Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
JujuBrasil
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 13 črc 2015 12:59

Preventivka

#1 Příspěvek od JujuBrasil »

Dobrý den,

prosím o preventivní kontrolu. Velice děkuji


Logfile of random's system information tool 1.10 (written by random/random)
Run by micha at 2018-02-24 22:23:05
Microsoft Windows 10 Home
System drive C: has 89 GB (38%) free of 232 GB
Total RAM: 8027 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:23:06, on 24/02/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0098)
Boot mode: Normal

Running processes:
C:\WINDOWS\SysWOW64\rundll32.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\micha\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe
C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\micha\AppData\Roaming\ACEStream\engine\ace_engine.exe
C:\Program Files (x86)\RescueTime\RescueTime.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\micha\AppData\Roaming\ACEStream\engine\ace_engine.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\micha\AppData\Roaming\ACEStream\updater\ace_update.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files\Cold Turkey\CTMsgHostFirefox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
C:\Program Files (x86)\Evernote\Evernote\EvernotePlayer.exe
C:\Program Files\trend micro\micha.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell15.msn.com/?pc=DCTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.search.yahoo.com/yhs/web?hsp ... 0120__yaie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\micha\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - HKCU\..\Run: [AceStream] C:\Users\micha\AppData\Roaming\ACEStream\engine\ace_engine.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Global Startup: RescueTime.lnk = C:\Program Files (x86)\RescueTime\RescueTime.exe
O8 - Extra context menu item: Capturar esta página - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Capturar favorito - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Capturar imagem - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Nova nota - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.hola.org
O15 - Trusted Zone: http://*.webcompanion.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uvt.nl
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = uvt.nl
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\IntelCpHDCPSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: Dell Command | Power Manager Notify (dcpm-notify) - Dell Inc. - C:\Program Files\Dell\CommandPowerManager\NotifyService.exe
O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
O23 - Service: Dell SupportAssist Remediation - Dell - C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Dock Update Service (DellDockUpdate) - Unknown owner - C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem34.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\WINDOWS\SysWOW64\esif_uf.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @oem4.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) WiDi Software Asset Manager (Intel(R) WiDi SAM) - Intel Corporation - C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: IntelUSBoverIP - Intel - C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MySQL57 - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Power_a17007 - Unknown owner - C:\Program Files\Cold Turkey\\ServiceHub.Power.exe
O23 - Service: Product Registration - Dell - C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Thunderbolt(TM) Service (ThunderboltService) - Intel Corporation - c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: Waves Audio Services (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 16724 bytes

======Listing Processes======







winlogon.exe


c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-a5d1b7f0-b250-4f8d-b8da-77d086dc4816 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-58e7477c-cfef-4c60-b108-40a99382a1f2 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-97c66b13-7f03-425c-9aa1-24d1f7a7a07c -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-e2ce28a3-9171-497f-816d-02358de4af89 -LifetimeId:6654dc5d-24f2-4177-881b-256e3eea5433 -DeviceGroupId:
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-5f8d20fd-e474-4290-a414-42ab704aaeec -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-8c0fd057-0544-47bf-a117-85c04b02e534 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-df7c7d84-2794-497c-9ec2-170927d6a60b -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-71b94c25-51bc-4bd7-88a3-f85565f18b6e -LifetimeId:7243f670-0dda-48b6-bdf4-62d850b48ab0 -DeviceGroupId:WpdFsGroup
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection

"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\SysWOW64\esif_uf.exe
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\WINDOWS\system32\ibtsiva
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k networkservice -s TermService
"C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
"C:\Program Files\Cold Turkey\\ServiceHub.Power.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.7\my.ini" MySQL57
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
"C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe"

"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
"C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe"
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /c
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"ctfmon.exe"
"C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxEM.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\Explorer.EXE
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Program Files\Cold Turkey\\Cold Turkey Blocker.exe" tray
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\WINDOWS\SysWOW64\rundll32.exe --eoim
C:\WINDOWS\SysWOW64\rundll32.exe --enable-speech-input --auto-scan-plugin --lang=pt-BR --enable-media-stream --no-sandbox
C:\WINDOWS\SysWOW64\rundll32.exe --type=gpu-process --no-sandbox --lang=pt-BR --log-file="C:\Users\micha\AppData\Local\Temp\debug.log" --log-severity=disable --gpu-vendor-id=0x8086 --gpu-device-id=0x1916 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=21.20.16.4664 --gpu-driver-date=4-21-2017 --lang=pt-BR --log-file="C:\Users\micha\AppData\Local\Temp\debug.log" --log-severity=disable --service-request-channel-token=550596E732FF6C091E74C9843A8201E2 --mojo-platform-channel-handle=1424 /prefetch:2
C:\WINDOWS\SysWOW64\rundll32.exe --type=renderer --no-sandbox --service-pipe-token=C2BF5BF22749EC8F5064110B917D7563 --lang=pt-BR --lang=pt-BR --log-file="C:\Users\micha\AppData\Local\Temp\debug.log" --log-severity=disable --enable-speech-input --enable-pinch --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=C2BF5BF22749EC8F5064110B917D7563 --renderer-client-id=3 --mojo-platform-channel-handle=2052 /prefetch:1
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
AvastUI.exe /nogui
"C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
"C:\Users\micha\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
"C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe"
"C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe" --autostart
"C:\Users\micha\AppData\Roaming\ACEStream\engine\ace_engine.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\RescueTime\RescueTime.exe"
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:crashpad-handler --capture-python --no-upload-gzip --no-rate-limit --database=C:\Users\micha\AppData\Local\Dropbox\Crashpad --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=buildno=Dropbox-win-43.4.50 --annotation=client_session_id=770350a2-ce1b-481e-91d2-044d587c8365 --annotation=host_int_account1_boot=6215475415 --annotation=machine_id=fe31f814-2334-4dfb-8ba7-4fa18a700f0d --annotation=platform=win --annotation=platform_version=10 --initial-client-data=0x1f0,0x200,0x204,0x1fc,0x208,0x59b88db8,0x59b88dc8,0x59b88dd8
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -session-token:770350a2-ce1b-481e-91d2-044d587c8365 -target-handle:508 -target-shutdown-event:520 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -method:collectupload -handler-pipe:\\.\pipe\crashpad_12064_KVYJMCQZVILZBPPX
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Users\micha\AppData\Roaming\ACEStream\engine\ace_engine.exe --js-player
c:\windows\system32\svchost.exe -k netsvcs -p -s BDESVC
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
C:\Users\micha\AppData\Roaming\ACEStream\engine\..\updater\ace_update.exe
"C:\Program Files (x86)\Dell Customer Connect\DCCService.exe"
"C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe"
"C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\WINDOWS\TEMP\ose00000.exe" -standalone
"C:\Program Files (x86)\Dell Update\DellUpService.exe"
C:\WINDOWS\System32\svchost.exe -k smphost
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
/x /hideintroballoon /launchedbywindowsservice
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Dell\Dell Product Registration\PRSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.0.190152140\165575341" -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" "C:\Users\micha\AppData\LocalLow\Mozilla\Temp-{552ff3de-7e84-4d22-b5f9-584103b12b3e}" 4844 "\\.\pipe\gecko-crash-server-pipe.4844" gpu
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.3.1352587321\317354770" -childID 1 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{552ff3de-7e84-4d22-b5f9-584103b12b3e}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4844 "\\.\pipe\gecko-crash-server-pipe.4844" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.13.694012993\217953081" -childID 2 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{552ff3de-7e84-4d22-b5f9-584103b12b3e}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4844 "\\.\pipe\gecko-crash-server-pipe.4844" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.20.106366322\554802501" -childID 3 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{552ff3de-7e84-4d22-b5f9-584103b12b3e}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4844 "\\.\pipe\gecko-crash-server-pipe.4844" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.27.445687450\688275188" -childID 4 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{552ff3de-7e84-4d22-b5f9-584103b12b3e}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4844 "\\.\pipe\gecko-crash-server-pipe.4844" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.34.451542243\44784240" -childID 5 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{552ff3de-7e84-4d22-b5f9-584103b12b3e}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4844 "\\.\pipe\gecko-crash-server-pipe.4844" tab
"C:\Program Files\Cold Turkey\CTMsgHostFirefox.exe" "C:\Program Files\Cold Turkey\CTMsgHostFirefox.json" coldturkey@getcoldturkey.com
\??\C:\WINDOWS\system32\conhost.exe 0x4
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=renderer --disable-gpu-compositing --disable-pinch --no-sandbox --primordial-pipe-token=09B09029F100155D287D5496DA2FF60F --lang=en-US --lang=en-US --log-file="C:\Users\micha\AppData\Roaming\AVAST Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.3.2987.1601 Safari/537.36 Avastium (18.1.2326)" --proxy-auto-detect --disable-webaudio --mute-audio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=09B09029F100155D287D5496DA2FF60F --renderer-client-id=2 --mojo-platform-channel-handle=4648 /prefetch:1
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
"C:\Program Files (x86)\Evernote\Evernote\Evernote.exe"
EvernoteSubprocess.exe --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\micha\Evernote\Logs\cef.log" --log-severity=disable --product-version="Evernote Windows/306387 (en-US, DDL); Windows/10.0.0 (Win64);" --gpu-vendor-id=0x8086 --gpu-device-id=0x1916 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=21.20.16.4664 --gpu-driver-date=4-21-2017 --lang=en-US --log-file="C:\Users\micha\Evernote\Logs\cef.log" --log-severity=disable --product-version="Evernote Windows/306387 (en-US, DDL); Windows/10.0.0 (Win64);" --service-request-channel-token=4508CDFF3BD9E7ED1FB1EC87B522A90A --mojo-platform-channel-handle=1508 /prefetch:2
"C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe"
EvernoteSubprocess.exe --type=renderer --no-sandbox --service-pipe-token=C577CB858E6189A1B3862D64EA09489B --lang=en-US --lang=en-US --log-file="C:\Users\micha\Evernote\Logs\cef.log" --log-severity=disable --product-version="Evernote Windows/306387 (en-US, DDL); Windows/10.0.0 (Win64);" --enable-pinch --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=C577CB858E6189A1B3862D64EA09489B --renderer-client-id=6 --mojo-platform-channel-handle=3520 /prefetch:1
EvernoteSubprocess.exe --type=renderer --no-sandbox --service-pipe-token=297C37F6932D8446957669776C844000 --lang=en-US --lang=en-US --log-file="C:\Users\micha\Evernote\Logs\cef.log" --log-severity=disable --product-version="Evernote Windows/306387 (en-US, DDL); Windows/10.0.0 (Win64);" --enable-pinch --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=297C37F6932D8446957669776C844000 --renderer-client-id=7 --mojo-platform-channel-handle=3380 /prefetch:1
"C:\Program Files (x86)\Evernote\Evernote\EvernotePlayer.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\WLANExt.exe 1494475063392
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\WINDOWS\system32\AUDIODG.EXE 0x510
C:\WINDOWS\servicing\TrustedInstaller.exe
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 720 724 732 8192 728
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
"C:\Users\micha\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\9uvb9oc6.default-1515431061176

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.google.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.161 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.161 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=3.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\9uvb9oc6.default-1515431061176\searchplugins\
yahoo-lavasoft.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-12 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-12-13 391904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-12 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-09-29 630168]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2016-05-25 8822528]
"RtHDVBg_MAXX6"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-05-25 1429248]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2015-07-25 36352]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-02-24 243496]
"WavesSvc"=C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [2015-12-22 718256]
"AdobeGCInvoker-1.0"=C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05 315880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\micha\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-02-15 1558688]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2018-02-07 10290608]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2018-01-29 41100328]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2016-12-22 4701888]
"MySQL Notifier"=C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [2016-07-29 754176]
"Spotify Web Helper"=C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-11-12 777840]
"AceStream"=C:\Users\micha\AppData\Roaming\ACEStream\engine\ace_engine.exe [2017-10-04 27992]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2015-09-04 136992]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2018-02-08 3567936]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
RescueTime.lnk - C:\Program Files (x86)\RescueTime\RescueTime.exe

C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-02-24 20:40:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2018-02-23 12:01:43 ----D---- C:\ProgramData\Cold Turkey
2018-02-14 19:43:39 ----D---- C:\Program Files (x86)\Ubisoft
2018-02-14 18:53:10 ----D---- C:\ProgramData\TmForever
2018-02-14 18:53:07 ----A---- C:\WINDOWS\SYSWOW64\xinput1_1.dll
2018-02-14 18:53:07 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_2.dll
2018-02-14 18:53:07 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_1.dll
2018-02-14 18:53:07 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2018-02-14 18:53:07 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2018-02-14 18:53:07 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2018-02-14 18:53:06 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_30.dll
2018-02-14 18:53:06 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2018-02-14 18:53:05 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_0.dll
2018-02-14 18:53:05 ----A---- C:\WINDOWS\SYSWOW64\x3daudio1_0.dll
2018-02-14 18:53:05 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_29.dll
2018-02-14 18:53:05 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_28.dll
2018-02-14 18:53:05 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_27.dll
2018-02-14 18:53:05 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_26.dll
2018-02-14 18:53:05 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2018-02-14 18:53:05 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2018-02-14 18:53:05 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2018-02-14 18:53:05 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2018-02-14 18:53:05 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2018-02-14 18:53:05 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2018-02-14 18:53:04 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_25.dll
2018-02-14 18:53:04 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_24.dll
2018-02-14 18:53:04 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2018-02-14 18:53:04 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2018-02-14 00:32:58 ----D---- C:\Program Files\Common Files\Intel
2018-02-14 00:32:57 ----D---- C:\Program Files (x86)\Cisco
2018-02-08 21:10:38 ----A---- C:\WINDOWS\system32\drivers\dbx-stable.sys
2018-02-08 21:10:38 ----A---- C:\WINDOWS\system32\drivers\dbx-dev.sys
2018-02-08 21:10:38 ----A---- C:\WINDOWS\system32\drivers\dbx-canary.sys
2018-02-08 21:10:38 ----A---- C:\WINDOWS\system32\DbxSvc.exe

======List of files/folders modified in the last 1 month======

2018-02-24 22:23:06 ----D---- C:\Program Files\trend micro
2018-02-24 22:22:54 ----D---- C:\WINDOWS\Temp
2018-02-24 22:17:02 ----D---- C:\WINDOWS\Prefetch
2018-02-24 22:16:48 ----D---- C:\WINDOWS\INF
2018-02-24 22:12:57 ----D---- C:\WINDOWS\System32
2018-02-24 22:12:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-24 22:10:49 ----D---- C:\Users\micha\AppData\Roaming\DAEMON Tools Lite
2018-02-24 22:10:42 ----D---- C:\WINDOWS\Minidump
2018-02-24 22:10:42 ----D---- C:\Windows
2018-02-24 22:10:40 ----D---- C:\WINDOWS\system32\sru
2018-02-24 22:09:59 ----HD---- C:\ProgramData
2018-02-24 22:09:54 ----SHD---- C:\WINDOWS\Installer
2018-02-24 22:09:52 ----RD---- C:\Program Files (x86)
2018-02-24 22:09:41 ----SHD---- C:\System Volume Information
2018-02-24 22:09:35 ----HD---- C:\Program Files\WindowsApps
2018-02-24 22:09:33 ----D---- C:\WINDOWS\AppReadiness
2018-02-24 22:09:07 ----RD---- C:\Program Files
2018-02-24 22:09:07 ----AD---- C:\Program Files\Microsoft Office
2018-02-24 22:08:40 ----D---- C:\Program Files\Common Files\microsoft shared
2018-02-24 22:08:39 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-02-24 22:08:38 ----RD---- C:\WINDOWS\Microsoft.NET
2018-02-24 22:08:33 ----RSD---- C:\WINDOWS\assembly
2018-02-24 22:08:13 ----D---- C:\Program Files\Common Files
2018-02-24 22:06:34 ----D---- C:\Users\micha\AppData\Roaming\.ACEStream
2018-02-24 22:05:25 ----D---- C:\WINDOWS\system32\catroot2
2018-02-24 21:28:20 ----D---- C:\WINDOWS\system32\config
2018-02-24 21:23:42 ----D---- C:\WINDOWS\CbsTemp
2018-02-24 21:20:57 ----D---- C:\WINDOWS\DeliveryOptimization
2018-02-24 21:16:03 ----D---- C:\WINDOWS\system32\drivers
2018-02-24 21:15:30 ----D---- C:\WINDOWS\WinSxS
2018-02-24 20:43:32 ----D---- C:\WINDOWS\Logs
2018-02-24 20:40:44 ----D---- C:\WINDOWS\system32\Tasks
2018-02-24 09:23:31 ----D---- C:\WINDOWS\system32\SleepStudy
2018-02-24 00:53:47 ----D---- C:\Users\micha\AppData\Roaming\deluge
2018-02-23 12:01:49 ----AD---- C:\Program Files\Cold Turkey
2018-02-21 18:10:33 ----D---- C:\WINDOWS\system32\LogFiles
2018-02-19 22:58:22 ----D---- C:\WINDOWS\system32\DriverStore
2018-02-19 00:14:48 ----D---- C:\WINDOWS\SysWOW64
2018-02-18 19:45:56 ----AD---- C:\Program Files (x86)\RescueTime
2018-02-17 18:03:05 ----HD---- C:\_acestream_cache_
2018-02-17 03:47:51 ----D---- C:\WINDOWS\rescache
2018-02-14 19:43:47 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-02-14 18:53:29 ----D---- C:\WINDOWS\SYSWOW64\pt-BR
2018-02-14 18:53:28 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2018-02-14 18:53:28 ----D---- C:\WINDOWS\system32\pt-BR
2018-02-14 18:53:28 ----D---- C:\WINDOWS\system32\cs-CZ
2018-02-14 18:53:27 ----A---- C:\WINDOWS\SYSWOW64\dpnsvr.exe
2018-02-14 18:53:27 ----A---- C:\WINDOWS\SYSWOW64\dpnlobby.dll
2018-02-14 18:53:27 ----A---- C:\WINDOWS\SYSWOW64\dpnhupnp.dll
2018-02-14 18:53:27 ----A---- C:\WINDOWS\SYSWOW64\dpnhpast.dll
2018-02-14 18:53:27 ----A---- C:\WINDOWS\SYSWOW64\dpnet.dll
2018-02-14 18:53:27 ----A---- C:\WINDOWS\SYSWOW64\dpnathlp.dll
2018-02-14 18:53:27 ----A---- C:\WINDOWS\SYSWOW64\dpnaddr.dll
2018-02-14 18:53:27 ----A---- C:\WINDOWS\SYSWOW64\dpmodemx.dll
2018-02-14 18:53:27 ----A---- C:\WINDOWS\SYSWOW64\dplaysvr.exe
2018-02-14 18:53:27 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2018-02-14 18:53:27 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2018-02-14 18:53:27 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2018-02-14 18:53:27 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2018-02-14 18:53:27 ----A---- C:\WINDOWS\system32\dpnet.dll
2018-02-14 18:53:27 ----A---- C:\WINDOWS\system32\dpnathlp.dll
2018-02-14 18:53:27 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2018-02-14 18:53:26 ----A---- C:\WINDOWS\SYSWOW64\dpwsockx.dll
2018-02-14 18:53:26 ----A---- C:\WINDOWS\SYSWOW64\dplayx.dll
2018-02-14 18:41:40 ----SD---- C:\ProgramData\Microsoft
2018-02-14 00:54:06 ----D---- C:\Users\micha\AppData\Roaming\Anki2
2018-02-14 00:45:58 ----D---- C:\Program Files (x86)\Adobe
2018-02-14 00:33:45 ----D---- C:\ProgramData\Package Cache
2018-02-14 00:33:45 ----D---- C:\Intel
2018-02-14 00:33:08 ----D---- C:\ProgramData\Intel
2018-02-14 00:32:57 ----D---- C:\Program Files (x86)\Intel
2018-02-14 00:31:48 ----AD---- C:\Program Files\WinRAR
2018-02-14 00:31:38 ----D---- C:\Program Files\Intel
2018-02-14 00:27:59 ----SD---- C:\Users\micha\AppData\Roaming\Microsoft
2018-02-14 00:16:37 ----D---- C:\WINDOWS\debug
2018-02-14 00:13:28 ----D---- C:\Program Files (x86)\GRETECH
2018-02-14 00:02:39 ----D---- C:\ProgramData\Adobe
2018-02-14 00:02:31 ----RSD---- C:\WINDOWS\Fonts
2018-02-13 23:05:40 ----D---- C:\WINDOWS\system32\MRT
2018-02-13 23:02:44 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-13 23:02:41 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-02-13 23:00:49 ----D---- C:\Users\micha\AppData\Roaming\Hola
2018-02-13 22:45:25 ----D---- C:\Users\micha\AppData\Roaming\Adobe
2018-02-13 14:23:19 ----D---- C:\Program Files (x86)\Microsoft.NET
2018-02-13 14:11:30 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-13 14:11:30 ----AD---- C:\Program Files\Mozilla Firefox
2018-02-13 14:06:34 ----AD---- C:\Program Files (x86)\Microsoft Office
2018-02-13 14:05:40 ----D---- C:\Program Files (x86)\Common Files
2018-02-12 20:08:43 ----D---- C:\Users\micha\AppData\Roaming\Skype
2018-02-11 18:18:12 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-02-09 02:34:48 ----D---- C:\Program Files (x86)\Dropbox
2018-02-07 02:38:44 ----D---- C:\WINDOWS\system32\Macromed
2018-02-07 02:38:43 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2018-02-01 13:16:30 ----D---- C:\WINDOWS\system32\WDI
2018-01-30 23:03:01 ----D---- C:\WINDOWS\SoftwareDistribution
2018-01-30 22:56:24 ----D---- C:\WINDOWS\LiveKernelReports
2018-01-25 22:27:51 ----D---- C:\Users\micha\AppData\Roaming\ACEStream

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [2018-01-05 199448]
R0 aswblog;aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [2018-01-05 343768]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [2018-01-05 57696]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2018-02-24 84368]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2018-02-24 379448]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2015-07-25 1455552]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-09-29 56728]
R1 aswArPot;aswArPot; C:\WINDOWS\system32\drivers\aswArPot.sys [2018-02-24 192944]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [2018-01-05 321512]
R1 aswHdsKe;aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [2018-02-24 190440]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2017-09-11 41832]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2018-02-24 110328]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2018-02-24 1026696]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2018-02-24 459952]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-01-10 59800]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2017-09-29 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-09-29 8192]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2018-02-24 146648]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2018-02-24 205464]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2017-09-29 384000]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2017-09-29 43520]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\system32\DRIVERS\BTHUSB.sys [2017-09-29 85504]
R3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-09-29 39424]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-09-29 60312]
R3 dptf_acpi;dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [2015-10-30 55784]
R3 dptf_cpu;dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [2015-10-30 52200]
R3 dtlitescsibus;@oem22.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2017-01-03 30264]
R3 esif_lf;esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [2015-10-30 260072]
R3 HidEventFilter;@oem42.inf,%HidEventFilter%;Intel(R) HID Event Filter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [2015-06-10 43512]
R3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-09-29 79360]
R3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-09-29 171520]
R3 ibtusb;@oem4.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2017-04-14 129032]
R3 igfx;igfx; C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igdkmd64.sys [2017-06-03 11073480]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2016-05-25 5085952]
R3 IntcDAud;@oem28.inf,%IntcAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2017-03-27 820752]
R3 MEIx64;@oem30.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [2015-08-31 185088]
R3 Netwtw06;@oem47.inf,%NIC_Service_DispName_WINT_64%;Ovladač adaptéru Intel(R) Wireless pro systém Windows 10 64 Bit; C:\WINDOWS\system32\DRIVERS\Netwtw06.sys [2017-11-22 7737344]
R3 RTSPER;@oem15.inf,%Rts5227PER%;Realtek PCIE Card Reader - PER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [2015-05-29 752856]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2017-09-29 37784]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-09-29 357272]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-09-29 123800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-09-29 103320]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-09-29 63520]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2017-09-29 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2017-09-29 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2017-09-29 39832]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-09-29 118168]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-09-29 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-09-29 18432]
S3 aswHwid;aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [2018-02-24 46968]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\system32\DRIVERS\BTHport.sys [2018-01-10 1015296]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2017-09-29 122368]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-09-29 1723288]
S3 dg_ssudbus;@oem44.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-09-29 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-09-29 50584]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2017-09-29 73112]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2017-09-29 27136]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-09-29 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2017-09-29 91648]
S3 iaLPSS2_SPI;Intel(R) Serial IO SPI Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2_SPI.sys [2015-06-17 152360]
S3 iaLPSS2_UART2;Intel(R) Serial IO UART Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [2015-06-17 281896]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-09-29 88576]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-09-29 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2017-09-29 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-09-29 39424]
S3 invdimm;@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver; C:\WINDOWS\System32\drivers\invdimm.sys [2017-09-29 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2017-09-29 26112]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2017-09-29 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-09-29 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-09-29 55840]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-09-29 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2017-09-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-09-29 132608]
S3 Netwtw04;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit; C:\WINDOWS\System32\drivers\Netwtw04.sys [2017-09-29 7689728]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-09-29 88576]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-09-29 100352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2017-09-29 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2017-09-29 936856]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2017-09-29 103936]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-09-29 33176]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-01-17 83984]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2018-01-05 2319848]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-02-24 300600]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 CDPUserSvc_418f8;Uživatelská služba platformy připojených zařízení_418f8; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 DbxSvc;DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [2018-02-08 51024]
R2 Dell Customer Connect;Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [2017-09-19 130936]
R2 Dell SupportAssist Remediation;Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [2017-10-13 122400]
R2 DellDigitalDelivery;Dell Digital Delivery Service; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2015-06-23 238320]
R2 DellDockUpdate;Dell Dock Update Service; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [2017-01-10 125808]
R2 DellUpdate;Dell Update Service; C:\Program Files (x86)\Dell Update\DellUpService.exe [2017-11-21 232320]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 esifsvc;@oem34.inf,%ServiceDisplayName%;ESIF Upper Framework Service; C:\WINDOWS\SysWOW64\esif_uf.exe [2015-10-30 1392792]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2017-10-24 644776]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-07-22 18856]
R2 ibtsiva;@oem4.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxCUIService.exe [2017-06-03 324608]
R2 IntelUSBoverIP;IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [2015-07-06 396992]
R2 isaHelperSvc;Intel(R) Security Assist Helper; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-05-19 7680]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-09-04 207648]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2015-09-04 415520]
R2 MySQL57;MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [2016-11-28 39918080]
R2 OneSyncSvc_418f8;Hostitel synchronizace_418f8; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 Power_a17007;Power_a17007; C:\Program Files\Cold Turkey\\ServiceHub.Power.exe [2018-01-24 31944]
R2 Product Registration;Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [2017-04-06 47144]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2017-10-24 159912]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-05-25 312576]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-01-10 519152]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-02-24 7564512]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2016-12-22 1471168]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-01-10 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 PimIndexMaintenanceSvc_418f8;Data kontaktů_418f8; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-12 143144]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-26 153752]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-07-18 317408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07 272384]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\IntelCpHeciSvc.exe [2017-06-03 285696]
S3 cplspcon;Intel(R) Content Protection HDCP Service; C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\IntelCpHDCPSvc.exe [2017-06-03 462848]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-12 143144]
S3 dcpm-notify;Dell Command | Power Manager Notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [2015-06-10 85216]
S3 Dell.CommandPowerManager.Service;Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe [2017-09-29 20888]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DevicesFlowUserSvc_418f8;Tok zařízení_418f8; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-09-29 85504]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-26 153752]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-05-22 881152]
S3 Intel(R) Security Assist;Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-05-19 335872]
S3 Intel(R) WiDi SAM;Intel(R) WiDi Software Asset Manager; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-16 19088]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService_418f8;Služba zasílání zpráv_418f8; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-02-13 194512]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2017-10-24 268968]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc_418f8;PrintWorkflow_418f8; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2017-09-29 1288704]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]

-----------------EOF-----------------
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Scan (Skenovanie) a pockaj na dokoncenie
  • Klikni na Clean (Cistenie) a potvrd kliknutim na OK
  • AdwCleaner si vyziada restart PC, potvrd kliknutim na Restart Now (Restartovat teraz)
  • Po dokonceni a restartovani PC vyskoci log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
JujuBrasil
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 13 črc 2015 12:59

Re: Preventivka

#3 Příspěvek od JujuBrasil »

# AdwCleaner 7.0.8.0 - Logfile created on Sat Feb 24 22:31:17 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files\Hola
Deleted: C:\Users\micha\AppData\Roaming\Hola
Deleted: C:\Users\micha\AppData\Roaming\acestream
Deleted: C:\Users\micha\AppData\LocalLow\.acestream
Deleted: C:\Users\micha\AppData\Roaming\.acestream
Deleted: C:\_acestream_cache_
Deleted: C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
Deleted: C:\ProgramData\Application Data\lavasoft\web companion
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion


***** [ Files ] *****

Deleted: C:\END
Deleted: C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\9uvb9oc6.default-1515431061176\searchplugins\yahoo-lavasoft.xml
Deleted: C:\Program Files\\MOZILLA FIREFOX\DSENGINE.CFG
Deleted: C:\Program Files\\MOZILLA FIREFOX\DEFAULTS\PREF\DSENGINE.JS


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{0354157D-D213-45BF-B9E0-6E0CC384C8EC}C:\users\micha\appdata\roaming\acestream\engine\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{E7E3D326-78B0-4683-818A-917726F21518}C:\users\micha\appdata\roaming\acestream\engine\ace_engine.exe
Deleted: [Key] - HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\AceStream
Deleted: [Key] - HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Deleted: [Key] - HKCU\Software\AceStream
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Deleted: [Key] - HKLM\SOFTWARE\Hola
Deleted: [Key] - HKU\.DEFAULT\Software\Hola
Deleted: [Key] - HKU\S-1-5-18\Software\Hola
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
Deleted: [Value] - HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|hola
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Deleted: [Key] - HKCU\SOFTWARE\Classes\Applications\ace_player.exe
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
Deleted: [Key] - HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
Deleted: [Key] - HKCU\Software\Classes\DVD\shell\PlayWithACEStream
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Key] - HKCU\Software\Classes\Applications\ace_player.exe
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted: [Key] - HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Value] - HKCU\Software\RegisteredApplications|AceStream


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1345 B] - [2017/6/9 17:20:55]
C:/AdwCleaner/AdwCleaner[S0].txt - [1545 B] - [2017/6/9 17:20:24]
C:/AdwCleaner/AdwCleaner[S1].txt - [6245 B] - [2018/2/24 22:29:30]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka

#4 Příspěvek od Conder »

:arrow: Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

:arrow: V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

:arrow: Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
JujuBrasil
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 13 črc 2015 12:59

Re: Preventivka

#5 Příspěvek od JujuBrasil »

viz příloha
Přílohy
FRST.rar
(24.05 KiB) Staženo 84 x
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka

#6 Příspěvek od Conder »

:arrow: V PC je nainstalovana zastarala verzia Javy (Java 8 Update 121). Odinstaluj ju alebo aktualizuj na aktualnu verziu (Java 8 Update 161) - https://java.com/en/download/

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

File: C:\B42A54C7D006
CMD: type "C:\B42A54C7D006"

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10315__180120__yaie
SearchScopes: HKU\S-1-5-21-435010139-1116817143-633309206-1001 -> DefaultScope {1D0FC58A-4C82-45E5-A15E-97637BECBC99} URL = 
SearchScopes: HKU\S-1-5-21-435010139-1116817143-633309206-1001 -> {1D0FC58A-4C82-45E5-A15E-97637BECBC99} URL = 
SearchScopes: HKU\S-1-5-21-435010139-1116817143-633309206-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10315__180120__yaie&p={searchTerms}
FF NewTab: Mozilla\Firefox\Profiles\9uvb9oc6.default-1515431061176 -> hxxps://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10315__180120__yaff
FF Session Restore: Mozilla\Firefox\Profiles\9uvb9oc6.default-1515431061176 -> is enabled.
FF HKU\S-1-5-21-435010139-1116817143-633309206-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\micha\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin HKU\S-1-5-21-435010139-1116817143-633309206-1001: @acestream.net/acestreamplugin,version=3.1.20.4 -> C:\Users\micha\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
2018-02-13 22:45 - 2018-02-13 22:45 - 000000040 ____H C:\B42A54C7D006
2018-02-24 23:31 - 2018-01-20 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {7005E0BB-38C3-4D40-AEAA-078305B70ED1} - System32\Tasks\AutoPico Daily Restart => C:\Users\micha\Downloads\KMSpico [Argument = 10.1.8 FINAL + Portable (Office a Windows 10 Aktivator)\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\Portable\AutoPico.exe /silent]
Task: {8F1E5B24-99BB-47C3-B7E4-CCBDCA7AF5E8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F19E1004-B031-4250-BAC5-828AF375974D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-435010139-1116817143-633309206-1001\...\localhost -> localhost
C:\Users\micha\Downloads\KMSpico [Argument = 10.1.8 FINAL + Portable (Office a Windows 10 Aktivator)
C:\WINDOWS\AutoKMS

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
JujuBrasil
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 13 črc 2015 12:59

Re: Preventivka

#7 Příspěvek od JujuBrasil »

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by micha (25-02-2018 00:36:51) Run:2
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: micha)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

File: C:\B42A54C7D006
CMD: type "C:\B42A54C7D006"

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10315__180120__yaie
SearchScopes: HKU\S-1-5-21-435010139-1116817143-633309206-1001 -> DefaultScope {1D0FC58A-4C82-45E5-A15E-97637BECBC99} URL =
SearchScopes: HKU\S-1-5-21-435010139-1116817143-633309206-1001 -> {1D0FC58A-4C82-45E5-A15E-97637BECBC99} URL =
SearchScopes: HKU\S-1-5-21-435010139-1116817143-633309206-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10315__180120__yaie&p={searchTerms}
FF NewTab: Mozilla\Firefox\Profiles\9uvb9oc6.default-1515431061176 -> hxxps://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10315__180120__yaff
FF Session Restore: Mozilla\Firefox\Profiles\9uvb9oc6.default-1515431061176 -> is enabled.
FF HKU\S-1-5-21-435010139-1116817143-633309206-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\micha\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin HKU\S-1-5-21-435010139-1116817143-633309206-1001: @acestream.net/acestreamplugin,version=3.1.20.4 -> C:\Users\micha\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
2018-02-13 22:45 - 2018-02-13 22:45 - 000000040 ____H C:\B42A54C7D006
2018-02-24 23:31 - 2018-01-20 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {7005E0BB-38C3-4D40-AEAA-078305B70ED1} - System32\Tasks\AutoPico Daily Restart => C:\Users\micha\Downloads\KMSpico [Argument = 10.1.8 FINAL + Portable (Office a Windows 10 Aktivator)\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]\Portable\AutoPico.exe /silent]
Task: {8F1E5B24-99BB-47C3-B7E4-CCBDCA7AF5E8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F19E1004-B031-4250-BAC5-828AF375974D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-435010139-1116817143-633309206-1001\...\localhost -> localhost
C:\Users\micha\Downloads\KMSpico [Argument = 10.1.8 FINAL + Portable (Office a Windows 10 Aktivator)
C:\WINDOWS\AutoKMS

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= File: C:\B42A54C7D006 ========================

C:\B42A54C7D006
File not signed
MD5: 97C80922CA54BBB8FD284FB25E54AA4C
Creation and modification date: 2018-02-13 22:45 - 2018-02-13 22:45
Size: 000000040
Attributes: ---AH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========= type "C:\B42A54C7D006" =========

F795E700816F9D97BA7067485E7C43DE6067A3D2
========= End of CMD: =========

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-435010139-1116817143-633309206-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-435010139-1116817143-633309206-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D0FC58A-4C82-45E5-A15E-97637BECBC99}" => removed successfully
HKLM\Software\Classes\CLSID\{1D0FC58A-4C82-45E5-A15E-97637BECBC99} => key not found
"HKU\S-1-5-21-435010139-1116817143-633309206-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => removed successfully
HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key not found
"Firefox newtab" => removed successfully
"Firefox Session Restore" => removed successfully
"HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org" => removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => removed successfully
"HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.20.4" => removed successfully
"C:\Users\micha\AppData\Roaming\ACEStream\player\npace_plugin.dll" => not found
C:\B42A54C7D006 => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7005E0BB-38C3-4D40-AEAA-078305B70ED1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7005E0BB-38C3-4D40-AEAA-078305B70ED1}" => removed successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8F1E5B24-99BB-47C3-B7E4-CCBDCA7AF5E8} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F1E5B24-99BB-47C3-B7E4-CCBDCA7AF5E8} => could not remove key. ErrorCode1: 0x00000002
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F19E1004-B031-4250-BAC5-828AF375974D} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F19E1004-B031-4250-BAC5-828AF375974D} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove key. ErrorCode1: 0x00000001
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => removed successfully
"HKU\S-1-5-21-435010139-1116817143-633309206-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => removed successfully
"C:\Users\micha\Downloads\KMSpico [Argument = 10.1.8 FINAL + Portable (Office a Windows 10 Aktivator)" => not found
C:\WINDOWS\AutoKMS => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25414155 B
Java, Flash, Steam htmlcache => 1216 B
Windows/system/drivers => 2323858 B
Edge => 12288 B
Chrome => 383066 B
Firefox => 395275960 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 818 B
NetworkService => 0 B
micha => 79773521 B

RecycleBin => 0 B
EmptyTemp: => 487.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-02-2018 00:39:28)


Result of scheduled keys to remove after reboot:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8F1E5B24-99BB-47C3-B7E4-CCBDCA7AF5E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F1E5B24-99BB-47C3-B7E4-CCBDCA7AF5E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F19E1004-B031-4250-BAC5-828AF375974D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F19E1004-B031-4250-BAC5-828AF375974D}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key removed successfully

==== End of Fixlog 00:39:28 ====
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka

#8 Příspěvek od Conder »

:arrow: Vyzera to uz OK. Nastala nejaka zmena, pripadne su este nejake problemy?

:arrow: Skontroluj, velkost plochy (C:\Users\micha\Desktop). Ak je vacsia ako 300 MB, presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“