Nevyžádaná reklama v prohlížeči

[Donecka]

Ahoj, dobrý den,

kamarádka mě poprosila o pomoc s jejím pc. V prohlížeči (používá chrome) jí vyskakují okna s reklamou, otevírají se jí nevyžádané stránky.

Jelikož jsem laik, nevím, jak jí pomoci, níže posílám log z rsitu.
Prosím o pomoc a předem velice děkuji.
Denisa

Log z rsitu:

Logfile of random's system information tool 1.10 (written by random/random)
Run by NurAsharaf at 2016-03-17 13:33:42
Microsoft Windows 10 Home
System drive C: has 347 GB (77%) free of 454 GB
Total RAM: 4018 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:33:48, on 17.03.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)
Boot mode: Normal

Running processes:
C:\WINDOWS\TEMP\DPTF\esif_assist.exe
C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe
c:\Program Files (x86)\Cyberlink\YouCam\YouCamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Foxit PhantomPDF\FoxitPhantomPDF.exe
C:\Users\NurAsharaf\AppData\Roaming\Foxit Software\Addon\Foxit PhantomPDF\FoxitPhantomPDFUpdater.exe
C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\NurAsharaf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchsimple-a.akamaihd.net/?affID=sm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\NurAsharaf\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F9F077D7453585084FB10E784D8FAC39] "C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [OneDrive] "C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\Windows\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem33.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (ibtsiva.exe) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: IntelUSBoverIP - Intel - C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe
O23 - Service: HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13277 bytes

======Listing Processes======







C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-18034534-e852-458b-9acc-532e2f78da85 -SystemEventPortName:HostProcess-35179dd2-4d39-4d30-8da2-073a8d906fc0 -IoCancelEventPortName:HostProcess-a17574ae-2ba0-421b-82d9-7377f314c987 -NonStateChangingEventPortName:HostProcess-4f81427d-fb2c-4c3c-8b90-6c57a02c4d44 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:99f71476-0115-418c-a8f2-3389289928c8 -DeviceGroupId:
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Hpservice.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
dashost.exe {3c5194f4-841e-4517-8d1221fc2964bed0}
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\esif_uf.exe
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe" /s "NS" /m "C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\diMaster.dll" /prefetch:1
"C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:840
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\SearchIndexer.exe /Embedding

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"dwm.exe"
"C:\WINDOWS\TEMP\DPTF\esif_assist.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
"C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe" /c /a /s UserSession2
sihost.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe" /hideui
"C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\WINDOWS\Explorer.EXE
igfxEM.exe
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe"
"c:\Program Files (x86)\Cyberlink\YouCam\YouCamService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" /byrunkey
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\Hewlett-Packard\SimplePass\opbhobroker.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"fontdrvhost.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files\AVAST Software\SecureLine\SecureLine.exe" /nogui
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\WINDOWS\System32\Taskmgr.exe" /2
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
C:\WINDOWS\splwow64.exe 8192
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files (x86)\Foxit PhantomPDF\FoxitPhantomPDF.exe" "C:\Users\NurAsharaf\Desktop\Bakalářka\(International Perspectives on Migration 5) Jenna Hennebry, Margaret Walton-Roberts (auth.), Margaret Walton-Roberts, Jenna Hennebry (eds.)-Territoriality and Migration in the E.U. Neighbourhood_ Spil.pdf"
"C:\Users\NurAsharaf\AppData\Roaming\Foxit Software\Addon\Foxit PhantomPDF\FoxitPhantomPDFUpdater.exe" -updater -type "Auto Updater" -hwnd 329892 -readerpath "C:\Program Files (x86)\Foxit PhantomPDF\" -regpath "HKEY_CURRENT_USER\Software\Foxit Software\Foxit PhantomPDF 7.0" -version "7.0.310.0226"

C:\Windows\System32\LockAppHost.exe -Embedding
"C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
"c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe"
"C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe"
C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\NurAsharaf\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=49.0.2623.87 --handshake-handle=0x1bc
"C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="7780.0.1830316161\1726218222" --supports-dual-gpus=false --gpu-driver-bug-workarounds=3,11,16,25,54 --gpu-vendor-id=0x8086 --gpu-device-id=0x1606 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=20.19.15.4331 --ignored=" --type=renderer " /prefetch:2
"C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Control_Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_73/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_07/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7780.2.1044637250\1856025881" /prefetch:1
"C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DataReductionProxyConfigService/Control_Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_73/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_07/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7780.5.1158812340\1272285987" /prefetch:1
"C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="7780.6.2134269589\807325285" --ppapi-flash-args --lang=cs --device-scale-factor=1 --ignored=" --type=renderer " /prefetch:3
taskeng.exe {BA0A1494-1BE2-4E7E-8BC3-C2E2713BAEC8}
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe49_ Global\UsGthrCtrlFltPipeMssGthrPipe49 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 640 644 652 8192 648
"C:\Users\NurAsharaf\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836502101-3771792590-2369348700-1001Core.job - C:\Users\NurAsharaf\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836502101-3771792590-2369348700-1001UA.job - C:\Users\NurAsharaf\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\NurAsharaf\AppData\Roaming\Mozilla\Firefox\Profiles\gmj27lni.default

"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon\


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05 1038648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-25 885152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05 794424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-25 664184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17 629256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19 414920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-03-04 8459480]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-18 3945656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\NurAsharaf\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 107848]
"GoogleChromeAutoLaunch_F9F077D7453585084FB10E784D8FAC39"=C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe [2016-03-08 874136]
"OneDrive"=C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-03-10 551104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"=C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [2015-01-30 127624]
"HPMessageService"=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [2014-12-01 509192]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-12-16 7021880]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-03-17 09:26:00 ----D---- C:\rsit
2016-03-17 09:26:00 ----D---- C:\Program Files\trend micro
2016-03-14 15:44:30 ----D---- C:\WINDOWS\LastGood
2016-03-10 09:07:50 ----D---- C:\WINDOWS\Minidump
2016-03-08 23:02:15 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-03-08 23:02:13 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-03-08 23:02:09 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-03-08 23:02:08 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-03-08 23:02:06 ----A---- C:\WINDOWS\system32\WSService.dll
2016-03-08 23:02:06 ----A---- C:\WINDOWS\system32\wmp.dll
2016-03-08 23:02:04 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-08 23:02:02 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-03-08 23:02:01 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2016-03-08 23:02:00 ----A---- C:\WINDOWS\system32\windows.storage.dll
2016-03-08 23:02:00 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-03-08 23:01:59 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2016-03-08 23:01:58 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2016-03-08 23:01:58 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-03-08 23:01:56 ----A---- C:\WINDOWS\system32\wuaueng.dll
2016-03-08 23:01:55 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-03-08 23:01:55 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2016-03-08 23:01:55 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-08 23:01:54 ----A---- C:\WINDOWS\system32\dosvc.dll
2016-03-08 23:01:54 ----A---- C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-08 23:01:53 ----A---- C:\WINDOWS\SYSWOW64\ActiveSyncProvider.dll
2016-03-08 23:01:52 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2016-03-08 23:01:52 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-03-08 23:01:51 ----A---- C:\WINDOWS\SYSWOW64\Unistore.dll
2016-03-08 23:01:51 ----A---- C:\WINDOWS\system32\WWAHost.exe
2016-03-08 23:01:51 ----A---- C:\WINDOWS\system32\SRHInproc.dll
2016-03-08 23:01:51 ----A---- C:\WINDOWS\system32\KernelBase.dll
2016-03-08 23:01:51 ----A---- C:\WINDOWS\system32\diagtrack.dll
2016-03-08 23:01:51 ----A---- C:\WINDOWS\system32\ContactApis.dll
2016-03-08 23:01:50 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2016-03-08 23:01:50 ----A---- C:\WINDOWS\SYSWOW64\dxgi.dll
2016-03-08 23:01:50 ----A---- C:\WINDOWS\system32\Unistore.dll
2016-03-08 23:01:50 ----A---- C:\WINDOWS\system32\ole32.dll
2016-03-08 23:01:50 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2016-03-08 23:01:49 ----A---- C:\WINDOWS\SYSWOW64\WMPDMC.exe
2016-03-08 23:01:49 ----A---- C:\WINDOWS\SYSWOW64\SRHInproc.dll
2016-03-08 23:01:49 ----A---- C:\WINDOWS\SYSWOW64\ContactApis.dll
2016-03-08 23:01:49 ----A---- C:\WINDOWS\system32\dxgi.dll
2016-03-08 23:01:48 ----A---- C:\WINDOWS\SYSWOW64\SRH.dll
2016-03-08 23:01:48 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2016-03-08 23:01:48 ----A---- C:\WINDOWS\SYSWOW64\mfds.dll
2016-03-08 23:01:48 ----A---- C:\WINDOWS\SYSWOW64\AppointmentApis.dll
2016-03-08 23:01:48 ----A---- C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-08 23:01:48 ----A---- C:\WINDOWS\system32\invagent.dll
2016-03-08 23:01:48 ----A---- C:\WINDOWS\system32\AppointmentApis.dll
2016-03-08 23:01:47 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.Bluetooth.dll
2016-03-08 23:01:47 ----A---- C:\WINDOWS\SYSWOW64\AppxPackaging.dll
2016-03-08 23:01:47 ----A---- C:\WINDOWS\system32\SRH.dll
2016-03-08 23:01:47 ----A---- C:\WINDOWS\system32\mfds.dll
2016-03-08 23:01:47 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2016-03-08 23:01:47 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2016-03-08 23:01:47 ----A---- C:\WINDOWS\system32\AppxPackaging.dll
2016-03-08 23:01:46 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2016-03-08 23:01:46 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2016-03-08 23:01:46 ----A---- C:\WINDOWS\SYSWOW64\deviceaccess.dll
2016-03-08 23:01:46 ----A---- C:\WINDOWS\system32\msv1_0.dll
2016-03-08 23:01:46 ----A---- C:\WINDOWS\system32\deviceaccess.dll
2016-03-08 23:01:45 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2016-03-08 23:01:45 ----A---- C:\WINDOWS\system32\wer.dll
2016-03-08 23:01:45 ----A---- C:\WINDOWS\system32\mfsvr.dll
2016-03-08 23:01:45 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-08 23:01:44 ----A---- C:\WINDOWS\SYSWOW64\PackageStateRoaming.dll
2016-03-08 23:01:44 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2016-03-08 23:01:44 ----A---- C:\WINDOWS\system32\WMPDMC.exe
2016-03-08 23:01:44 ----A---- C:\WINDOWS\system32\dafBth.dll
2016-03-08 23:01:44 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-08 23:01:43 ----A---- C:\WINDOWS\SYSWOW64\sqmapi.dll
2016-03-08 23:01:43 ----A---- C:\WINDOWS\SYSWOW64\ChatApis.dll
2016-03-08 23:01:43 ----A---- C:\WINDOWS\system32\MPSSVC.dll
2016-03-08 23:01:43 ----A---- C:\WINDOWS\system32\EmailApis.dll
2016-03-08 23:01:43 ----A---- C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-08 23:01:43 ----A---- C:\WINDOWS\system32\atmfd.dll
2016-03-08 23:01:42 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2016-03-08 23:01:42 ----A---- C:\WINDOWS\SYSWOW64\FirewallAPI.dll
2016-03-08 23:01:42 ----A---- C:\WINDOWS\SYSWOW64\AppxAllUserStore.dll
2016-03-08 23:01:42 ----A---- C:\WINDOWS\system32\ChatApis.dll
2016-03-08 23:01:42 ----A---- C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-08 23:01:41 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2016-03-08 23:01:41 ----A---- C:\WINDOWS\SYSWOW64\AppointmentActivation.dll
2016-03-08 23:01:41 ----A---- C:\WINDOWS\system32\VCardParser.dll
2016-03-08 23:01:41 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2016-03-08 23:01:41 ----A---- C:\WINDOWS\system32\AuthBroker.dll
2016-03-08 23:01:40 ----A---- C:\WINDOWS\SYSWOW64\EmailApis.dll
2016-03-08 23:01:40 ----A---- C:\WINDOWS\system32\sqmapi.dll
2016-03-08 23:01:40 ----A---- C:\WINDOWS\system32\sharemediacpl.dll
2016-03-08 23:01:40 ----A---- C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-08 23:01:39 ----A---- C:\WINDOWS\SYSWOW64\cemapi.dll
2016-03-08 23:01:39 ----A---- C:\WINDOWS\system32\domgmt.dll
2016-03-08 23:01:38 ----A---- C:\WINDOWS\SYSWOW64\fwbase.dll
2016-03-08 23:01:38 ----A---- C:\WINDOWS\system32\cemapi.dll
2016-03-08 23:01:37 ----A---- C:\WINDOWS\SYSWOW64\PhoneCallHistoryApis.dll
2016-03-08 23:01:37 ----A---- C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-08 23:01:36 ----A---- C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-08 23:01:35 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.Scanners.dll
2016-03-08 23:01:35 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2016-03-08 23:01:35 ----A---- C:\WINDOWS\system32\storewuauth.dll
2016-03-08 23:01:35 ----A---- C:\WINDOWS\system32\AuthHost.exe
2016-03-08 23:01:35 ----A---- C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-08 23:01:34 ----A---- C:\WINDOWS\SYSWOW64\wermgr.exe
2016-03-08 23:01:34 ----A---- C:\WINDOWS\SYSWOW64\VCardParser.dll
2016-03-08 23:01:34 ----A---- C:\WINDOWS\SYSWOW64\asycfilt.dll
2016-03-08 23:01:34 ----A---- C:\WINDOWS\system32\wsqmcons.exe
2016-03-08 23:01:34 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2016-03-08 23:01:33 ----A---- C:\WINDOWS\SYSWOW64\POSyncServices.dll
2016-03-08 23:01:33 ----A---- C:\WINDOWS\SYSWOW64\ExSMime.dll
2016-03-08 23:01:33 ----A---- C:\WINDOWS\SYSWOW64\AppxSip.dll
2016-03-08 23:01:33 ----A---- C:\WINDOWS\system32\wermgr.exe
2016-03-08 23:01:33 ----A---- C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-08 23:01:33 ----A---- C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-08 23:01:33 ----A---- C:\WINDOWS\system32\asycfilt.dll
2016-03-08 23:01:33 ----A---- C:\WINDOWS\system32\aeinv.dll
2016-03-08 23:01:32 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2016-03-08 23:01:31 ----A---- C:\WINDOWS\SYSWOW64\UserDataAccountApis.dll
2016-03-08 23:01:31 ----A---- C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-08 23:01:31 ----A---- C:\WINDOWS\system32\ExSMime.dll
2016-03-08 23:01:31 ----A---- C:\WINDOWS\system32\devinv.dll
2016-03-08 23:01:31 ----A---- C:\WINDOWS\system32\AppxSip.dll
2016-03-08 23:01:30 ----A---- C:\WINDOWS\SYSWOW64\ExtrasXmlParser.dll
2016-03-08 23:01:30 ----A---- C:\WINDOWS\system32\wpninprc.dll
2016-03-08 23:01:30 ----A---- C:\WINDOWS\system32\seclogon.dll
2016-03-08 23:01:30 ----A---- C:\WINDOWS\system32\POSyncServices.dll
2016-03-08 23:01:30 ----A---- C:\WINDOWS\system32\fwbase.dll
2016-03-08 23:01:30 ----A---- C:\WINDOWS\system32\FirewallAPI.dll
2016-03-08 23:01:30 ----A---- C:\WINDOWS\system32\dssvc.dll
2016-03-08 23:01:29 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2016-03-08 23:01:29 ----A---- C:\WINDOWS\SYSWOW64\profext.dll
2016-03-08 23:01:29 ----A---- C:\WINDOWS\SYSWOW64\PimIndexMaintenanceClient.dll
2016-03-08 23:01:29 ----A---- C:\WINDOWS\SYSWOW64\CallHistoryClient.dll
2016-03-08 23:01:29 ----A---- C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-08 23:01:29 ----A---- C:\WINDOWS\system32\wfapigp.dll
2016-03-08 23:01:29 ----A---- C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-08 23:01:29 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-08 23:01:29 ----A---- C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-08 23:01:29 ----A---- C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-08 23:01:28 ----A---- C:\WINDOWS\SYSWOW64\UserDataPlatformHelperUtil.dll
2016-03-08 23:01:28 ----A---- C:\WINDOWS\system32\drivers\BTHUSB.SYS
2016-03-08 23:01:27 ----A---- C:\WINDOWS\SYSWOW64\UserDataLanguageUtil.dll
2016-03-08 23:01:27 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2016-03-08 23:01:26 ----A---- C:\WINDOWS\SYSWOW64\UserDataTypeHelperUtil.dll
2016-03-08 23:01:25 ----A---- C:\WINDOWS\SYSWOW64\wfapigp.dll
2016-03-08 23:01:25 ----A---- C:\WINDOWS\system32\werui.dll
2016-03-08 23:01:25 ----A---- C:\WINDOWS\system32\UserDataService.dll
2016-03-08 23:01:25 ----A---- C:\WINDOWS\system32\profext.dll
2016-03-08 23:01:25 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2016-03-08 23:01:25 ----A---- C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-08 23:01:25 ----A---- C:\WINDOWS\system32\configurationclient.dll
2016-03-08 23:01:24 ----A---- C:\WINDOWS\SYSWOW64\werui.dll
2016-03-08 23:01:24 ----A---- C:\WINDOWS\SYSWOW64\fwpolicyiomgr.dll
2016-03-08 23:01:24 ----A---- C:\WINDOWS\system32\vaultsvc.dll
2016-03-08 23:01:24 ----A---- C:\WINDOWS\system32\vaultcli.dll
2016-03-08 23:01:23 ----A---- C:\WINDOWS\SYSWOW64\fontsub.dll
2016-03-08 23:01:23 ----A---- C:\WINDOWS\SYSWOW64\atmlib.dll
2016-03-08 23:01:23 ----A---- C:\WINDOWS\system32\scapi.dll
2016-03-08 23:01:23 ----A---- C:\WINDOWS\system32\fontsub.dll
2016-03-08 23:01:23 ----A---- C:\WINDOWS\system32\drivers\bthenum.sys
2016-03-08 23:01:23 ----A---- C:\WINDOWS\system32\atmlib.dll
2016-03-01 20:38:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-01 20:38:03 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-01 20:37:58 ----A---- C:\WINDOWS\system32\shell32.dll
2016-03-01 20:37:51 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2016-03-01 20:37:51 ----A---- C:\WINDOWS\system32\audiosrv.dll
2016-03-01 20:37:51 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-01 20:37:49 ----A---- C:\WINDOWS\system32\twinui.dll
2016-03-01 20:37:44 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 20:37:43 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-03-01 20:37:43 ----A---- C:\WINDOWS\system32\dwmcore.dll
2016-03-01 20:37:42 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2016-03-01 20:37:42 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-03-01 20:37:42 ----A---- C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-01 20:37:41 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-01 20:37:39 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-01 20:37:38 ----A---- C:\WINDOWS\system32\AudioSes.dll
2016-03-01 20:37:38 ----A---- C:\WINDOWS\system32\audiodg.exe
2016-03-01 20:37:37 ----A---- C:\WINDOWS\system32\wininet.dll
2016-03-01 20:37:36 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2016-03-01 20:37:36 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2016-03-01 20:37:36 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-01 20:37:36 ----A---- C:\WINDOWS\system32\mfcore.dll
2016-03-01 20:37:36 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-03-01 20:37:35 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-03-01 20:37:35 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-01 20:37:35 ----A---- C:\WINDOWS\system32\d3d11.dll
2016-03-01 20:37:34 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2016-03-01 20:37:34 ----A---- C:\WINDOWS\system32\CertEnroll.dll
2016-03-01 20:37:33 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2016-03-01 20:37:33 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-01 20:37:33 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-01 20:37:33 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-03-01 20:37:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.dll
2016-03-01 20:37:32 ----A---- C:\WINDOWS\system32\XblGameSave.dll
2016-03-01 20:37:32 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-01 20:37:32 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-03-01 20:37:32 ----A---- C:\WINDOWS\system32\schedsvc.dll
2016-03-01 20:37:32 ----A---- C:\WINDOWS\system32\InputService.dll
2016-03-01 20:37:31 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-03-01 20:37:31 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-03-01 20:37:31 ----A---- C:\WINDOWS\system32\XblAuthManager.dll
2016-03-01 20:37:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2016-03-01 20:37:30 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-03-01 20:37:30 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2016-03-01 20:37:29 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2016-03-01 20:37:29 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2016-03-01 20:37:29 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2016-03-01 20:37:29 ----A---- C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-01 20:37:29 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2016-03-01 20:37:28 ----A---- C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-01 20:37:28 ----A---- C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-01 20:37:27 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2016-03-01 20:37:27 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2016-03-01 20:37:27 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2016-03-01 20:37:27 ----A---- C:\WINDOWS\system32\ntdll.dll
2016-03-01 20:37:27 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2016-03-01 20:37:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2016-03-01 20:37:26 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2016-03-01 20:37:26 ----A---- C:\WINDOWS\SYSWOW64\CertEnroll.dll
2016-03-01 20:37:26 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-01 20:37:25 ----A---- C:\WINDOWS\SYSWOW64\Windows.AccountsControl.dll
2016-03-01 20:37:25 ----A---- C:\WINDOWS\system32\wwansvc.dll
2016-03-01 20:37:25 ----A---- C:\WINDOWS\system32\ngcsvc.dll
2016-03-01 20:37:25 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-01 20:37:24 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2016-03-01 20:37:24 ----A---- C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-01 20:37:24 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-01 20:37:24 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-01 20:37:24 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2016-03-01 20:37:23 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2016-03-01 20:37:23 ----A---- C:\WINDOWS\system32\NetSetupShim.dll
2016-03-01 20:37:23 ----A---- C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-01 20:37:22 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.dll
2016-03-01 20:37:22 ----A---- C:\WINDOWS\SYSWOW64\NetSetupEngine.dll
2016-03-01 20:37:22 ----A---- C:\WINDOWS\system32\Windows.UI.dll
2016-03-01 20:37:22 ----A---- C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-01 20:37:22 ----A---- C:\WINDOWS\system32\generaltel.dll
2016-03-01 20:37:21 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2016-03-01 20:37:21 ----A---- C:\WINDOWS\system32\wlansvc.dll
2016-03-01 20:37:21 ----A---- C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-01 20:37:21 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2016-03-01 20:37:21 ----A---- C:\WINDOWS\system32\usbmon.dll
2016-03-01 20:37:21 ----A---- C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-01 20:37:21 ----A---- C:\WINDOWS\system32\SharedStartModel.dll
2016-03-01 20:37:21 ----A---- C:\WINDOWS\system32\SettingSync.dll
2016-03-01 20:37:21 ----A---- C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-01 20:37:20 ----A---- C:\WINDOWS\system32\winload.exe
2016-03-01 20:37:20 ----A---- C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-01 20:37:19 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Audio.dll
2016-03-01 20:37:19 ----A---- C:\WINDOWS\SYSWOW64\taskschd.dll
2016-03-01 20:37:19 ----A---- C:\WINDOWS\SYSWOW64\MFCaptureEngine.dll
2016-03-01 20:37:19 ----A---- C:\WINDOWS\system32\winresume.exe
2016-03-01 20:37:19 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2016-03-01 20:37:18 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.MediaControl.dll
2016-03-01 20:37:18 ----A---- C:\WINDOWS\SYSWOW64\thumbcache.dll
2016-03-01 20:37:18 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2016-03-01 20:37:18 ----A---- C:\WINDOWS\system32\localspl.dll
2016-03-01 20:37:17 ----A---- C:\WINDOWS\SYSWOW64\SettingSync.dll
2016-03-01 20:37:17 ----A---- C:\WINDOWS\SYSWOW64\NetSetupShim.dll
2016-03-01 20:37:17 ----A---- C:\WINDOWS\system32\uDWM.dll
2016-03-01 20:37:17 ----A---- C:\WINDOWS\system32\thumbcache.dll
2016-03-01 20:37:17 ----A---- C:\WINDOWS\system32\taskschd.dll
2016-03-01 20:37:17 ----A---- C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-01 20:37:17 ----A---- C:\WINDOWS\system32\msvproc.dll
2016-03-01 20:37:17 ----A---- C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-01 20:37:17 ----A---- C:\WINDOWS\system32\drivers\bridge.sys
2016-03-01 20:37:17 ----A---- C:\WINDOWS\system32\bisrv.dll
2016-03-01 20:37:16 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2016-03-01 20:37:16 ----A---- C:\WINDOWS\system32\StorSvc.dll
2016-03-01 20:37:16 ----A---- C:\WINDOWS\system32\netlogon.dll
2016-03-01 20:37:16 ----A---- C:\WINDOWS\system32\drivers\rfcomm.sys
2016-03-01 20:37:16 ----A---- C:\WINDOWS\system32\drivers\dumpsd.sys
2016-03-01 20:37:15 ----A---- C:\WINDOWS\SYSWOW64\mfmkvsrcsnk.dll
2016-03-01 20:37:15 ----A---- C:\WINDOWS\system32\wuuhext.dll
2016-03-01 20:37:15 ----A---- C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-01 20:37:15 ----A---- C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-01 20:37:15 ----A---- C:\WINDOWS\system32\spoolsv.exe
2016-03-01 20:37:15 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2016-03-01 20:37:15 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2016-03-01 20:37:15 ----A---- C:\WINDOWS\system32\drivers\xinputhid.sys
2016-03-01 20:37:15 ----A---- C:\WINDOWS\system32\DisplayManager.dll
2016-03-01 20:37:15 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2016-03-01 20:37:14 ----A---- C:\WINDOWS\SYSWOW64\TextInputFramework.dll
2016-03-01 20:37:14 ----A---- C:\WINDOWS\SYSWOW64\netlogon.dll
2016-03-01 20:37:14 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2016-03-01 20:37:14 ----A---- C:\WINDOWS\system32\MDEServer.exe
2016-03-01 20:37:14 ----A---- C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-01 20:37:14 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2016-03-01 20:37:13 ----A---- C:\WINDOWS\SYSWOW64\WiFiDisplay.dll
2016-03-01 20:37:13 ----A---- C:\WINDOWS\SYSWOW64\MCRecvSrc.dll
2016-03-01 20:37:13 ----A---- C:\WINDOWS\system32\SyncController.dll
2016-03-01 20:37:13 ----A---- C:\WINDOWS\system32\SMSRouter.dll
2016-03-01 20:37:13 ----A---- C:\WINDOWS\system32\flvprophandler.dll
2016-03-01 20:37:13 ----A---- C:\WINDOWS\system32\drivers\xboxgip.sys
2016-03-01 20:37:13 ----A---- C:\WINDOWS\system32\drivers\acpi.sys
2016-03-01 20:37:12 ----A---- C:\WINDOWS\SYSWOW64\SyncController.dll
2016-03-01 20:37:12 ----A---- C:\WINDOWS\SYSWOW64\MSFlacDecoder.dll
2016-03-01 20:37:12 ----A---- C:\WINDOWS\system32\wlanapi.dll
2016-03-01 20:37:12 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-01 20:37:12 ----A---- C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-01 20:37:12 ----A---- C:\WINDOWS\system32\drivers\appid.sys
2016-03-01 20:37:11 ----A---- C:\WINDOWS\system32\psmsrv.dll
2016-03-01 20:37:11 ----A---- C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-01 20:37:10 ----A---- C:\WINDOWS\SYSWOW64\DisplayManager.dll
2016-03-01 20:37:10 ----A---- C:\WINDOWS\system32\wlansec.dll
2016-03-01 20:37:10 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 20:37:10 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2016-03-01 20:37:10 ----A---- C:\WINDOWS\system32\provpackageapidll.dll
2016-03-01 20:37:10 ----A---- C:\WINDOWS\system32\ngckeyenum.dll
2016-03-01 20:37:10 ----A---- C:\WINDOWS\system32\MBMediaManager.dll
2016-03-01 20:37:10 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2016-03-01 20:37:10 ----A---- C:\WINDOWS\system32\accountaccessor.dll
2016-03-01 20:37:09 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 20:37:09 ----A---- C:\WINDOWS\system32\wlansvcpal.dll
2016-03-01 20:37:09 ----A---- C:\WINDOWS\system32\wlanmsm.dll
2016-03-01 20:37:09 ----A---- C:\WINDOWS\system32\wininetlui.dll
2016-03-01 20:37:09 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-01 20:37:09 ----A---- C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-01 20:37:09 ----A---- C:\WINDOWS\system32\jsproxy.dll
2016-03-01 20:37:09 ----A---- C:\WINDOWS\system32\irmon.dll
2016-03-01 20:37:09 ----A---- C:\WINDOWS\system32\drivers\mrxsmb10.sys
2016-03-01 20:37:08 ----A---- C:\WINDOWS\SYSWOW64\wininetlui.dll
2016-03-01 20:37:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2016-03-01 20:37:08 ----A---- C:\WINDOWS\SYSWOW64\TimeBrokerClient.dll
2016-03-01 20:37:08 ----A---- C:\WINDOWS\SYSWOW64\LaunchWinApp.exe
2016-03-01 20:37:08 ----A---- C:\WINDOWS\SYSWOW64\jsproxy.dll
2016-03-01 20:37:08 ----A---- C:\WINDOWS\SYSWOW64\InputLocaleManager.dll
2016-03-01 20:37:08 ----A---- C:\WINDOWS\system32\wfdprov.dll
2016-03-01 20:37:08 ----A---- C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-01 20:37:08 ----A---- C:\WINDOWS\system32\srpapi.dll
2016-03-01 20:37:08 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-01 20:37:08 ----A---- C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-01 20:37:08 ----A---- C:\WINDOWS\system32\drivers\rasl2tp.sys
2016-03-01 20:37:08 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2016-03-01 20:37:08 ----A---- C:\WINDOWS\system32\AppCapture.dll
2016-02-25 11:20:47 ----D---- C:\Program Files\Common Files\Symantec Shared
2016-02-25 11:20:47 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT64x86.SYS
2016-02-25 11:19:01 ----D---- C:\WINDOWS\system32\drivers\NSx64
2016-02-25 11:18:59 ----AD---- C:\Program Files (x86)\Norton Security
2016-02-25 11:18:58 ----D---- C:\ProgramData\Norton
2016-02-25 11:18:45 ----D---- C:\ProgramData\NortonInstaller
2016-02-25 11:18:45 ----D---- C:\Program Files (x86)\NortonInstaller
2016-02-21 13:50:56 ----D---- C:\Program Files\7-Zip

======List of files/folders modified in the last 1 month======

2016-03-17 13:28:54 ----D---- C:\WINDOWS\system32\sru
2016-03-17 13:28:36 ----D---- C:\WINDOWS\Temp
2016-03-17 11:52:51 ----D---- C:\WINDOWS\Prefetch
2016-03-17 11:15:01 ----D---- C:\WINDOWS\System32
2016-03-17 11:15:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-17 09:26:00 ----RD---- C:\Program Files
2016-03-17 09:14:23 ----D---- C:\WINDOWS\AppReadiness
2016-03-17 09:14:20 ----HD---- C:\Program Files\WindowsApps
2016-03-17 09:07:43 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-16 21:19:27 ----HD---- C:\ProgramData
2016-03-16 19:44:21 ----SHD---- C:\System Volume Information
2016-03-16 19:41:54 ----D---- C:\WINDOWS\system32\config
2016-03-16 19:38:34 ----SHD---- C:\WINDOWS\Installer
2016-03-16 19:38:30 ----D---- C:\ProgramData\Microsoft Help
2016-03-16 19:36:32 ----D---- C:\WINDOWS\Microsoft.NET
2016-03-16 10:23:32 ----D---- C:\WINDOWS\system32\drivers
2016-03-16 10:08:56 ----D---- C:\WINDOWS\INF
2016-03-14 15:44:43 ----D---- C:\WINDOWS\system32\DriverStore
2016-03-14 15:44:30 ----D---- C:\Windows
2016-03-14 15:43:41 ----D---- C:\WINDOWS\system32\drivers\UMDF
2016-03-13 13:25:21 ----D---- C:\WINDOWS\WinSxS
2016-03-13 02:21:52 ----D---- C:\WINDOWS\CbsTemp
2016-03-13 02:21:49 ----D---- C:\WINDOWS\SysWOW64
2016-03-12 15:41:36 ----D---- C:\WINDOWS\Tasks
2016-03-12 15:41:36 ----D---- C:\WINDOWS\system32\Tasks
2016-03-10 20:55:59 ----RD---- C:\WINDOWS\assembly
2016-03-10 10:24:34 ----D---- C:\WINDOWS\system32\catroot2
2016-03-10 10:19:19 ----D---- C:\ProgramData\SoftwareDistribution
2016-03-10 09:10:27 ----D---- C:\WINDOWS\system32\migration
2016-03-10 09:10:20 ----D---- C:\WINDOWS\AppPatch
2016-03-10 09:10:20 ----D---- C:\Program Files\Windows Portable Devices
2016-03-10 09:10:20 ----D---- C:\Program Files\Windows Multimedia Platform
2016-03-10 09:10:20 ----D---- C:\Program Files\Windows Media Player
2016-03-10 09:10:20 ----D---- C:\Program Files\Internet Explorer
2016-03-10 09:10:20 ----D---- C:\Program Files (x86)\Windows Portable Devices
2016-03-10 09:10:20 ----D---- C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 09:10:20 ----D---- C:\Program Files (x86)\Internet Explorer
2016-03-09 15:20:05 ----D---- C:\WINDOWS\system32\MRT
2016-03-09 15:10:03 ----A---- C:\WINDOWS\system32\MRT.exe
2016-03-08 08:12:26 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2016-03-05 15:43:40 ----D---- C:\SWSetup
2016-03-04 01:23:57 ----D---- C:\WINDOWS\rescache
2016-03-02 10:00:36 ----D---- C:\WINDOWS\SYSWOW64\migration
2016-03-02 10:00:36 ----D---- C:\WINDOWS\SYSWOW64\Dism
2016-03-02 10:00:29 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2016-03-02 10:00:29 ----D---- C:\WINDOWS\system32\wbem
2016-03-02 10:00:29 ----D---- C:\WINDOWS\system32\SystemResetPlatform
2016-03-02 10:00:28 ----D---- C:\WINDOWS\system32\Dism
2016-03-02 10:00:28 ----D---- C:\WINDOWS\system32\Boot
2016-03-02 10:00:28 ----D---- C:\WINDOWS\system32\appraiser
2016-03-02 10:00:20 ----RSD---- C:\WINDOWS\Media
2016-03-02 10:00:20 ----RSD---- C:\WINDOWS\Fonts
2016-03-02 10:00:20 ----RD---- C:\WINDOWS\PurchaseDialog
2016-03-02 10:00:20 ----D---- C:\WINDOWS\bcastdvr
2016-03-02 10:00:19 ----D---- C:\Program Files\Windows Journal
2016-03-01 11:58:38 ----HD---- C:\WINDOWS\ELAMBKUP
2016-02-29 08:50:48 ----D---- C:\WINDOWS\LiveKernelReports
2016-02-25 11:43:00 ----D---- C:\Program Files (x86)\Common Files
2016-02-25 11:35:59 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2016-02-25 11:20:47 ----D---- C:\Program Files\Common Files
2016-02-25 11:18:59 ----RD---- C:\Program Files (x86)

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2015-12-16 65224]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2015-12-16 273784]
R0 hpdskflt;@oem33.inf,%service_desc%;HP Filter; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2015-01-27 31880]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2014-10-09 1398936]
R0 IntelHSWPcc;IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [2014-12-22 79528]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2015-12-16 93528]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2016-03-02 1065720]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2016-01-22 464256]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20160309.001\BHDrvx64.sys [2016-03-09 1766640]
R1 ccSet_NS;NS Settings Manager; C:\WINDOWS\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [2015-07-11 173808]
R1 CLVirtualDrive;CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [2013-11-12 91912]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2016-02-25 498512]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\IPSDefs\20160316.001\IDSvia64.sys [2016-02-24 767224]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\WINDOWS\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [2015-07-11 50936]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2015-12-16 28656]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2015-12-26 97648]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2015-12-16 155304]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-10-30 47616]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2015-10-30 78848]
R3 Accelerometer;@oem33.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2015-01-27 44680]
R3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth stereo; C:\WINDOWS\system32\drivers\BthA2DP.sys [2015-10-30 165376]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2016-02-24 112640]
R3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth handsfree; C:\WINDOWS\system32\DRIVERS\BthHfAud.sys [2015-10-30 36864]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-01-05 245760]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2015-10-30 128512]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-02-24 84992]
R3 clwvd;@oem20.inf,%clwvd.DeviceDesc%;CyberLink WebCam Virtual Driver; C:\WINDOWS\system32\DRIVERS\clwvd.sys [2014-01-28 41704]
R3 dptf_cpu;dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [2015-03-04 38720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2016-02-25 157520]
R3 esif_lf;esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [2015-03-04 216360]
R3 ibtusb;@oem17.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2015-07-14 263952]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2016-01-02 7858088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-03-04 4421976]
R3 iwdbus;@oem40.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-02-10 30512]
R3 MEIx64;@oem46.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [2014-11-10 129312]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160316.020\ENG64.SYS [2016-02-25 138488]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160316.020\EX64.SYS [2016-02-25 2148080]
R3 NETwNb64;___ Ovladač adaptéru Intel(R) Wireless pro systém Windows 8.1 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2016-01-02 3506464]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2016-02-23 176640]
R3 RTL8168;@oem38.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\System32\drivers\Rt630x64.sys [2015-01-30 876760]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-10-18 42696]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\WINDOWS\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [2015-11-12 928496]
S0 aswNdisFlt;@oem39.inf,%AfwDescriptionFree%;Avast! Firewall Driver; C:\WINDOWS\system32\DRIVERS\aswNdisFlt.sys [2015-11-25 466400]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2016-02-24 954368]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-01-04 117248]
S3 dg_ssudbus;@oem37.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2015-12-08 122160]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 HipShieldK;McAfee Inc. HipShieldK; C:\WINDOWS\system32\drivers\HipShieldK.sys [2015-05-19 207208]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-02-10 42288]
S3 IntcDAud;@oem23.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-04-28 455440]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-10-30 26624]
S3 mfencbdc;McAfee Inc. mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [2015-10-06 537192]
S3 mfencrk;McAfee Inc. mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [2015-10-06 109480]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2015-10-30 930656]
S3 SmbDrv;SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2015-02-13 33448]
S3 ssudmdm;@oem45.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2015-12-08 214832]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-12-16 226440]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R2 esifsvc;ESIF Upper Framework Service; C:\Windows\SysWOW64\esif_uf.exe [2015-03-04 1037568]
R2 hpsrv;@oem33.inf,%hpservice_desc%;HP Service; C:\WINDOWS\system32\Hpservice.exe [2015-01-27 44680]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-09-28 25800]
R2 HPWMISVC;HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2014-12-01 573704]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-10-09 18584]
R2 ibtsiva.exe;Intel Bluetooth Service; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [2014-08-22 121288]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2016-01-02 373160]
R2 IntelUSBoverIP;IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [2015-01-14 395744]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-11-10 158496]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2014-11-10 409376]
R2 NS;Norton Security; C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe [2015-11-20 282016]
R2 omniserv; HP SimplePass Service; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [2015-01-30 103424]
R2 OneSyncSvc_8420f75;Hostitel synchronizace_8420f75; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-04-14 389896]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-03-04 293080]
R3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2015-04-28 1102472]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 PimIndexMaintenanceSvc_8420f75;Data kontaktů_8420f75; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_162a054f;Hostitel synchronizace_162a054f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_39d344a;Hostitel synchronizace_39d344a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_49bb9;Hostitel synchronizace_49bb9; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_594df;Hostitel synchronizace_594df; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_5cd0d;Hostitel synchronizace_5cd0d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_71090;Hostitel synchronizace_71090; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_8342a3;Hostitel synchronizace_8342a3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_a4e568;Hostitel synchronizace_a4e568; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_aff847;Hostitel synchronizace_aff847; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-10-30 51376]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2016-01-02 300968]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-05-13 887256]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_162a054f;Služba zasílání zpráv_162a054f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_39d344a;Služba zasílání zpráv_39d344a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_49bb9;Služba zasílání zpráv_49bb9; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_594df;Služba zasílání zpráv_594df; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_71090;Služba zasílání zpráv_71090; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_8342a3;Služba zasílání zpráv_8342a3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_8420f75;Služba zasílání zpráv_8420f75; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_a4e568;Služba zasílání zpráv_a4e568; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_aff847;Služba zasílání zpráv_aff847; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-09-30 147624]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_162a054f;Data kontaktů_162a054f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_39d344a;Data kontaktů_39d344a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_49bb9;Data kontaktů_49bb9; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_594df;Data kontaktů_594df; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_71090;Data kontaktů_71090; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_8342a3;Data kontaktů_8342a3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_a4e568;Data kontaktů_a4e568; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_aff847;Data kontaktů_aff847; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S4 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]

-----------------EOF-----------------

[Roli]

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


V prohlížeči ještě ručně smaž historii.


Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


Nakonec použij Mbam z mého popdisu a dej mi sem z něj log po smazání nepořádku.

[Donecka]

Dobrý den,

předem se omlouvám, že odpovídám až nyní. Bohužel se s majitelkou PC nevidím často.

Problém mi nastal hned při prvním kroku- CCleaner vyžaduje ukončení Chromu, ale to bohužel nejde. Ani ve správci procesů ("proces nelze ukončit"), ani po odinstalaci Chromu a následném vyčistění registrů. Stále ve správci procesů zůstává jeden proces. Tím pádem se nedokončí čistič v CCleaneru, protože se u ukončení chromu zasekne, a registry v CCleaneru přeskočí vyčištění Chormu.
Ovšem vyskakovací okna v Chormu už nevyskakují po opětovné instalaci Chromu, takže je to asi vyřešené. Moc děkuji.

Přikládám log z rsitu.


Logfile of random's system information tool 1.10 (written by random/random)
Run by NurAsharaf at 2016-04-14 11:20:22
Microsoft Windows 10 Home
System drive C: has 348 GB (77%) free of 454 GB
Total RAM: 4018 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:20:28, on 14.04.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)
Boot mode: Normal

Running processes:
C:\WINDOWS\TEMP\DPTF\esif_assist.exe
C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
c:\Program Files (x86)\Cyberlink\YouCam\YouCamService.exe
C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\trend micro\NurAsharaf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\Windows\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem33.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (ibtsiva.exe) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: IntelUSBoverIP - Intel - C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe
O23 - Service: HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13258 bytes

======Listing Processes======







winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-41f15fd6-8700-4c50-9ca5-caf37e4cb546 -SystemEventPortName:HostProcess-511553f4-92e7-4acd-91e2-cbcfbde7f496 -IoCancelEventPortName:HostProcess-e8efaae9-87a5-48e4-bcf7-5a6b9fcef037 -NonStateChangingEventPortName:HostProcess-add983ab-1c63-486e-9140-437efb1c19a7 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f43700a1-7f7c-4bd8-bf6a-ac01ad22988c -DeviceGroupId:
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\Hpservice.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
dashost.exe {767a5672-8f35-4e02-8c8042fd1ee25783}
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe" /s "NS" /m "C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\diMaster.dll" /prefetch:1
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\esif_uf.exe
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe"
"C:\WINDOWS\TEMP\DPTF\esif_assist.exe"
"C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe" /c /a /s UserSession2
sihost.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe" /hideui
"C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
igfxEM.exe
C:\WINDOWS\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Hewlett-Packard\SimplePass\opbhobroker.exe"
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe"
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" /byrunkey
"c:\Program Files (x86)\Cyberlink\YouCam\YouCamService.exe"
"C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Users\NurAsharaf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1000.0.423330134\1969966764" --supports-dual-gpus=false --gpu-driver-bug-workarounds=3,11,16,25,54 --gpu-vendor-id=0x8086 --gpu-device-id=0x1606 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=20.19.15.4331 --ignored=" --type=renderer " /prefetch:2
"fontdrvhost.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
taskhostw.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe" -ServerName:App.AppXqagq4n4gvy0tjw576pgh6xr601s1h1mv.mca
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:796
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\WINDOWS\system32\browser_broker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe" SCODEF:5084 CREDAT:140545 EDGEHOST /prefetch:6
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe198_ Global\UsGthrCtrlFltPipeMssGthrPipe198 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 600 604 612 8192 608

"C:\Users\NurAsharaf\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\HPCeeScheduleForNurAsharaf.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForNurAsharaf (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\NurAsharaf\AppData\Roaming\Mozilla\Firefox\Profiles\gmj27lni.default

"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon\


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21 1051320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-25 885152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21 805560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-25 664184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17 629256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19 414920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-03-04 8459480]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2016-03-19 176952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-03-11 551104]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-03-11 8686296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\NurAsharaf\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"=C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [2015-01-30 127624]
"HPMessageService"=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [2014-12-01 509192]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-12-16 7021880]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-04-14 10:29:52 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2016-04-14 10:26:43 ----D---- C:\ProgramData\Malwarebytes
2016-04-14 10:26:43 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-14 10:26:43 ----A---- C:\WINDOWS\system32\drivers\mwac.sys
2016-04-14 10:26:43 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2016-04-14 10:26:43 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2016-04-14 10:22:39 ----D---- C:\Program Files (x86)\Google
2016-04-14 09:17:15 ----D---- C:\Program Files\CCleaner
2016-04-08 16:09:53 ----D---- C:\Users\NurAsharaf\AppData\Roaming\Apple Computer
2016-04-08 16:08:55 ----D---- C:\Program Files\iPod
2016-04-08 16:08:55 ----D---- C:\Program Files (x86)\iTunes
2016-04-08 16:08:53 ----D---- C:\ProgramData\Apple Computer
2016-04-08 16:08:53 ----AD---- C:\Program Files\iTunes
2016-04-08 16:07:16 ----AD---- C:\Program Files (x86)\Apple Software Update
2016-04-08 16:06:51 ----AD---- C:\Program Files\Bonjour
2016-04-08 16:06:51 ----AD---- C:\Program Files (x86)\Bonjour
2016-04-08 16:06:03 ----D---- C:\Program Files\Common Files\Apple
2016-03-30 12:15:43 ----D---- C:\Program Files\Common Files\AV
2016-03-17 10:26:00 ----D---- C:\rsit
2016-03-17 10:26:00 ----D---- C:\Program Files\trend micro

======List of files/folders modified in the last 1 month======

2016-04-14 11:20:09 ----D---- C:\WINDOWS\Prefetch
2016-04-14 11:10:02 ----D---- C:\WINDOWS\system32\sru
2016-04-14 10:53:32 ----D---- C:\WINDOWS\INF
2016-04-14 10:52:52 ----D---- C:\WINDOWS\Temp
2016-04-14 10:47:07 ----D---- C:\WINDOWS\SoftwareDistribution
2016-04-14 10:47:06 ----D---- C:\Windows
2016-04-14 10:29:52 ----D---- C:\WINDOWS\system32\drivers
2016-04-14 10:27:02 ----SHD---- C:\WINDOWS\Installer
2016-04-14 10:26:43 ----RD---- C:\Program Files (x86)
2016-04-14 10:26:43 ----HD---- C:\ProgramData
2016-04-14 10:22:42 ----D---- C:\WINDOWS\Tasks
2016-04-14 10:22:42 ----D---- C:\WINDOWS\system32\Tasks
2016-04-14 09:31:40 ----DC---- C:\WINDOWS\Panther
2016-04-14 09:31:39 ----D---- C:\WINDOWS\Minidump
2016-04-14 09:31:39 ----D---- C:\WINDOWS\debug
2016-04-14 09:17:15 ----RD---- C:\Program Files
2016-04-13 21:19:59 ----D---- C:\WINDOWS\system32\config
2016-04-13 20:49:13 ----D---- C:\WINDOWS\AppReadiness
2016-04-13 20:49:11 ----HD---- C:\Program Files\WindowsApps
2016-04-13 20:46:21 ----RD---- C:\WINDOWS\assembly
2016-04-13 10:51:52 ----D---- C:\WINDOWS\CbsTemp
2016-04-13 10:51:39 ----D---- C:\WINDOWS\system32\catroot2
2016-04-13 10:50:02 ----D---- C:\WINDOWS\WinSxS
2016-04-12 19:09:19 ----D---- C:\WINDOWS\Microsoft.NET
2016-04-12 09:26:15 ----D---- C:\WINDOWS\System32
2016-04-12 09:26:15 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-10 12:35:32 ----D---- C:\WINDOWS\system32\DriverStore
2016-04-08 16:08:02 ----SHD---- C:\System Volume Information
2016-04-08 16:07:14 ----D---- C:\ProgramData\Apple
2016-04-08 16:07:10 ----D---- C:\WINDOWS\system32\CatRoot
2016-04-08 16:06:51 ----D---- C:\WINDOWS\SysWOW64
2016-04-08 16:06:03 ----D---- C:\Program Files\Common Files
2016-04-08 16:05:34 ----D---- C:\Program Files (x86)\Common Files
2016-04-07 20:26:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-02 01:35:51 ----HD---- C:\WINDOWS\ELAMBKUP
2016-03-30 12:12:41 ----D---- C:\WINDOWS\system32\drivers\NSx64
2016-03-29 11:09:23 ----SD---- C:\Users\NurAsharaf\AppData\Roaming\Microsoft
2016-03-16 20:38:30 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2015-12-16 65224]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2015-12-16 273784]
R0 hpdskflt;@oem33.inf,%service_desc%;HP Filter; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2015-01-27 31880]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2014-10-09 1398936]
R0 IntelHSWPcc;IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [2014-12-22 79528]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2015-12-16 93528]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2016-03-02 1065720]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2016-01-22 464256]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20160316.006\BHDrvx64.sys [2016-03-09 1766640]
R1 ccSet_NS;NS Settings Manager; C:\WINDOWS\system32\drivers\NSx64\1606000.08E\ccSetx64.sys [2015-07-11 173808]
R1 CLVirtualDrive;CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [2013-11-12 91912]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2016-02-25 498512]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\IPSDefs\20160324.001\IDSvia64.sys [2016-02-24 767224]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\WINDOWS\system32\drivers\NSx64\1606000.08E\SRTSPX64.SYS [2015-07-11 50936]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2015-12-16 28656]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2015-12-26 97648]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2015-12-16 155304]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-10-30 47616]
R3 Accelerometer;@oem33.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2015-01-27 44680]
R3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth stereo; C:\WINDOWS\system32\drivers\BthA2DP.sys [2015-10-30 165376]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2016-02-24 112640]
R3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth handsfree; C:\WINDOWS\system32\DRIVERS\BthHfAud.sys [2015-10-30 36864]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-01-05 245760]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2015-10-30 128512]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-02-24 84992]
R3 clwvd;@oem20.inf,%clwvd.DeviceDesc%;CyberLink WebCam Virtual Driver; C:\WINDOWS\system32\DRIVERS\clwvd.sys [2014-01-28 41704]
R3 dptf_cpu;dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [2015-03-04 38720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2016-02-25 157520]
R3 esif_lf;esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [2015-03-04 216360]
R3 ibtusb;@oem17.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2015-07-14 263952]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2016-01-02 7858088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-03-04 4421976]
R3 iwdbus;@oem40.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-02-10 30512]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2016-03-10 27008]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2016-04-14 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2016-03-10 65408]
R3 MEIx64;@oem46.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [2014-11-10 129312]
R3 NETwNb64;___ Ovladač adaptéru Intel(R) Wireless pro systém Windows 8.1 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2016-01-02 3506464]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2016-02-23 176640]
R3 RTL8168;@oem38.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\System32\drivers\Rt630x64.sys [2015-01-30 876760]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-12-09 71288]
S0 aswNdisFlt;@oem39.inf,%AfwDescriptionFree%;Avast! Firewall Driver; C:\WINDOWS\system32\DRIVERS\aswNdisFlt.sys [2015-11-25 466400]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2016-02-24 954368]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-01-04 117248]
S3 dg_ssudbus;@oem37.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2015-12-08 122160]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 HipShieldK;McAfee Inc. HipShieldK; C:\WINDOWS\system32\drivers\HipShieldK.sys [2015-05-19 207208]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-02-10 42288]
S3 IntcDAud;@oem23.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-04-28 455440]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-10-30 26624]
S3 mfencbdc;McAfee Inc. mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [2015-10-06 537192]
S3 mfencrk;McAfee Inc. mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [2015-10-06 109480]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160326.001\ENG64.SYS [2016-02-25 138488]
S3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160326.001\EX64.SYS [2016-02-25 2148080]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2015-10-30 930656]
S3 SmbDrv;SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2015-02-13 33448]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\WINDOWS\System32\Drivers\NSx64\1606000.08E\SRTSP64.SYS [2016-02-24 928504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-03-02 83768]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-12-16 226440]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R2 esifsvc;ESIF Upper Framework Service; C:\Windows\SysWOW64\esif_uf.exe [2015-03-04 1037568]
R2 hpsrv;@oem33.inf,%hpservice_desc%;HP Service; C:\WINDOWS\system32\Hpservice.exe [2015-01-27 44680]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-02-18 26680]
R2 HPWMISVC;HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2014-12-01 573704]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-10-09 18584]
R2 ibtsiva.exe;Intel Bluetooth Service; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [2014-08-22 121288]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2016-01-02 373160]
R2 IntelUSBoverIP;IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [2015-01-14 395744]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-11-10 158496]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2014-11-10 409376]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R2 NS;Norton Security; C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe [2016-02-26 289080]
R2 omniserv; HP SimplePass Service; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [2015-01-30 103424]
R2 OneSyncSvc_479aa;Hostitel synchronizace_479aa; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-04-14 389896]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-03-04 293080]
R3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2015-04-28 1102472]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2016-03-19 651576]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 PimIndexMaintenanceSvc_479aa;Data kontaktů_479aa; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14 154440]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_162a054f;Hostitel synchronizace_162a054f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_39d344a;Hostitel synchronizace_39d344a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_49bb9;Hostitel synchronizace_49bb9; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_594df;Hostitel synchronizace_594df; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_5cd0d;Hostitel synchronizace_5cd0d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_655f50a;Hostitel synchronizace_655f50a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_71090;Hostitel synchronizace_71090; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_8342a3;Hostitel synchronizace_8342a3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_a4e568;Hostitel synchronizace_a4e568; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_aff847;Hostitel synchronizace_aff847; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-10-30 51376]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2016-01-02 300968]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14 154440]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-05-13 887256]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_162a054f;Služba zasílání zpráv_162a054f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_39d344a;Služba zasílání zpráv_39d344a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_479aa;Služba zasílání zpráv_479aa; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_49bb9;Služba zasílání zpráv_49bb9; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_594df;Služba zasílání zpráv_594df; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_655f50a;Služba zasílání zpráv_655f50a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_71090;Služba zasílání zpráv_71090; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_8342a3;Služba zasílání zpráv_8342a3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_a4e568;Služba zasílání zpráv_a4e568; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_aff847;Služba zasílání zpráv_aff847; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-09-30 147624]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_162a054f;Data kontaktů_162a054f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_39d344a;Data kontaktů_39d344a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_49bb9;Data kontaktů_49bb9; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_594df;Data kontaktů_594df; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_655f50a;Data kontaktů_655f50a; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_71090;Data kontaktů_71090; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_8342a3;Data kontaktů_8342a3; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_a4e568;Data kontaktů_a4e568; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_aff847;Data kontaktů_aff847; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S4 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]

-----------------EOF-----------------

[Roli]

Dobrý den,

předem se omlouvám, že odpovídám až nyní. Bohužel se s majitelkou PC nevidím často.

V pohodě času dost

Problém mi nastal hned při prvním kroku- CCleaner vyžaduje ukončení Chromu, ale to bohužel nejde. Ani ve správci procesů ("proces nelze ukončit"), ani po odinstalaci Chromu a následném vyčistění registrů. Stále ve správci procesů zůstává jeden proces. Tím pádem se nedokončí čistič v CCleaneru, protože se u ukončení chromu zasekne, a registry v CCleaneru přeskočí vyčištění Chormu.
Ovšem vyskakovací okna v Chormu už nevyskakují po opětovné instalaci Chromu, takže je to asi vyřešené. Moc děkuji.

V Knihovně Plánovače úloh zakaž Google Update buzde to tam vícekrát.


Stiskni klávesy Windows + R do okna Spustit >> napiš - services.msc >> Enter. Najdi službu :

Služba Google Update (gupdate)
Služba Google Update (gupdatem)

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.


Pak bych rád ještě zkouknul ten log z Mbam o který jsem žádal.