C:\Users\Es\AppData\Local\Packages
2017-09-20 19:25 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-20 19:25 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-20 19:21 - 2014-04-03 04:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-09-20 19:18 - 2014-04-23 10:12 - 000000000 ____D C:\Users\Es\AppData\Roaming\BitTorrent
2017-09-20 18:59 - 2014-03-25 13:01 - 000003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F154E91A-6978-4DFC-939B-9FBE767D3604}
2017-09-20 11:42 - 2014-03-01 13:30 - 000000000 ____D C:\Users\Es
2017-09-20 11:07 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-20 00:54 - 2014-02-28 03:08 - 000000000 ____D C:\Users\Es\AppData\Local\ElevatedDiagnostics
2017-09-20 00:37 - 2014-03-01 15:42 - 000000000 ___RD C:\Users\Es\SkyDrive
2017-09-20 00:35 - 2017-07-12 21:54 - 001304192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-18 08:59 - 2014-02-27 23:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-18 08:59 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2017-09-18 08:54 - 2014-02-27 23:59 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-18 01:35 - 2016-04-21 11:47 - 000020364 _____ C:\Users\Es\Desktop\Energie Bar.xlsx
2017-09-15 23:36 - 2013-11-14 09:28 - 000958356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-15 23:35 - 2014-02-26 20:33 - 000000000 ____D C:\Users\Es\AppData\Roaming\DAEMON Tools Lite
2017-09-15 11:54 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-15 11:21 - 2014-02-27 04:28 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-09-15 11:21 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-15 11:21 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-15 01:07 - 2016-08-16 02:17 - 000003348 _____ C:\WINDOWS\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2017-09-15 00:52 - 2015-08-20 23:19 - 000000330 _____ C:\WINDOWS\Tasks\HPCeeScheduleForEs.job
2017-09-12 07:24 - 2014-11-07 19:14 - 000000000 ____D C:\Users\Es\Desktop\BRW
2017-09-05 01:42 - 2015-06-01 21:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-05 01:42 - 2015-06-01 21:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-02 01:54 - 2017-06-19 00:54 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 01:54 - 2017-06-19 00:54 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-01 00:12 - 2015-11-14 13:52 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-28 13:01 - 2014-02-27 02:05 - 000000000 ____D C:\Users\Es\Documents\Knihy
2017-08-25 18:41 - 2012-10-12 05:24 - 000000000 ____D C:\SWSETUP

==================== Files in the root of some directories =======

2016-10-16 02:37 - 2016-08-04 02:27 - 000463376 ___SH () C:\Users\Es\AppData\Roaming\SOAChNGJHIJI
2016-10-16 02:37 - 2016-08-04 02:27 - 000936960 ___SH (AutoIt Team) C:\Users\Es\AppData\Roaming\SRaSaBhYUNIYIKIPQKOcP.cmd
2014-03-03 22:49 - 2017-05-05 13:34 - 000028160 _____ () C:\Users\Es\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-21 13:00 - 2014-04-21 13:00 - 000000001 _____ () C:\Users\Es\AppData\Local\llftool.4.12.agreement
2014-04-23 10:16 - 2014-04-23 10:16 - 000000001 _____ () C:\Users\Es\AppData\Local\llftool.4.25.agreement
2014-04-23 10:16 - 2014-04-23 10:16 - 000000019 _____ () C:\Users\Es\AppData\Local\llftool.license
2014-02-26 21:11 - 2014-02-26 21:11 - 000000017 _____ () C:\Users\Es\AppData\Local\resmon.resmoncfg
2014-07-16 21:14 - 2017-01-14 15:07 - 000171072 _____ () C:\Users\Es\AppData\Local\rx_audio.Cache
2014-03-01 12:36 - 2017-04-28 17:05 - 000626988 _____ () C:\Users\Es\AppData\Local\rx_image32.Cache
2015-05-29 22:47 - 2015-05-29 22:47 - 000000000 _____ () C:\Users\Es\AppData\Local\Temp.dat
2017-09-20 19:43 - 2017-09-20 19:43 - 000000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-12 01:35

==================== End of FRST.txt ============================

#8 Příspěvek od **JaRon** » 21 zář 2017 06:18

Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type= ... 15ESRBX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type= ... 15ESRBX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-574935564-1413127515-271748262-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: PriceMinus -> {F02B436F-D9F9-44A2-998C-1806FE41268E} -> No File
S2 HPSLPSVC; C:\Users\Es\AppData\Local\Temp\7zS63EC\hpslpsvc64.dll [X] <==== ATTENTION
U3 DfSdkS; no ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 zerqkygg; \??\C:\WINDOWS\system32\drivers\zerqkygg.sys [X]
Startup: C:\Users\Es\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GZdWaOAIIMQaGLPH.cmd.lnk [2016-10-16]
ShortcutTarget: GZdWaOAIIMQaGLPH.cmd.lnk -> C:\Users\Es\AppData\Roaming\SRaSaBhYUNIYIKIPQKOcP.cmd (AutoIt Team)
2016-10-16 02:37 - 2016-08-04 02:27 - 000463376 ___SH () C:\Users\Es\AppData\Roaming\SOAChNGJHIJI
2016-10-16 02:37 - 2016-08-04 02:27 - 000936960 ___SH (AutoIt Team) C:\Users\Es\AppData\Roaming\SRaSaBhYUNIYIKIPQKOcP.cmd



EmptyTemp:
Reboot:
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Sinus · #9 Příspěvek od **Sinus** » 21 zář 2017 14:40

Pri poslednom reštarte som si uvedomil, že hláška už zmizla!

Aj tak ten fixlog vložím. Poprosil by som Vás pozrieť si ho, či nebude treba ešte nejaký zásah. Mám totiž ešte malý problém, že niekedy ma po spustení pc neprihlasuje do mojej wifi siete automaticky, ale musím sa prihlasovať manuálne. Nejaký príspevok na chod tohto fóra samozrejme rád pošlem.

fixlog :
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017
Ran by Es (21-09-2017 15:06:16) Run:1
Running from C:\My downloads
Loaded Profiles: Es (Available Profiles: Es & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type= ... 15ESRBX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type= ... 15ESRBX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-574935564-1413127515-271748262-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: PriceMinus -> {F02B436F-D9F9-44A2-998C-1806FE41268E} -> No File
S2 HPSLPSVC; C:\Users\Es\AppData\Local\Temp\7zS63EC\hpslpsvc64.dll [X] <==== ATTENTION
U3 DfSdkS; no ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 zerqkygg; \??\C:\WINDOWS\system32\drivers\zerqkygg.sys [X]
Startup: C:\Users\Es\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GZdWaOAIIMQaGLPH.cmd.lnk [2016-10-16]
ShortcutTarget: GZdWaOAIIMQaGLPH.cmd.lnk -> C:\Users\Es\AppData\Roaming\SRaSaBhYUNIYIKIPQKOcP.cmd (AutoIt Team)
2016-10-16 02:37 - 2016-08-04 02:27 - 000463376 ___SH () C:\Users\Es\AppData\Roaming\SOAChNGJHIJI
2016-10-16 02:37 - 2016-08-04 02:27 - 000936960 ___SH (AutoIt Team) C:\Users\Es\AppData\Roaming\SRaSaBhYUNIYIKIPQKOcP.cmd

EmptyTemp:
Reboot:
End
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-574935564-1413127515-271748262-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key removed successfully
HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F02B436F-D9F9-44A2-998C-1806FE41268E} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F02B436F-D9F9-44A2-998C-1806FE41268E} => key removed successfully
HKLM\System\CurrentControlSet\Services\HPSLPSVC => key removed successfully
HPSLPSVC => service removed successfully
HKLM\System\CurrentControlSet\Services\DfSdkS => key removed successfully
DfSdkS => service removed successfully
HKLM\System\CurrentControlSet\Services\esgiguard => key removed successfully
esgiguard => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMSwissArmy => key removed successfully
MBAMSwissArmy => service removed successfully
HKLM\System\CurrentControlSet\Services\zerqkygg => key removed successfully
zerqkygg => service removed successfully
C:\Users\Es\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GZdWaOAIIMQaGLPH.cmd.lnk => moved successfully
C:\Users\Es\AppData\Roaming\SRaSaBhYUNIYIKIPQKOcP.cmd => moved successfully
C:\Users\Es\AppData\Roaming\SOAChNGJHIJI => moved successfully
"C:\Users\Es\AppData\Roaming\SRaSaBhYUNIYIKIPQKOcP.cmd" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 51283363 B
Java, Flash, Steam htmlcache => 575 B
Windows/system/drivers => 987784 B
Edge => 0 B
Chrome => 0 B
Firefox => 20656413 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 199630 B
systemprofile32 => 128 B
LocalService => 816 B
NetworkService => 0 B
Es => 33682098 B
Administrator => 6242 B

RecycleBin => 87090 B
EmptyTemp: => 110 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:06:29 ====

#10 Příspěvek od **JaRon** » 21 zář 2017 16:12

Pocitac je fajnovo vycisteny

Co sa tyka wifi, mozes preinstalovat ovladac
a nanovo nakonfigutovat siet, alebo si to nevsimat ak je to obcasne

Sinus · #11 Příspěvek od **Sinus** » 21 zář 2017 16:20

Díky moc.
Je super pocit, keď vidím, že sú ľudia, ktorí radi s problémami pomôžu.
....a pošlem niečo, ako som sľúbil.

#12 Příspěvek od **JaRon** » 21 zář 2017 19:00

Rad som pomohol
,,, a dakujeme

VIRY.CZ

Podozrivá hláška pri spustení Windows 8.1

Podozrivá hláška pri spustení Windows 8.1

Re: Podozrivá hláška pri spustení Windows 8.1

Re: Podozrivá hláška pri spustení Windows 8.1

Re: Podozrivá hláška pri spustení Windows 8.1

Re: Podozrivá hláška pri spustení Windows 8.1

Re: Podozrivá hláška pri spustení Windows 8.1

Re: Podozrivá hláška pri spustení Windows 8.1

Re: Podozrivá hláška pri spustení Windows 8.1

Re: Podozrivá hláška pri spustení Windows 8.1

Re: Podozrivá hláška pri spustení Windows 8.1

Re: Podozrivá hláška pri spustení Windows 8.1

Re: Podozrivá hláška pri spustení Windows 8.1