Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Zavírený PC

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
PureHate44
Návštěvník
Návštěvník
Příspěvky: 158
Registrován: 28 čer 2011 17:49

Zavírený PC

#1 Příspěvek od PureHate44 »

Zdravím. NEdávno som nechtiac otvoril zavírený exe súbor a naťahal mi tam všelijaku haveť.
Namiesto google vyhľadavača mi tam naskakuje nejaký http://search5.fvpimageviewer.com/
Ďakujem za kontrolu :)

Logfile of random's system information tool 1.10 (written by random/random)
Run by Peter at 2016-11-22 16:40:28
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 8 GB (4%) free of 200 GB
Total RAM: 4095 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:40:33, on 22. 11. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18525)
Boot mode: Normal

Running processes:
C:\Users\Peter\AppData\Roaming\ICQ\bin\icq.exe
C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe
C:\Windows\SysWOW64\CTHELPER.EXE
C:\Users\Peter\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe
C:\Users\Peter\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
C:\Users\Peter\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
C:\Users\Peter\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe
C:\Users\Peter\AppData\Local\RadioSure\RadioSure.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files\trend micro\Peter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amisites.com/?type=hp&ts=147 ... 2331123311
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amisites.com/?type=hp&ts=147 ... 2331123311
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amisites.com/?type=hp&ts=147 ... 2331123311
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.amisites.com/search/?type=ds ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.amisites.com/search/?type=ds ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amisites.com/?type=hp&ts=147 ... 2331123311
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.amisites.com/search/?type=ds ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.amisites.com/search/?type=ds ... earchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [XChatSE] "C:\IRC\xchat.exe" --minimize=2
O4 - HKCU\..\Run: [icq.desktop] "C:\Users\Peter\AppData\Roaming\ICQ\bin\icq.exe" /startup
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [001d46a7] C:\Users\Peter\AppData\Local\Temp\world-super-ext.exe
O4 - HKCU\..\Run: [001dae8c] C:\Users\Peter\AppData\Local\Temp\world-super-ext.exe
O4 - Startup: Facebook Gameroom.lnk = Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe
O4 - Startup: MEGAsync.lnk = Peter\AppData\Local\MEGAsync\MEGAsync.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ed2k idle service (ed2kidle) - http://www.amule.org/ - C:\Program Files (x86)\amuleC1\ed2k.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: YAC Service (iSafeService) - Elex do Brasil Participaçoes Ltda - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
O23 - Service: iThemes5 - Unknown owner - rundll32.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProductAgentService - Bitdefender - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UvConv - Unknown owner - C:\Users\Peter\AppData\Roaming\ibeib\UvConverter.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows - Unknown owner - C:\Windows\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11585 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
"C:\Windows\system32\nvvsvc.exe"
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k netsvcs

c:\windows\system32\svchost.exe -k gpsvcgroup
rundll32 "C:\Program Files (x86)\Common Files\Services\iThemes.dll",fnde_svr
rundll32 "C:\Program Files (x86)\Common Files\Services\iThemes.dll",fnde_svr
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
c:\windows\system32\svchost.exe -k networkservice
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
taskeng.exe {7ACEF118-6CF1-4EDF-8F07-0C9BF2F714D6}
c:\windows\system32\svchost.exe -k localservicenonetwork
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\SysWOW64\svchost.exe -k ArcherGroupEx
c:\windows\system32\svchost.exe -k utcsvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\Bitdefender Agent\ProductAgentService.exe"
C:\Windows\SysWOW64\svchost.exe -k Qovchgroserge
"C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe"
"C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"
"C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe"
c:\windows\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\IRC\xchat.exe" --minimize=2
"C:\Users\Peter\AppData\Roaming\ICQ\bin\icq.exe" /startup
c:\windows\system32\svchost.exe -k wersvcgroup
c:\windows\system32\svchost.exe -k secsvcs
C:\Windows\svchost.exe
"C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
\??\C:\Windows\system32\conhost.exe "91473777898466752718363606713302135681833081123147072798246075144835826469
"C:\Windows\csrss.exe" -l zcl.suprnova.cc:4042 -u kasyanoff.zcl -p 111
"C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe" fbgames://windows_startup/
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\System32\CTHELPER.EXE"
"C:\Users\Peter\AppData\Local\MEGAsync\MEGAsync.exe"
"C:\Program Files (x86)\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe" /r
WLIDSvcM.exe 2668
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
CefSharp.BrowserSubprocess.exe --type=gpu-process --channel="2988.0.576417845\1830686678" --no-sandbox --lang=en-US --log-file="C:\Users\Peter\AppData\Local\Facebook\Games\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 CanvasFrame/1.1.0.4 Safari/537.36 FacebookCanvasDesktop [FBAN/GamesWindowsDesktopApp; FBAV/1.1.0.4]" --supports-dual-gpus=false --gpu-driver-bug-workarounds=3,11,25,54,64 --gpu-vendor-id=0x10de --gpu-device-id=0x0a65 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3182 --lang=en-US --log-file="C:\Users\Peter\AppData\Local\Facebook\Games\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 CanvasFrame/1.1.0.4 Safari/537.36 FacebookCanvasDesktop [FBAN/GamesWindowsDesktopApp; FBAV/1.1.0.4]" /prefetch:2
"C:\Users\Peter\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\totalcmd\TOTALCMD64.EXE"
"C:\Users\Peter\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe" uTorrent_2592_00327328_1601542770 µTorrent4823DF041B09 uTorrent
"C:\Users\Peter\AppData\Local\RadioSure\RadioSure.exe"
taskmgr.exe /3
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
"C:\Windows\system32\wuauclt.exe"
C:\Windows\SysWOW64\svchost.exe -k WinSAPSvc
"C:\Program Files (x86)\amuleC1\ed2k.exe" -downloadwhenidle
"C:\Users\Peter\AppData\Roaming\ibeib\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577}
C:\Windows\SysWOW64\svchost.exe -k LocalServiceir
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe"
"C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe"
taskeng.exe {0411969A-2CD8-415A-A48B-EF6146CC0E20}
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" "http://www.trotux.com/?z=22ae0d2a5db196 ... 11&type=hp"
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Program Files (x86)\Gunbean\Reports\Dump" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=54.0.2840.71 --handshake-handle=0x94
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=gpu-process --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,14,15,16,19,33,59,73 --gpu-vendor-id=0x10de --gpu-device-id=0x0a65 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3182 --gpu-driver-date=11-11-2013 --mojo-application-channel-token=660E5683B8F7BEE57A675EC36AB633E1 --mojo-platform-channel-handle=1084 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=616DB700D0704F7FC07B1EF8A9730D04 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=616DB700D0704F7FC07B1EF8A9730D04 --channel="7404.2.1000673407\40885733" --mojo-platform-channel-handle=2356 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=45530BCB2116000EFC26B4B29A83BB0C --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=45530BCB2116000EFC26B4B29A83BB0C --channel="7404.3.1312008602\363355632" --mojo-platform-channel-handle=2128 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=9BE5042690BE9A29EF94525FAD548310 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=9BE5042690BE9A29EF94525FAD548310 --channel="7404.5.353909780\842867403" --mojo-platform-channel-handle=4444 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=A37B6439A4AC97724519D175B8CF9371 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=A37B6439A4AC97724519D175B8CF9371 --channel="7404.8.1920463184\1842171923" --mojo-platform-channel-handle=5160 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=AD0AB4ED684945F45B3BEB6FB68C4EA3 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=AD0AB4ED684945F45B3BEB6FB68C4EA3 --channel="7404.10.2013892061\428892474" --mojo-platform-channel-handle=2292 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=ppapi --ppapi-flash-args --lang=sk --device-scale-factor=1 --mojo-application-channel-token=434248BCF9BD6059B73C065DEA897594 --mojo-platform-channel-handle=2012 --ignored=" --type=renderer " /prefetch:3
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=C4B0D3A2C4B296D9826CAF8964E1CC83 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=C4B0D3A2C4B296D9826CAF8964E1CC83 --channel="7404.13.1403109635\1102575119" --mojo-platform-channel-handle=5400 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=EF31B4B3F81C62ED2EBDEF1AE806C988 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=EF31B4B3F81C62ED2EBDEF1AE806C988 --channel="7404.14.1077434129\843820026" --mojo-platform-channel-handle=4724 /prefetch:1
C:\Windows\system32\prevhost.exe {914FEED8-267A-4BAA-B8AA-21E233792679} -Embedding
"C:\Program Files\Windows Media Player\wmprph.exe" -Embedding
"C:\Users\Peter\Downloads\RSITx64.exe"
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=3E0AAEDD4AADFB1FA6F206E3EA50E4ED --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=3E0AAEDD4AADFB1FA6F206E3EA50E4ED --channel="7404.15.692849141\1445479018" --mojo-platform-channel-handle=6068 /prefetch:1
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\UCBrowserUpdater.job - C:\Program Files (x86)\UCBrowser\Application\update_task.exe /update

=========Mozilla firefox=========

ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.luckysearch123.com?type=hp&t ... 3ocbazegcc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@unity3d.com/UnityPlayer64,version=1.0]
"Description"=Unity Player 4.6.6f2
"Path"=C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
KavAntiBanner@kaspersky.ru_bak
linkfilter@kaspersky.ru_bak

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll

C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default\extensions\
amcontextmenu@loucypher
arthurj8283@gmail.com

C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default\searchplugins\
amisites.xml
luck.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-04 461888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-04 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"=REGSVR32 /S CTASIO.DLL []
"AsioThk32Reg"=C:\Windows\SYSWOW64\REGSVR32.EXE [2009-07-14 14848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"XChatSE"=C:\IRC\xchat.exe [2015-09-12 320512]
"icq.desktop"=C:\Users\Peter\AppData\Roaming\ICQ\bin\icq.exe [2016-11-18 26344584]
"uTorrent"=C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe [2016-04-06 4888064]
"001d46a7"=C:\Users\Peter\AppData\Local\Temp\world-super-ext.exe []
"001dae8c"=C:\Users\Peter\AppData\Local\Temp\world-super-ext.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21 1156824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17RunE]
RunDll32 P17RunE.dll,RunDLLEntry []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2013-04-12 80480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
C:\PROGRA~1\RAINME~1\RAINME~1.EXE [2013-10-29 36536]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"=REGSVR32 /S CTASIO.DLL []
"CTHelper"=CTHELPER.EXE []
"CTSysVol"=C:\Program Files (x86)\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Gameroom.lnk - C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe
MEGAsync.lnk - C:\Users\Peter\AppData\Local\MEGAsync\MEGAsync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5EBD559E-A5BA-11E6-B9FD-64006A5CFC23}"=C:\Users\Peter\AppData\Roaming\Phucusy\Pipothzo.dll [2016-11-18 146944]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Ace Translator\AceTrans.exe"="C:\Program Files (x86)\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files (x86)\Ace Translator\AceTrans.exe"="C:\Program Files (x86)\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux1"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"vidc.pDAD"=prodad-codec.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2016-11-22 16:23:48 ----A---- C:\Windows\system32\drivers\iSafeNetFilter.sys
2016-11-22 16:23:48 ----A---- C:\Windows\system32\drivers\iSafeKrnlBoot.sys
2016-11-22 16:23:45 ----D---- C:\Windows\system32\log
2016-11-22 16:23:43 ----D---- C:\Users\Peter\AppData\Roaming\Elex-tech
2016-11-22 16:23:43 ----D---- C:\Program Files (x86)\Elex-tech
2016-11-22 16:22:23 ----D---- C:\ProgramData\PreEmptive Solutions
2016-11-22 16:22:17 ----D---- C:\Program Files (x86)\Gunbean
2016-11-22 12:04:06 ----D---- C:\Users\Peter\AppData\Roaming\ibeib
2016-11-22 12:04:00 ----D---- C:\Program Files (x86)\UvConverter
2016-11-22 12:03:39 ----D---- C:\Users\Peter\AppData\Roaming\aMule
2016-11-22 12:03:39 ----D---- C:\Program Files (x86)\amuleC1
2016-11-22 11:53:06 ----D---- C:\Program Files (x86)\o3zf4ykj
2016-11-19 11:17:21 ----D---- C:\ProgramData\WinSAPSvc
2016-11-19 11:17:10 ----D---- C:\Program Files (x86)\WinArcher
2016-11-19 11:17:07 ----D---- C:\ProgramData\ChelfNotify
2016-11-19 11:16:06 ----D---- C:\Program Files (x86)\bbj0vu03
2016-11-19 11:08:23 ----D---- C:\Program Files (x86)\SafeNet Sentinel
2016-11-19 11:05:26 ----AD---- C:\ADCDA2
2016-11-18 20:46:10 ----D---- C:\Program Files (x86)\UCBrowser
2016-11-18 20:42:56 ----D---- C:\ProgramData\Avira
2016-11-18 20:42:56 ----D---- C:\ProgramData\Avg
2016-11-18 20:41:44 ----D---- C:\Windows\Azart
2016-11-18 20:41:44 ----A---- C:\Windows\svchost.exe
2016-11-18 20:41:41 ----A---- C:\Windows\csrss.exe
2016-11-18 20:41:40 ----D---- C:\Users\Peter\AppData\Roaming\Phucusy
2016-11-18 20:41:26 ----D---- C:\Users\Peter\AppData\Roaming\Profiles
2016-11-18 20:41:25 ----A---- C:\Windows\taskmgr.exe
2016-11-18 20:41:20 ----D---- C:\Program Files (x86)\Gijqwiy
2016-11-18 19:00:02 ----D---- C:\Program Files (x86)\nodongle.biz
2016-11-18 18:59:32 ----A---- C:\Windows\system32\drivers\sentinel64.sys
2016-11-18 18:59:17 ----D---- C:\ProgramData\SafeNet Sentinel
2016-11-09 10:42:42 ----A---- C:\Windows\system32\mshtml.dll
2016-11-09 10:42:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-11-09 10:42:37 ----A---- C:\Windows\system32\ieframe.dll
2016-11-09 10:42:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-11-09 10:42:32 ----A---- C:\Windows\system32\jscript9.dll
2016-11-09 10:42:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-11-09 10:42:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-11-09 10:42:29 ----A---- C:\Windows\system32\wininet.dll
2016-11-09 10:42:28 ----A---- C:\Windows\system32\win32k.sys
2016-11-09 10:42:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-11-09 10:42:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-11-09 10:42:26 ----A---- C:\Windows\system32\iertutil.dll
2016-11-09 10:42:25 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-11-09 10:42:25 ----A---- C:\Windows\system32\urlmon.dll
2016-11-09 10:42:24 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2016-11-09 10:42:24 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-11-09 10:42:24 ----A---- C:\Windows\system32\UIAnimation.dll
2016-11-09 10:42:24 ----A---- C:\Windows\system32\ntdll.dll
2016-11-09 10:42:24 ----A---- C:\Windows\system32\MSVidCtl.dll
2016-11-09 10:42:24 ----A---- C:\Windows\system32\lsasrv.dll
2016-11-09 10:42:23 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-11-09 10:42:22 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-11-09 10:42:22 ----A---- C:\Windows\SYSWOW64\MSVidCtl.dll
2016-11-09 10:42:22 ----A---- C:\Windows\system32\msv1_0.dll
2016-11-09 10:42:21 ----A---- C:\Windows\system32\win32spl.dll
2016-11-09 10:42:21 ----A---- C:\Windows\system32\clfs.sys
2016-11-09 10:42:20 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-11-09 10:42:20 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-11-09 10:42:20 ----A---- C:\Windows\system32\atmfd.dll
2016-11-09 10:42:19 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-11-09 10:42:18 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2016-11-09 10:42:18 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2016-11-09 10:42:18 ----A---- C:\Windows\system32\msfeeds.dll
2016-11-09 10:42:18 ----A---- C:\Windows\system32\inetcomm.dll
2016-11-09 10:42:18 ----A---- C:\Windows\system32\IMJP10K.DLL
2016-11-09 10:42:18 ----A---- C:\Windows\system32\ie4uinit.exe
2016-11-09 10:42:17 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-11-09 10:42:17 ----A---- C:\Windows\system32\msctf.dll
2016-11-09 10:42:16 ----A---- C:\Windows\system32\iedkcs32.dll
2016-11-09 10:42:16 ----A---- C:\Windows\system32\drivers\bowser.sys
2016-11-09 10:42:15 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-11-09 10:42:15 ----A---- C:\Windows\system32\UtcResources.dll
2016-11-09 10:42:15 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 10:42:14 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-11-09 10:42:14 ----A---- C:\Windows\SYSWOW64\input.dll
2016-11-09 10:42:14 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2016-11-09 10:42:14 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2016-11-09 10:42:14 ----A---- C:\Windows\system32\oleaut32.dll
2016-11-09 10:42:14 ----A---- C:\Windows\system32\input.dll
2016-11-09 10:42:14 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-11-09 10:42:14 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-11-09 10:42:14 ----A---- C:\Windows\system32\asycfilt.dll
2016-11-09 10:42:13 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2016-11-09 10:42:13 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-11-09 10:42:13 ----A---- C:\Windows\SYSWOW64\msctf.dll
2016-11-09 10:42:13 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\webcheck.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\msrating.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\mshtmled.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\dxtrans.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\dxtmsft.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\certcli.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\INETRES.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\vbscript.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\rpcrt4.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\occache.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\jsproxy.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\jscript9diag.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\jscript.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\inseng.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\INETRES.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\ieUnatt.exe
2016-11-09 10:42:11 ----A---- C:\Windows\system32\ieui.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\iesetup.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\iernonce.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\lpk.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\wow64win.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\wow64cpu.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\wow64.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\winsrv.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\wdigest.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\TSpkg.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\sspisrv.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\sspicli.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\srcore.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\srclient.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\smss.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\schannel.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\secur32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\rstrui.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\rpchttp.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\ntvdm64.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\ncrypt.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\lsass.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\lpk.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\KernelBase.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\kernel32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\kerberos.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\ieapfltr.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\fontsub.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-11-09 10:42:10 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-11-09 10:42:10 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-11-09 10:42:10 ----A---- C:\Windows\system32\drivers\appid.sys
2016-11-09 10:42:10 ----A---- C:\Windows\system32\dciman32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\csrsrv.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\cryptbase.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\credssp.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\conhost.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\auditpol.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\atmlib.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\appidsvc.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\appidapi.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\advapi32.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\user.exe
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\tzres.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\msobjs.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\msaudite.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 10:42:09 ----A---- C:\Windows\system32\apisetschema.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\adtschema.dll
2016-11-09 10:41:36 ----A---- C:\Windows\system32\diagtrack.dll

======List of files/folders modified in the last 1 month======

2016-11-22 16:40:29 ----D---- C:\Program Files\trend micro
2016-11-22 16:40:27 ----D---- C:\Windows\Temp
2016-11-22 16:40:05 ----D---- C:\Users\Peter\AppData\Roaming\uTorrent
2016-11-22 16:23:48 ----D---- C:\Windows\system32\drivers
2016-11-22 16:23:45 ----D---- C:\Windows\System32
2016-11-22 16:23:43 ----RD---- C:\Program Files (x86)
2016-11-22 16:23:11 ----D---- C:\Windows\SysWOW64
2016-11-22 16:22:23 ----D---- C:\ProgramData
2016-11-22 16:21:34 ----D---- C:\Program Files\Bitdefender Agent
2016-11-22 12:13:15 ----D---- C:\Windows\system32\config
2016-11-22 12:04:23 ----SHD---- C:\Windows\Installer
2016-11-22 12:04:22 ----D---- C:\Config.Msi
2016-11-22 12:00:30 ----SHD---- C:\System Volume Information
2016-11-22 11:53:19 ----D---- C:\Windows\system32\Tasks
2016-11-21 04:01:50 ----D---- C:\Windows\inf
2016-11-20 16:29:28 ----D---- C:\Users\Peter\AppData\Roaming\TeamViewer
2016-11-20 16:29:02 ----D---- C:\Windows
2016-11-19 15:19:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-11-19 11:39:44 ----D---- C:\Windows\system32\DriverStore
2016-11-19 11:08:33 ----D---- C:\Windows\system32\catroot
2016-11-19 11:08:23 ----D---- C:\Program Files (x86)\Common Files
2016-11-18 21:08:58 ----D---- C:\AdwCleaner
2016-11-18 21:08:42 ----D---- C:\Windows\Tasks
2016-11-18 20:42:56 ----D---- C:\ProgramData\AVAST Software
2016-11-18 20:42:56 ----D---- C:\Program Files (x86)\TuneUp Utilities 2012
2016-11-18 20:42:56 ----D---- C:\Program Files (x86)\DivX
2016-11-18 20:42:56 ----D---- C:\Program Files (x86)\CrystalDiskInfo
2016-11-18 20:42:27 ----RD---- C:\Program Files (x86)\Skype
2016-11-18 20:42:27 ----HD---- C:\Program Files (x86)\Uninstall Information
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\ZbrojniPrukaz
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Zbani
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\YoWindow
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\xchat
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Winter Sports 2012
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Sidebar
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Portable Devices
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows NT
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Media Player
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Mail
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Live
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Defender
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Winamp
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\VirtualDJ
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\VideoLAN
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Valve
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\uTorrent
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\TuneUp Utilities 2013
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\trend micro
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\TNod User & Password Finder
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\THQ
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\TeamViewer
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\SpeedVID
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Simple Shutdown Timer
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\SimBin
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Shock Utility
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Seznam.cz
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Reference Assemblies
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Rebellion
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Real
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\RailWorks
2016-11-18 20:42:26 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-11-18 20:42:26 ----HD---- C:\Program Files (x86)\Creative Installation Information
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\RailSimulator.com
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\PC Tools Security
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Origin
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Oracle
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\OpenAL
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\NSIS Uninstall Information
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\NewBlue
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Nero
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\NAMCO BANDAI Games
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\N3V Games
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\MSXML 4.0
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\MSBuild
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft WSE
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Works
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Office
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Maxthon
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Marvell
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Ladicka
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Kalypso Media
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\JDownloader
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Java
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\IObit
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Internet Explorer
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Intel
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Cheat Engine 6.5.1
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Cheat Engine 6.5
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Cheat Engine 6.4
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Cheat Engine 6.2
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Charles
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Guitar Pro 5
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Google
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\GoldWave
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\GameSpy Arcade
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Game Booster Premium 2.0 Retail
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Full Tilt Poker
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\FlatOut 3
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\FileHippo.com
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Fiddler2
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Exact Audio Copy
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Electronic Arts
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\EA GAMES
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\DsNET Corp
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Disney Interactive Studios
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Deep Silver
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\CyberLink
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Crystal Software
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Creative
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Crash Time 4 - The Syndicate
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Counter-Strike 1.6
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Codemasters
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Bonjour
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\BandiMPEG1
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Bandicam
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Audio Editor Gold
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Atari
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Ahead
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Aerosoft
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Adobe
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Activision
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\ACD Systems
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Ableton
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\8BallRuler
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\1C Company
2016-11-18 20:41:48 ----D---- C:\Windows\Prefetch
2016-11-18 19:07:34 ----D---- C:\Users\Peter\AppData\Roaming\ICQ
2016-11-16 14:14:45 ----D---- C:\Users\Peter\AppData\Roaming\Skype
2016-11-14 14:59:53 ----D---- C:\ProgramData\Skype
2016-11-11 04:17:48 ----D---- C:\Windows\winsxs
2016-11-10 20:26:45 ----D---- C:\Program Files\Internet Explorer
2016-11-10 20:26:44 ----D---- C:\Windows\SYSWOW64\sk-SK
2016-11-10 20:26:44 ----D---- C:\Windows\SYSWOW64\migration
2016-11-10 20:26:43 ----D---- C:\Windows\SYSWOW64\en-US
2016-11-10 20:26:41 ----D---- C:\Windows\system32\sk-SK
2016-11-10 20:26:41 ----D---- C:\Windows\system32\migration
2016-11-10 20:26:39 ----D---- C:\Windows\system32\en-US
2016-11-10 20:26:36 ----D---- C:\Windows\AppPatch
2016-11-10 20:26:35 ----D---- C:\Windows\system32\Boot
2016-11-10 04:41:27 ----D---- C:\Windows\system32\MRT
2016-11-10 04:30:00 ----AC---- C:\Windows\system32\MRT.exe
2016-11-10 04:28:32 ----D---- C:\ProgramData\Microsoft Help
2016-11-10 04:18:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-11-10 04:18:34 ----D---- C:\Windows\system32\Macromed
2016-11-10 04:18:32 ----D---- C:\Windows\SYSWOW64\Macromed
2016-11-09 10:33:18 ----D---- C:\Windows\system32\catroot2
2016-10-30 18:25:15 ----D---- C:\Windows\Microsoft.NET
2016-10-29 14:54:09 ----D---- C:\Program Files\CCleaner
2016-10-26 16:29:06 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 audas0;%audas0.SvcDescr%; C:\Windows\system32\DRIVERS\audas0.sys [2016-11-19 1191040]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2014-12-25 26528]
R1 iSafeKrnl;YAC Mini-Filter Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [2016-05-23 262344]
R1 iSafeKrnlKit;YAC Kit Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [2016-05-23 110112]
R1 iSafeKrnlMon;YAC Monitor Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [2016-05-23 52440]
R1 iSafeKrnlR3;YAC Ring3 Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [2016-05-23 103904]
R1 iSafeNetFilter;YAC NDIS Driver; C:\Windows\system32\DRIVERS\iSafeNetFilter.sys [2016-05-19 52392]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-02-02 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-02-02 43680]
R2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-05-14 196384]
R3 P17;SB Live! 24-bit; C:\Windows\system32\drivers\P17.sys [2007-12-06 1276928]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-05-14 33008]
S1 UCGuard;UCGuard; C:\Windows\system32\DRIVERS\ucguard.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [2005-08-03 151552]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2005-08-03 573952]
S3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2005-08-03 738560]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [2005-08-03 695808]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [2005-08-03 208896]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [2005-08-03 316928]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [2005-08-03 169472]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [2005-08-03 356864]
S3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2005-08-03 9728]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [2005-08-03 676864]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2005-08-03 284160]
S3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2005-08-03 130048]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\Windows\system32\drivers\ha10kx2k.sys [2005-08-03 1300480]
S3 iSafeKrnlBoot;YAC Boot Driver; C:\Windows\system32\DRIVERS\iSafeKrnlBoot.sys [2016-05-23 55056]
S3 kxwdmdrv;kX WDM Driver Service; C:\Windows\system32\drivers\kx.sys []
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2005-08-03 205824]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2014-02-15 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2014-02-15 57856]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 Archer;Archer; C:\Windows\SysWOW64\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ed2kidle;ed2k idle service; C:\Program Files (x86)\amuleC1\ed2k.exe [2016-11-16 237568]
R2 iSafeService;YAC Service; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [2016-08-19 131024]
R2 MCSvc;Microsoft Cache Service; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-11-11 922912]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-08-08 76888]
R2 ProductAgentService;ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [2016-10-28 1100392]
R2 Qovchgroserge;Qovchgroserge; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2013-01-09 376832]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2013-01-09 1259872]
R2 SentinelSecurityRuntime;Sentinel Security Runtime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2013-01-09 293216]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-05-02 7031056]
R2 UvConv;UvConv; C:\Users\Peter\AppData\Roaming\ibeib\UvConverter.exe [2016-11-15 393216]
R2 Windows;Windows; C:\Windows\svchost.exe [2016-11-18 177152]
R2 WinSAPSvc;WinSAPSvc; C:\Windows\SysWOW64\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 iThemes5;iThemes5; rundll32 C:\Program Files (x86)\Common Files\Services\iThemes.dll,fnde_svr []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-07 154440]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-25 1260320]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-10 270016]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-07 154440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-10-27 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-10-22 172488]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-20 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 306400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zavírený PC

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
PureHate44
Návštěvník
Návštěvník
Příspěvky: 158
Registrován: 28 čer 2011 17:49

Re: Zavírený PC

#3 Příspěvek od PureHate44 »

# AdwCleaner v6.030 - Logfile created 22/11/2016 at 19:30:52
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-21.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Peter - PETER-PC
# Running from : C:\Users\Peter\Downloads\adwcleaner_6.030 (1).exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: Archer
[-] Service deleted: ed2kidle
[-] Service deleted: UvConv


***** [ Folders ] *****

[#] Folder deleted on reboot: C:\Users\Peter\AppData\Roaming\Elex-tech
[-] Folder deleted: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
[-] Folder deleted: C:\ProgramData\ChelfNotify
[-] Folder deleted: C:\ProgramData\WinSAPSvc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ChelfNotify
[#] Folder deleted on reboot: C:\ProgramData\Application Data\WinSAPSvc
[#] Folder deleted on reboot: C:\Program Files (x86)\Elex-tech
[-] Folder deleted: C:\Program Files (x86)\WinArcher
[-] Folder deleted: C:\Program Files (x86)\UvConverter
[-] Folder deleted: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
[-] Folder deleted: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default\extensions\arthurj8283@gmail.com
[#] Folder deleted on reboot: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default\extensions\arthurj8283@gmail.com
[-] Folder deleted: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default\extensions\amcontextmenu@loucypher
[#] Folder deleted on reboot: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default\extensions\arthurj8283@gmail.com
[#] Folder deleted on reboot: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default\extensions\arthurj8283@gmail.com


***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] File deleted: C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
[-] File deleted: C:\Windows\SysNative\drivers\iSafeNetFilter.sys
[#] File deleted: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default\searchplugins\amisites.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 27.lnk
[-] Shortcut disinfected: C:\Users\Peter\Desktop\Start Tor Browser.lnk
[-] Shortcut disinfected: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
[-] Shortcut disinfected: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut disinfected: C:\Users\Peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk


***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnl
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlBoot
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlKit
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlMon
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlR3
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\iSafeNetFilter
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\iSafeService
[-] Key deleted: HKU\.DEFAULT\Software\jhdbca
[#] Key deleted on reboot: HKU\S-1-5-18\Software\jhdbca
[-] Key deleted: HKLM\SOFTWARE\Elex-tech
[-] Key deleted: HKLM\SOFTWARE\ScreenShot
[-] Key deleted: HKLM\SOFTWARE\jhdbca
[-] Key deleted: HKLM\SOFTWARE\WinArcher
[-] Key deleted: HKLM\SOFTWARE\amule-custom
[-] Key deleted: HKLM\SOFTWARE\amisitesSoftware
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Key deleted: [x64] HKLM\SOFTWARE\jhdbca
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
[#] Data restored on reboot: HKU\S-1-5-21-3097850436-798593565-2399696651-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[#] Data restored on reboot: HKU\S-1-5-21-3097850436-798593565-2399696651-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[#] Data restored on reboot: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[#] Data restored on reboot: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
[#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[#] Data restored on reboot: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[#] Data restored on reboot: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Key deleted: HKU\S-1-5-21-3097850436-798593565-2399696651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Data restored on reboot: HKU\S-1-5-21-3097850436-798593565-2399696651-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Data restored on reboot: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Data restored on reboot: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]


***** [ Web browsers ] *****

[-] [C:\Users\Peter\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: trotux
[-] [C:\Users\Peter\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: amisites
[-] [C:\Users\Peter\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Deleted: hxxp://www.amisites.com/searchfavicon.ico


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2700 Bytes] - [30/04/2016 13:06:27]
C:\AdwCleaner\AdwCleaner[C2].txt - [2283 Bytes] - [10/09/2016 19:20:06]
C:\AdwCleaner\AdwCleaner[C3].txt - [5437 Bytes] - [18/11/2016 21:08:58]
C:\AdwCleaner\AdwCleaner[C4].txt - [10019 Bytes] - [22/11/2016 19:30:52]
C:\AdwCleaner\AdwCleaner[R8].txt - [1322 Bytes] - [25/03/2015 21:30:17]
C:\AdwCleaner\AdwCleaner[R9].txt - [6767 Bytes] - [18/04/2015 12:57:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [2775 Bytes] - [30/04/2016 13:03:52]
C:\AdwCleaner\AdwCleaner[S3].txt - [2338 Bytes] - [10/09/2016 19:19:39]
C:\AdwCleaner\AdwCleaner[S4].txt - [5264 Bytes] - [18/11/2016 21:06:01]
C:\AdwCleaner\AdwCleaner[S5].txt - [13560 Bytes] - [22/11/2016 19:25:30]
C:\AdwCleaner\AdwCleaner[S6].txt - [13582 Bytes] - [22/11/2016 19:29:02]
C:\AdwCleaner\AdwCleaner[S7].txt - [1398 Bytes] - [25/03/2015 21:32:04]
C:\AdwCleaner\AdwCleaner[S8].txt - [2363 Bytes] - [18/04/2015 12:58:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [10752 Bytes] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zavírený PC

#4 Příspěvek od Rudy »

Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
PureHate44
Návštěvník
Návštěvník
Příspěvky: 158
Registrován: 28 čer 2011 17:49

Re: Zavírený PC

#5 Příspěvek od PureHate44 »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Peter at 2016-11-22 20:34:47
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 8 GB (4%) free of 200 GB
Total RAM: 4095 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:34:53, on 22. 11. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18525)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
C:\Users\Peter\AppData\Roaming\ICQ\bin\icq.exe
C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\SysWOW64\CTHELPER.EXE
C:\Program Files (x86)\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe
C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe
C:\Users\Peter\AppData\Local\MEGAsync\MEGAsync.exe
C:\Users\Peter\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
C:\Users\Peter\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files\trend micro\Peter.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [XChatSE] "C:\IRC\xchat.exe" --minimize=2
O4 - HKCU\..\Run: [icq.desktop] "C:\Users\Peter\AppData\Roaming\ICQ\bin\icq.exe" /startup
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [001d46a7] C:\Users\Peter\AppData\Local\Temp\world-super-ext.exe
O4 - HKCU\..\Run: [001dae8c] C:\Users\Peter\AppData\Local\Temp\world-super-ext.exe
O4 - Startup: Facebook Gameroom.lnk = Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe
O4 - Startup: MEGAsync.lnk = Peter\AppData\Local\MEGAsync\MEGAsync.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: YAC Service (iSafeService) - Elex do Brasil Participaçoes Ltda - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
O23 - Service: iThemes5 - Unknown owner - rundll32.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProductAgentService - Bitdefender - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows - Unknown owner - C:\Windows\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9713 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
"C:\Windows\system32\nvvsvc.exe"
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k netsvcs

c:\windows\system32\svchost.exe -k gpsvcgroup
rundll32 "C:\Program Files (x86)\Common Files\Services\iThemes.dll",fnde_svr
rundll32 "C:\Program Files (x86)\Common Files\Services\iThemes.dll",fnde_svr
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
c:\windows\system32\svchost.exe -k networkservice
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
c:\windows\system32\svchost.exe -k localservicenonetwork
taskeng.exe {884F6692-610E-4165-B2F4-64350D1433D7}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\windows\system32\svchost.exe -k utcsvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
C:\Windows\SysWOW64\svchost.exe -k LocalServiceir
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\Bitdefender Agent\ProductAgentService.exe"
C:\Windows\SysWOW64\svchost.exe -k Qovchgroserge
"C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe"
"C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"
"C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe"
c:\windows\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
c:\windows\system32\svchost.exe -k wersvcgroup
c:\windows\system32\svchost.exe -k secsvcs
C:\Windows\svchost.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
\??\C:\Windows\system32\conhost.exe "3791115901875781063974663765-193939349321215047216259426-8301958331226210740
"C:\Windows\csrss.exe" -l zcl.suprnova.cc:4042 -u kasyanoff.zcl -p 111
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
WLIDSvcM.exe 2984
"C:\IRC\xchat.exe" --minimize=2
"C:\Users\Peter\AppData\Roaming\ICQ\bin\icq.exe" /startup
"C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe"
"C:\Windows\System32\CTHELPER.EXE"
"C:\Program Files (x86)\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe" /r
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
"C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe" fbgames://windows_startup/
"C:\Users\Peter\AppData\Local\MEGAsync\MEGAsync.exe"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Users\Peter\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe"
CefSharp.BrowserSubprocess.exe --type=gpu-process --channel="3512.0.1548895197\1142776759" --no-sandbox --lang=en-US --log-file="C:\Users\Peter\AppData\Local\Facebook\Games\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 CanvasFrame/1.1.0.4 Safari/537.36 FacebookCanvasDesktop [FBAN/GamesWindowsDesktopApp; FBAV/1.1.0.4]" --supports-dual-gpus=false --gpu-driver-bug-workarounds=3,11,25,54,64 --gpu-vendor-id=0x10de --gpu-device-id=0x0a65 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3182 --lang=en-US --log-file="C:\Users\Peter\AppData\Local\Facebook\Games\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 CanvasFrame/1.1.0.4 Safari/537.36 FacebookCanvasDesktop [FBAN/GamesWindowsDesktopApp; FBAV/1.1.0.4]" /prefetch:2
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" "http://www.trotux.com/?z=22ae0d2a5db196 ... 11&type=hp"
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Program Files (x86)\Gunbean\Reports\Dump" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=54.0.2840.71 --handshake-handle=0x94
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=gpu-process --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,14,15,16,19,33,59,73 --gpu-vendor-id=0x10de --gpu-device-id=0x0a65 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3182 --gpu-driver-date=11-11-2013 --mojo-application-channel-token=DB65444B088B37D4DB9B20F4CB140693 --mojo-platform-channel-handle=1080 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=3471AB55C9C1185268D6C121A3334F21 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=3471AB55C9C1185268D6C121A3334F21 --channel="5288.2.1436168709\797053084" --mojo-platform-channel-handle=2396 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=365C0D5F5861237C96F4D5D62675BCCF --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=365C0D5F5861237C96F4D5D62675BCCF --channel="5288.3.2084752288\1772619953" --mojo-platform-channel-handle=2676 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=14D9D87338E3B91291C358748CC2AA70 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=14D9D87338E3B91291C358748CC2AA70 --channel="5288.8.1147324109\525338745" --mojo-platform-channel-handle=4384 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=ppapi --ppapi-flash-args --lang=sk --device-scale-factor=1 --mojo-application-channel-token=BDA4528539ACDD29B7EB7E638D6E7E40 --mojo-platform-channel-handle=4052 --ignored=" --type=renderer " /prefetch:3
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=E8FC9645F089617079375E0206D95292 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=E8FC9645F089617079375E0206D95292 --channel="5288.11.1496676932\2125239133" --mojo-platform-channel-handle=5280 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=03351BE75ABC5F39CCA4717296B21322 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=03351BE75ABC5F39CCA4717296B21322 --channel="5288.12.484163996\639636357" --mojo-platform-channel-handle=4712 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=FD23C79404F2130E1E7C8EBF6F335745 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=FD23C79404F2130E1E7C8EBF6F335745 --channel="5288.13.1157137216\524164384" --mojo-platform-channel-handle=3868 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=C7BEDF26F48A3FD24F8CA479EADBBE75 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=C7BEDF26F48A3FD24F8CA479EADBBE75 --channel="5288.18.128207683\909275814" --mojo-platform-channel-handle=5832 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=4FFE8CFCF6EC8787C4C184BF83251604 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=4FFE8CFCF6EC8787C4C184BF83251604 --channel="5288.19.945144411\1342516652" --mojo-platform-channel-handle=5784 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=5D8B48D256D975035B21B5B685AFFC50 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=5D8B48D256D975035B21B5B685AFFC50 --channel="5288.20.1205229522\1298218992" --mojo-platform-channel-handle=3872 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=791022D015B17BF579B32F4127C6E56B --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=791022D015B17BF579B32F4127C6E56B --channel="5288.21.1646407079\1340269791" --mojo-platform-channel-handle=1908 /prefetch:1
"C:\Users\Peter\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\UCBrowserUpdater.job - C:\Program Files (x86)\UCBrowser\Application\update_task.exe /update

=========Mozilla firefox=========

ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.luckysearch123.com?type=hp&t ... 3ocbazegcc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@unity3d.com/UnityPlayer64,version=1.0]
"Description"=Unity Player 4.6.6f2
"Path"=C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
KavAntiBanner@kaspersky.ru_bak
linkfilter@kaspersky.ru_bak

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll

C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default\searchplugins\
amisites.xml
luck.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-04 461888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-04 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"=REGSVR32 /S CTASIO.DLL []
"AsioThk32Reg"=C:\Windows\SYSWOW64\REGSVR32.EXE [2009-07-14 14848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"XChatSE"=C:\IRC\xchat.exe [2015-09-12 320512]
"icq.desktop"=C:\Users\Peter\AppData\Roaming\ICQ\bin\icq.exe [2016-11-18 26344584]
"uTorrent"=C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe [2016-04-06 4888064]
"001d46a7"=C:\Users\Peter\AppData\Local\Temp\world-super-ext.exe []
"001dae8c"=C:\Users\Peter\AppData\Local\Temp\world-super-ext.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21 1156824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17RunE]
RunDll32 P17RunE.dll,RunDLLEntry []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2013-04-12 80480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
C:\PROGRA~1\RAINME~1\RAINME~1.EXE [2013-10-29 36536]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"=REGSVR32 /S CTASIO.DLL []
"CTHelper"=CTHELPER.EXE []
"CTSysVol"=C:\Program Files (x86)\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Gameroom.lnk - C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe
MEGAsync.lnk - C:\Users\Peter\AppData\Local\MEGAsync\MEGAsync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5EBD559E-A5BA-11E6-B9FD-64006A5CFC23}"=C:\Users\Peter\AppData\Roaming\Phucusy\Pipothzo.dll [2016-11-18 146944]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Ace Translator\AceTrans.exe"="C:\Program Files (x86)\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files (x86)\Ace Translator\AceTrans.exe"="C:\Program Files (x86)\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux1"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"vidc.pDAD"=prodad-codec.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2016-11-22 19:34:14 ----A---- C:\Windows\system32\drivers\iSafeNetFilter.sys
2016-11-22 16:23:45 ----D---- C:\Windows\system32\log
2016-11-22 16:23:43 ----D---- C:\Users\Peter\AppData\Roaming\Elex-tech
2016-11-22 16:23:43 ----D---- C:\Program Files (x86)\Elex-tech
2016-11-22 16:22:23 ----D---- C:\ProgramData\PreEmptive Solutions
2016-11-22 16:22:17 ----D---- C:\Program Files (x86)\Gunbean
2016-11-22 12:04:06 ----D---- C:\Users\Peter\AppData\Roaming\ibeib
2016-11-22 12:03:39 ----D---- C:\Users\Peter\AppData\Roaming\aMule
2016-11-22 12:03:39 ----D---- C:\Program Files (x86)\amuleC1
2016-11-22 11:53:06 ----D---- C:\Program Files (x86)\o3zf4ykj
2016-11-19 11:16:06 ----D---- C:\Program Files (x86)\bbj0vu03
2016-11-19 11:08:23 ----D---- C:\Program Files (x86)\SafeNet Sentinel
2016-11-19 11:05:26 ----AD---- C:\ADCDA2
2016-11-18 20:46:10 ----D---- C:\Program Files (x86)\UCBrowser
2016-11-18 20:42:56 ----D---- C:\ProgramData\Avira
2016-11-18 20:42:56 ----D---- C:\ProgramData\Avg
2016-11-18 20:41:44 ----D---- C:\Windows\Azart
2016-11-18 20:41:44 ----A---- C:\Windows\svchost.exe
2016-11-18 20:41:41 ----A---- C:\Windows\csrss.exe
2016-11-18 20:41:40 ----D---- C:\Users\Peter\AppData\Roaming\Phucusy
2016-11-18 20:41:26 ----D---- C:\Users\Peter\AppData\Roaming\Profiles
2016-11-18 20:41:25 ----A---- C:\Windows\taskmgr.exe
2016-11-18 20:41:20 ----D---- C:\Program Files (x86)\Gijqwiy
2016-11-18 19:00:02 ----D---- C:\Program Files (x86)\nodongle.biz
2016-11-18 18:59:32 ----A---- C:\Windows\system32\drivers\sentinel64.sys
2016-11-18 18:59:17 ----D---- C:\ProgramData\SafeNet Sentinel
2016-11-09 10:42:42 ----A---- C:\Windows\system32\mshtml.dll
2016-11-09 10:42:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-11-09 10:42:37 ----A---- C:\Windows\system32\ieframe.dll
2016-11-09 10:42:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-11-09 10:42:32 ----A---- C:\Windows\system32\jscript9.dll
2016-11-09 10:42:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-11-09 10:42:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-11-09 10:42:29 ----A---- C:\Windows\system32\wininet.dll
2016-11-09 10:42:28 ----A---- C:\Windows\system32\win32k.sys
2016-11-09 10:42:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-11-09 10:42:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-11-09 10:42:26 ----A---- C:\Windows\system32\iertutil.dll
2016-11-09 10:42:25 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-11-09 10:42:25 ----A---- C:\Windows\system32\urlmon.dll
2016-11-09 10:42:24 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2016-11-09 10:42:24 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-11-09 10:42:24 ----A---- C:\Windows\system32\UIAnimation.dll
2016-11-09 10:42:24 ----A---- C:\Windows\system32\ntdll.dll
2016-11-09 10:42:24 ----A---- C:\Windows\system32\MSVidCtl.dll
2016-11-09 10:42:24 ----A---- C:\Windows\system32\lsasrv.dll
2016-11-09 10:42:23 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-11-09 10:42:22 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-11-09 10:42:22 ----A---- C:\Windows\SYSWOW64\MSVidCtl.dll
2016-11-09 10:42:22 ----A---- C:\Windows\system32\msv1_0.dll
2016-11-09 10:42:21 ----A---- C:\Windows\system32\win32spl.dll
2016-11-09 10:42:21 ----A---- C:\Windows\system32\clfs.sys
2016-11-09 10:42:20 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-11-09 10:42:20 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-11-09 10:42:20 ----A---- C:\Windows\system32\atmfd.dll
2016-11-09 10:42:19 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-11-09 10:42:18 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2016-11-09 10:42:18 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2016-11-09 10:42:18 ----A---- C:\Windows\system32\msfeeds.dll
2016-11-09 10:42:18 ----A---- C:\Windows\system32\inetcomm.dll
2016-11-09 10:42:18 ----A---- C:\Windows\system32\IMJP10K.DLL
2016-11-09 10:42:18 ----A---- C:\Windows\system32\ie4uinit.exe
2016-11-09 10:42:17 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-11-09 10:42:17 ----A---- C:\Windows\system32\msctf.dll
2016-11-09 10:42:16 ----A---- C:\Windows\system32\iedkcs32.dll
2016-11-09 10:42:16 ----A---- C:\Windows\system32\drivers\bowser.sys
2016-11-09 10:42:15 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-11-09 10:42:15 ----A---- C:\Windows\system32\UtcResources.dll
2016-11-09 10:42:15 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 10:42:14 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-11-09 10:42:14 ----A---- C:\Windows\SYSWOW64\input.dll
2016-11-09 10:42:14 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2016-11-09 10:42:14 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2016-11-09 10:42:14 ----A---- C:\Windows\system32\oleaut32.dll
2016-11-09 10:42:14 ----A---- C:\Windows\system32\input.dll
2016-11-09 10:42:14 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-11-09 10:42:14 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-11-09 10:42:14 ----A---- C:\Windows\system32\asycfilt.dll
2016-11-09 10:42:13 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2016-11-09 10:42:13 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-11-09 10:42:13 ----A---- C:\Windows\SYSWOW64\msctf.dll
2016-11-09 10:42:13 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\webcheck.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\msrating.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\mshtmled.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\dxtrans.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\dxtmsft.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\certcli.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\INETRES.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\vbscript.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\rpcrt4.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\occache.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\jsproxy.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\jscript9diag.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\jscript.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\inseng.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\INETRES.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\ieUnatt.exe
2016-11-09 10:42:11 ----A---- C:\Windows\system32\ieui.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\iesetup.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\iernonce.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\lpk.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\wow64win.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\wow64cpu.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\wow64.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\winsrv.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\wdigest.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\TSpkg.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\sspisrv.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\sspicli.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\srcore.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\srclient.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\smss.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\schannel.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\secur32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\rstrui.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\rpchttp.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\ntvdm64.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\ncrypt.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\lsass.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\lpk.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\KernelBase.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\kernel32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\kerberos.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\ieapfltr.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\fontsub.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-11-09 10:42:10 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-11-09 10:42:10 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-11-09 10:42:10 ----A---- C:\Windows\system32\drivers\appid.sys
2016-11-09 10:42:10 ----A---- C:\Windows\system32\dciman32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\csrsrv.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\cryptbase.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\credssp.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\conhost.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\auditpol.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\atmlib.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\appidsvc.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\appidapi.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\advapi32.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\user.exe
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\tzres.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\msobjs.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\msaudite.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 10:42:09 ----A---- C:\Windows\system32\apisetschema.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\adtschema.dll
2016-11-09 10:41:36 ----A---- C:\Windows\system32\diagtrack.dll

======List of files/folders modified in the last 1 month======

2016-11-22 20:34:48 ----D---- C:\Program Files\trend micro
2016-11-22 20:34:47 ----D---- C:\Users\Peter\AppData\Roaming\uTorrent
2016-11-22 20:34:40 ----D---- C:\Windows\Temp
2016-11-22 20:22:13 ----D---- C:\Program Files\Bitdefender Agent
2016-11-22 19:50:37 ----D---- C:\Windows\system32\config
2016-11-22 19:46:31 ----D---- C:\Users\Peter\AppData\Roaming\ICQ
2016-11-22 19:34:14 ----D---- C:\Windows\system32\drivers
2016-11-22 19:33:47 ----D---- C:\Windows\SysWOW64
2016-11-22 19:33:21 ----D---- C:\Windows
2016-11-22 19:30:52 ----D---- C:\AdwCleaner
2016-11-22 19:30:32 ----D---- C:\Windows\system32\Tasks
2016-11-22 19:30:27 ----RD---- C:\Program Files (x86)
2016-11-22 19:29:20 ----D---- C:\ProgramData
2016-11-22 16:23:45 ----D---- C:\Windows\System32
2016-11-22 12:04:23 ----SHD---- C:\Windows\Installer
2016-11-22 12:04:22 ----D---- C:\Config.Msi
2016-11-22 12:00:30 ----SHD---- C:\System Volume Information
2016-11-21 04:01:50 ----D---- C:\Windows\inf
2016-11-20 16:29:28 ----D---- C:\Users\Peter\AppData\Roaming\TeamViewer
2016-11-19 15:19:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-11-19 11:39:44 ----D---- C:\Windows\system32\DriverStore
2016-11-19 11:08:33 ----D---- C:\Windows\system32\catroot
2016-11-19 11:08:23 ----D---- C:\Program Files (x86)\Common Files
2016-11-18 21:08:42 ----D---- C:\Windows\Tasks
2016-11-18 20:42:56 ----D---- C:\ProgramData\AVAST Software
2016-11-18 20:42:56 ----D---- C:\Program Files (x86)\TuneUp Utilities 2012
2016-11-18 20:42:56 ----D---- C:\Program Files (x86)\DivX
2016-11-18 20:42:56 ----D---- C:\Program Files (x86)\CrystalDiskInfo
2016-11-18 20:42:27 ----RD---- C:\Program Files (x86)\Skype
2016-11-18 20:42:27 ----HD---- C:\Program Files (x86)\Uninstall Information
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\ZbrojniPrukaz
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Zbani
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\YoWindow
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\xchat
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Winter Sports 2012
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Sidebar
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Portable Devices
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows NT
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Media Player
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Mail
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Live
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Defender
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Winamp
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\VirtualDJ
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\VideoLAN
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Valve
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\uTorrent
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\TuneUp Utilities 2013
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\trend micro
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\TNod User & Password Finder
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\THQ
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\TeamViewer
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\SpeedVID
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Simple Shutdown Timer
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\SimBin
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Shock Utility
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Seznam.cz
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Reference Assemblies
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Rebellion
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Real
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\RailWorks
2016-11-18 20:42:26 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-11-18 20:42:26 ----HD---- C:\Program Files (x86)\Creative Installation Information
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\RailSimulator.com
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\PC Tools Security
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Origin
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Oracle
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\OpenAL
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\NSIS Uninstall Information
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\NewBlue
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Nero
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\NAMCO BANDAI Games
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\N3V Games
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\MSXML 4.0
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\MSBuild
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft WSE
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Works
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Office
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Maxthon
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Marvell
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Ladicka
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Kalypso Media
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\JDownloader
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Java
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\IObit
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Internet Explorer
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Intel
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Cheat Engine 6.5.1
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Cheat Engine 6.5
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Cheat Engine 6.4
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Cheat Engine 6.2
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Charles
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Guitar Pro 5
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Google
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\GoldWave
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\GameSpy Arcade
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Game Booster Premium 2.0 Retail
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Full Tilt Poker
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\FlatOut 3
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\FileHippo.com
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Fiddler2
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Exact Audio Copy
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Electronic Arts
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\EA GAMES
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\DsNET Corp
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Disney Interactive Studios
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Deep Silver
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\CyberLink
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Crystal Software
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Creative
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Crash Time 4 - The Syndicate
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Counter-Strike 1.6
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Codemasters
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Bonjour
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\BandiMPEG1
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Bandicam
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Audio Editor Gold
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Atari
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Ahead
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Aerosoft
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Adobe
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Activision
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\ACD Systems
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Ableton
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\8BallRuler
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\1C Company
2016-11-18 20:41:48 ----D---- C:\Windows\Prefetch
2016-11-16 14:14:45 ----D---- C:\Users\Peter\AppData\Roaming\Skype
2016-11-14 14:59:53 ----D---- C:\ProgramData\Skype
2016-11-11 04:17:48 ----D---- C:\Windows\winsxs
2016-11-10 20:26:45 ----D---- C:\Program Files\Internet Explorer
2016-11-10 20:26:44 ----D---- C:\Windows\SYSWOW64\sk-SK
2016-11-10 20:26:44 ----D---- C:\Windows\SYSWOW64\migration
2016-11-10 20:26:43 ----D---- C:\Windows\SYSWOW64\en-US
2016-11-10 20:26:41 ----D---- C:\Windows\system32\sk-SK
2016-11-10 20:26:41 ----D---- C:\Windows\system32\migration
2016-11-10 20:26:39 ----D---- C:\Windows\system32\en-US
2016-11-10 20:26:36 ----D---- C:\Windows\AppPatch
2016-11-10 20:26:35 ----D---- C:\Windows\system32\Boot
2016-11-10 04:41:27 ----D---- C:\Windows\system32\MRT
2016-11-10 04:30:00 ----AC---- C:\Windows\system32\MRT.exe
2016-11-10 04:28:32 ----D---- C:\ProgramData\Microsoft Help
2016-11-10 04:18:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-11-10 04:18:34 ----D---- C:\Windows\system32\Macromed
2016-11-10 04:18:32 ----D---- C:\Windows\SYSWOW64\Macromed
2016-11-09 10:33:18 ----D---- C:\Windows\system32\catroot2
2016-10-30 18:25:15 ----D---- C:\Windows\Microsoft.NET
2016-10-29 14:54:09 ----D---- C:\Program Files\CCleaner
2016-10-26 16:29:06 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 audas0;%audas0.SvcDescr%; C:\Windows\system32\DRIVERS\audas0.sys [2016-11-19 1191040]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2014-12-25 26528]
R1 iSafeKrnl;YAC Mini-Filter Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [2016-05-23 262344]
R1 iSafeKrnlKit;YAC Kit Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [2016-05-23 110112]
R1 iSafeKrnlMon;YAC Monitor Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [2016-05-23 52440]
R1 iSafeKrnlR3;YAC Ring3 Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [2016-05-23 103904]
R1 iSafeNetFilter;YAC NDIS Driver; C:\Windows\system32\DRIVERS\iSafeNetFilter.sys [2016-05-19 52392]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-02-02 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-02-02 43680]
R2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-05-14 196384]
R3 P17;SB Live! 24-bit; C:\Windows\system32\drivers\P17.sys [2007-12-06 1276928]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-05-14 33008]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [2005-08-03 151552]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2005-08-03 573952]
S3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2005-08-03 738560]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [2005-08-03 695808]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [2005-08-03 208896]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [2005-08-03 316928]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [2005-08-03 169472]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [2005-08-03 356864]
S3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2005-08-03 9728]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [2005-08-03 676864]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2005-08-03 284160]
S3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2005-08-03 130048]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\Windows\system32\drivers\ha10kx2k.sys [2005-08-03 1300480]
S3 iSafeKrnlBoot;YAC Boot Driver; C:\Windows\system32\DRIVERS\iSafeKrnlBoot.sys []
S3 kxwdmdrv;kX WDM Driver Service; C:\Windows\system32\drivers\kx.sys []
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2005-08-03 205824]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2014-02-15 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2014-02-15 57856]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 iSafeService;YAC Service; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [2016-08-19 131024]
R2 MCSvc;Microsoft Cache Service; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-11-11 922912]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-08-08 76888]
R2 ProductAgentService;ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [2016-10-28 1100392]
R2 Qovchgroserge;Qovchgroserge; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2013-01-09 376832]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2013-01-09 1259872]
R2 SentinelSecurityRuntime;Sentinel Security Runtime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2013-01-09 293216]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-05-02 7031056]
R2 Windows;Windows; C:\Windows\svchost.exe [2016-11-18 177152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 iThemes5;iThemes5; rundll32 C:\Program Files (x86)\Common Files\Services\iThemes.dll,fnde_svr []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-07 154440]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-25 1260320]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-10 270016]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-07 154440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-10-27 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-10-22 172488]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-20 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 306400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zavírený PC

#6 Příspěvek od Rudy »

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Users\Peter\AppData\Local\Temp\world-super-ext.exe
C:\Users\Peter\AppData\Roaming\Phucusy
C:\Program Files (x86)\amuleC1
C:\Program Files (x86)\o3zf4ykj
C:\Program Files (x86)\bbj0vu03
C:\Windows\Azart
C:\Windows\svchost.exe
C:\Windows\csrss.exe
C:\Program Files (x86)\Gijqwiy
C:\Program Files (x86)\YoWindow

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"001d46a7"=-
"001dae8c"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5EBD559E-A5BA-11E6-B9FD-64006A5CFC23}"=-
C:\Program Files (x86)\UCBrowser

:services
Qovchgroserge

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
PureHate44
Návštěvník
Návštěvník
Příspěvky: 158
Registrován: 28 čer 2011 17:49

Re: Zavírený PC

#7 Příspěvek od PureHate44 »

Program prestáva pracovať.
pre istotu posielam screenshot obrazovky plus znova nový log RSIT
Obrázek


Nový log z rsit:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Peter at 2016-11-23 17:08:51
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 70 GB (35%) free of 200 GB
Total RAM: 4095 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:08:54, on 23. 11. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18525)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
C:\Users\Peter\Downloads\OTM (1).exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files (x86)\Gunbean\Application\chrome.exe
C:\Program Files\trend micro\Peter.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [XChatSE] "C:\IRC\xchat.exe" --minimize=2
O4 - HKCU\..\Run: [icq.desktop] "C:\Users\Peter\AppData\Roaming\ICQ\bin\icq.exe" /startup
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe"
O4 - Startup: Facebook Gameroom.lnk = Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe
O4 - Startup: MEGAsync.lnk = Peter\AppData\Local\MEGAsync\MEGAsync.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: YAC Service (iSafeService) - Elex do Brasil Participaçoes Ltda - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
O23 - Service: iThemes5 - Unknown owner - rundll32.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProductAgentService - Bitdefender - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows - Unknown owner - C:\Windows\svchost.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8957 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
"C:\Windows\system32\nvvsvc.exe"
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k gpsvcgroup
rundll32 "C:\Program Files (x86)\Common Files\Services\iThemes.dll",fnde_svr
rundll32 "C:\Program Files (x86)\Common Files\Services\iThemes.dll",fnde_svr
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
c:\windows\system32\svchost.exe -k networkservice
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe"
taskeng.exe {5C186CB1-52B6-4C74-8292-FAA508EB56B4}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
c:\windows\system32\svchost.exe -k localservicenonetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\windows\system32\svchost.exe -k utcsvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
C:\Windows\SysWOW64\svchost.exe -k LocalServiceir
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\Bitdefender Agent\ProductAgentService.exe"
"C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe"
"C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"
"C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe"
c:\windows\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
c:\windows\system32\svchost.exe -k wersvcgroup
c:\windows\system32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\IRC\xchat.exe" --minimize=2
WLIDSvcM.exe 2056
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Peter\Downloads\OTM (1).exe"
"C:\Program Files (x86)\Gunbean\Application\chrome.exe"
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Program Files (x86)\Gunbean\Reports\Dump" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=54.0.2840.71 --handshake-handle=0x94
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=gpu-process --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,14,15,16,19,33,59,73 --gpu-vendor-id=0x10de --gpu-device-id=0x0a65 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3182 --gpu-driver-date=11-11-2013 --mojo-application-channel-token=3EE8AC725A90F3266AC0CF9BC1B08B1E --mojo-platform-channel-handle=1084 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=B89975EA7B7AAE46BCC67D7034BE6670 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=B89975EA7B7AAE46BCC67D7034BE6670 --channel="1540.2.1198100899\1158829930" --mojo-platform-channel-handle=2024 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=2BD3D4DA333C393092CF6B8CDDD85378 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=2BD3D4DA333C393092CF6B8CDDD85378 --channel="1540.3.1049227588\1518314394" --mojo-platform-channel-handle=2204 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=F6F8D22B9A3A0F7C36E1C98BBF760884 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=F6F8D22B9A3A0F7C36E1C98BBF760884 --channel="1540.4.716334554\402335819" --mojo-platform-channel-handle=2736 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=ppapi --ppapi-flash-args --lang=sk --device-scale-factor=1 --mojo-application-channel-token=85AAF60B56CDCF371E4D338A91F44810 --mojo-platform-channel-handle=2552 --ignored=" --type=renderer " /prefetch:3
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=627FC091E574199C5C974B22E97136AC --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=627FC091E574199C5C974B22E97136AC --channel="1540.9.831584765\650675178" --mojo-platform-channel-handle=5744 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=92C11163FD02D1F0FC2DDE003613D3B7 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=92C11163FD02D1F0FC2DDE003613D3B7 --channel="1540.12.215943782\986585304" --mojo-platform-channel-handle=6252 /prefetch:1
taskeng.exe {F635F145-F1BA-40A5-B508-FDE8D77E63CF}
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=062B85FC40139675B2EFD4954A0D91BC --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=062B85FC40139675B2EFD4954A0D91BC --channel="1540.15.1635763604\710707638" --mojo-platform-channel-handle=3864 /prefetch:1
"C:\Program Files (x86)\Gunbean\Application\chrome.exe" --type=renderer --enable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/InReportingSample/ --primordial-pipe-token=019D69B10DE28A99B86F20D38B9243B3 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=019D69B10DE28A99B86F20D38B9243B3 --channel="1540.16.1916222990\1232409693" --mojo-platform-channel-handle=4700 /prefetch:1
"C:\Users\Peter\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\UCBrowserUpdater.job - C:\Program Files (x86)\UCBrowser\Application\update_task.exe /update

=========Mozilla firefox=========

ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.luckysearch123.com?type=hp&t ... 3ocbazegcc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@unity3d.com/UnityPlayer64,version=1.0]
"Description"=Unity Player 4.6.6f2
"Path"=C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
KavAntiBanner@kaspersky.ru_bak
linkfilter@kaspersky.ru_bak

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll

C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default\searchplugins\
amisites.xml
luck.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-04 461888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-04 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"=REGSVR32 /S CTASIO.DLL []
"AsioThk32Reg"=C:\Windows\SYSWOW64\REGSVR32.EXE [2009-07-14 14848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"XChatSE"=C:\IRC\xchat.exe [2015-09-12 320512]
"icq.desktop"=C:\Users\Peter\AppData\Roaming\ICQ\bin\icq.exe [2016-11-22 26346632]
"uTorrent"=C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe [2016-04-06 4888064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21 1156824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17RunE]
RunDll32 P17RunE.dll,RunDLLEntry []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2013-04-12 80480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
C:\PROGRA~1\RAINME~1\RAINME~1.EXE [2013-10-29 36536]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"=REGSVR32 /S CTASIO.DLL []
"CTHelper"=CTHELPER.EXE []
"CTSysVol"=C:\Program Files (x86)\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Gameroom.lnk - C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe
MEGAsync.lnk - C:\Users\Peter\AppData\Local\MEGAsync\MEGAsync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5EBD559E-A5BA-11E6-B9FD-64006A5CFC23}"=C:\Users\Peter\AppData\Roaming\Phucusy\Pipothzo.dll []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Ace Translator\AceTrans.exe"="C:\Program Files (x86)\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files (x86)\Ace Translator\AceTrans.exe"="C:\Program Files (x86)\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux1"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"vidc.pDAD"=prodad-codec.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2016-11-22 19:34:14 ----A---- C:\Windows\system32\drivers\iSafeNetFilter.sys
2016-11-22 16:23:45 ----D---- C:\Windows\system32\log
2016-11-22 16:23:43 ----D---- C:\Users\Peter\AppData\Roaming\Elex-tech
2016-11-22 16:23:43 ----D---- C:\Program Files (x86)\Elex-tech
2016-11-22 16:22:23 ----D---- C:\ProgramData\PreEmptive Solutions
2016-11-22 16:22:17 ----D---- C:\Program Files (x86)\Gunbean
2016-11-22 12:04:06 ----D---- C:\Users\Peter\AppData\Roaming\ibeib
2016-11-22 12:03:39 ----D---- C:\Users\Peter\AppData\Roaming\aMule
2016-11-19 11:08:23 ----D---- C:\Program Files (x86)\SafeNet Sentinel
2016-11-19 11:05:26 ----AD---- C:\ADCDA2
2016-11-18 20:46:10 ----D---- C:\Program Files (x86)\UCBrowser
2016-11-18 20:42:56 ----D---- C:\ProgramData\Avira
2016-11-18 20:42:56 ----D---- C:\ProgramData\Avg
2016-11-18 20:41:26 ----D---- C:\Users\Peter\AppData\Roaming\Profiles
2016-11-18 20:41:25 ----A---- C:\Windows\taskmgr.exe
2016-11-18 19:00:02 ----D---- C:\Program Files (x86)\nodongle.biz
2016-11-18 18:59:32 ----A---- C:\Windows\system32\drivers\sentinel64.sys
2016-11-18 18:59:17 ----D---- C:\ProgramData\SafeNet Sentinel
2016-11-09 10:42:42 ----A---- C:\Windows\system32\mshtml.dll
2016-11-09 10:42:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-11-09 10:42:37 ----A---- C:\Windows\system32\ieframe.dll
2016-11-09 10:42:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-11-09 10:42:32 ----A---- C:\Windows\system32\jscript9.dll
2016-11-09 10:42:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-11-09 10:42:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-11-09 10:42:29 ----A---- C:\Windows\system32\wininet.dll
2016-11-09 10:42:28 ----A---- C:\Windows\system32\win32k.sys
2016-11-09 10:42:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-11-09 10:42:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-11-09 10:42:26 ----A---- C:\Windows\system32\iertutil.dll
2016-11-09 10:42:25 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-11-09 10:42:25 ----A---- C:\Windows\system32\urlmon.dll
2016-11-09 10:42:24 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2016-11-09 10:42:24 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-11-09 10:42:24 ----A---- C:\Windows\system32\UIAnimation.dll
2016-11-09 10:42:24 ----A---- C:\Windows\system32\ntdll.dll
2016-11-09 10:42:24 ----A---- C:\Windows\system32\MSVidCtl.dll
2016-11-09 10:42:24 ----A---- C:\Windows\system32\lsasrv.dll
2016-11-09 10:42:23 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-11-09 10:42:22 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-11-09 10:42:22 ----A---- C:\Windows\SYSWOW64\MSVidCtl.dll
2016-11-09 10:42:22 ----A---- C:\Windows\system32\msv1_0.dll
2016-11-09 10:42:21 ----A---- C:\Windows\system32\win32spl.dll
2016-11-09 10:42:21 ----A---- C:\Windows\system32\clfs.sys
2016-11-09 10:42:20 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-11-09 10:42:20 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-11-09 10:42:20 ----A---- C:\Windows\system32\atmfd.dll
2016-11-09 10:42:19 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-11-09 10:42:18 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2016-11-09 10:42:18 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2016-11-09 10:42:18 ----A---- C:\Windows\system32\msfeeds.dll
2016-11-09 10:42:18 ----A---- C:\Windows\system32\inetcomm.dll
2016-11-09 10:42:18 ----A---- C:\Windows\system32\IMJP10K.DLL
2016-11-09 10:42:18 ----A---- C:\Windows\system32\ie4uinit.exe
2016-11-09 10:42:17 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-11-09 10:42:17 ----A---- C:\Windows\system32\msctf.dll
2016-11-09 10:42:16 ----A---- C:\Windows\system32\iedkcs32.dll
2016-11-09 10:42:16 ----A---- C:\Windows\system32\drivers\bowser.sys
2016-11-09 10:42:15 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-11-09 10:42:15 ----A---- C:\Windows\system32\UtcResources.dll
2016-11-09 10:42:15 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 10:42:14 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-11-09 10:42:14 ----A---- C:\Windows\SYSWOW64\input.dll
2016-11-09 10:42:14 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2016-11-09 10:42:14 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2016-11-09 10:42:14 ----A---- C:\Windows\system32\oleaut32.dll
2016-11-09 10:42:14 ----A---- C:\Windows\system32\input.dll
2016-11-09 10:42:14 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-11-09 10:42:14 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-11-09 10:42:14 ----A---- C:\Windows\system32\asycfilt.dll
2016-11-09 10:42:13 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2016-11-09 10:42:13 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-11-09 10:42:13 ----A---- C:\Windows\SYSWOW64\msctf.dll
2016-11-09 10:42:13 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-11-09 10:42:12 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\webcheck.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\msrating.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\mshtmled.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\dxtrans.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\dxtmsft.dll
2016-11-09 10:42:12 ----A---- C:\Windows\system32\certcli.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\INETRES.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-11-09 10:42:11 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\vbscript.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\rpcrt4.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\occache.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\jsproxy.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\jscript9diag.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\jscript.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\inseng.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\INETRES.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\ieUnatt.exe
2016-11-09 10:42:11 ----A---- C:\Windows\system32\ieui.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\iesetup.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\iernonce.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-11-09 10:42:11 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\lpk.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-11-09 10:42:10 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\wow64win.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\wow64cpu.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\wow64.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\winsrv.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\wdigest.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\TSpkg.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\sspisrv.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\sspicli.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\srcore.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\srclient.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\smss.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\schannel.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\secur32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\rstrui.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\rpchttp.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\ntvdm64.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\ncrypt.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\lsass.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\lpk.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\KernelBase.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\kernel32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\kerberos.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\ieapfltr.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\fontsub.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-11-09 10:42:10 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-11-09 10:42:10 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-11-09 10:42:10 ----A---- C:\Windows\system32\drivers\appid.sys
2016-11-09 10:42:10 ----A---- C:\Windows\system32\dciman32.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\csrsrv.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\cryptbase.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\credssp.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\conhost.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\auditpol.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\atmlib.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\appidsvc.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 10:42:10 ----A---- C:\Windows\system32\appidapi.dll
2016-11-09 10:42:10 ----A---- C:\Windows\system32\advapi32.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 10:42:09 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\user.exe
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-11-09 10:42:09 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\tzres.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\msobjs.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\msaudite.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 10:42:09 ----A---- C:\Windows\system32\apisetschema.dll
2016-11-09 10:42:09 ----A---- C:\Windows\system32\adtschema.dll
2016-11-09 10:41:36 ----A---- C:\Windows\system32\diagtrack.dll

======List of files/folders modified in the last 1 month======

2016-11-23 17:08:52 ----D---- C:\Program Files\trend micro
2016-11-23 17:08:09 ----D---- C:\Windows\Temp
2016-11-23 16:54:17 ----D---- C:\Users\Peter\AppData\Roaming\uTorrent
2016-11-23 16:44:30 ----D---- C:\Program Files\Bitdefender Agent
2016-11-23 15:16:43 ----D---- C:\Windows\Prefetch
2016-11-23 14:44:29 ----D---- C:\Windows\Minidump
2016-11-23 14:42:18 ----SHD---- C:\System Volume Information
2016-11-23 14:41:05 ----D---- C:\Windows
2016-11-23 14:35:17 ----D---- C:\Windows\SysWOW64
2016-11-23 12:07:15 ----D---- C:\Windows\system32\config
2016-11-23 05:46:23 ----RD---- C:\Program Files (x86)
2016-11-22 19:46:31 ----D---- C:\Users\Peter\AppData\Roaming\ICQ
2016-11-22 19:34:14 ----D---- C:\Windows\system32\drivers
2016-11-22 19:30:52 ----D---- C:\AdwCleaner
2016-11-22 19:30:32 ----D---- C:\Windows\system32\Tasks
2016-11-22 19:29:20 ----D---- C:\ProgramData
2016-11-22 16:23:45 ----D---- C:\Windows\System32
2016-11-22 12:04:23 ----SHD---- C:\Windows\Installer
2016-11-22 12:04:22 ----D---- C:\Config.Msi
2016-11-21 04:01:50 ----D---- C:\Windows\inf
2016-11-20 16:29:28 ----D---- C:\Users\Peter\AppData\Roaming\TeamViewer
2016-11-19 15:19:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-11-19 11:39:44 ----D---- C:\Windows\system32\DriverStore
2016-11-19 11:08:33 ----D---- C:\Windows\system32\catroot
2016-11-19 11:08:23 ----D---- C:\Program Files (x86)\Common Files
2016-11-18 21:08:42 ----D---- C:\Windows\Tasks
2016-11-18 20:42:56 ----D---- C:\ProgramData\AVAST Software
2016-11-18 20:42:56 ----D---- C:\Program Files (x86)\TuneUp Utilities 2012
2016-11-18 20:42:56 ----D---- C:\Program Files (x86)\DivX
2016-11-18 20:42:56 ----D---- C:\Program Files (x86)\CrystalDiskInfo
2016-11-18 20:42:27 ----RD---- C:\Program Files (x86)\Skype
2016-11-18 20:42:27 ----HD---- C:\Program Files (x86)\Uninstall Information
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\ZbrojniPrukaz
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Zbani
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\xchat
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Winter Sports 2012
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Sidebar
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Portable Devices
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows NT
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Media Player
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Mail
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Live
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Windows Defender
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Winamp
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\VirtualDJ
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\VideoLAN
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Valve
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\uTorrent
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\TuneUp Utilities 2013
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\trend micro
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\TNod User & Password Finder
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\THQ
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\TeamViewer
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\SpeedVID
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Simple Shutdown Timer
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\SimBin
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Shock Utility
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Seznam.cz
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Reference Assemblies
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Rebellion
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\Real
2016-11-18 20:42:27 ----D---- C:\Program Files (x86)\RailWorks
2016-11-18 20:42:26 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-11-18 20:42:26 ----HD---- C:\Program Files (x86)\Creative Installation Information
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\RailSimulator.com
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\PC Tools Security
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Origin
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Oracle
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\OpenAL
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\NSIS Uninstall Information
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\NewBlue
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Nero
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\NAMCO BANDAI Games
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\N3V Games
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\MSXML 4.0
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\MSBuild
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft WSE
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Works
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Office
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Maxthon
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Marvell
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Ladicka
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Kalypso Media
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\JDownloader
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Java
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\IObit
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Internet Explorer
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Intel
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Cheat Engine 6.5.1
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Cheat Engine 6.5
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Cheat Engine 6.4
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Cheat Engine 6.2
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Charles
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Guitar Pro 5
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Google
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\GoldWave
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\GameSpy Arcade
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Game Booster Premium 2.0 Retail
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Full Tilt Poker
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\FlatOut 3
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\FileHippo.com
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Fiddler2
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Exact Audio Copy
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Electronic Arts
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\EA GAMES
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\DsNET Corp
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Disney Interactive Studios
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Deep Silver
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\CyberLink
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Crystal Software
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Creative
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Crash Time 4 - The Syndicate
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Counter-Strike 1.6
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Codemasters
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Bonjour
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\BandiMPEG1
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Bandicam
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Audio Editor Gold
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Atari
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Ahead
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Aerosoft
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Adobe
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Activision
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\ACD Systems
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\Ableton
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\8BallRuler
2016-11-18 20:42:26 ----D---- C:\Program Files (x86)\1C Company
2016-11-16 14:14:45 ----D---- C:\Users\Peter\AppData\Roaming\Skype
2016-11-14 14:59:53 ----D---- C:\ProgramData\Skype
2016-11-11 04:17:48 ----D---- C:\Windows\winsxs
2016-11-10 20:26:45 ----D---- C:\Program Files\Internet Explorer
2016-11-10 20:26:44 ----D---- C:\Windows\SYSWOW64\sk-SK
2016-11-10 20:26:44 ----D---- C:\Windows\SYSWOW64\migration
2016-11-10 20:26:43 ----D---- C:\Windows\SYSWOW64\en-US
2016-11-10 20:26:41 ----D---- C:\Windows\system32\sk-SK
2016-11-10 20:26:41 ----D---- C:\Windows\system32\migration
2016-11-10 20:26:39 ----D---- C:\Windows\system32\en-US
2016-11-10 20:26:36 ----D---- C:\Windows\AppPatch
2016-11-10 20:26:35 ----D---- C:\Windows\system32\Boot
2016-11-10 04:41:27 ----D---- C:\Windows\system32\MRT
2016-11-10 04:30:00 ----AC---- C:\Windows\system32\MRT.exe
2016-11-10 04:28:32 ----D---- C:\ProgramData\Microsoft Help
2016-11-10 04:18:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-11-10 04:18:34 ----D---- C:\Windows\system32\Macromed
2016-11-10 04:18:32 ----D---- C:\Windows\SYSWOW64\Macromed
2016-11-09 10:33:18 ----D---- C:\Windows\system32\catroot2
2016-10-30 18:25:15 ----D---- C:\Windows\Microsoft.NET
2016-10-29 14:54:09 ----D---- C:\Program Files\CCleaner
2016-10-26 16:29:06 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 audas0;%audas0.SvcDescr%; C:\Windows\system32\DRIVERS\audas0.sys [2016-11-19 1191040]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2014-12-25 26528]
R1 iSafeKrnl;YAC Mini-Filter Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [2016-05-23 262344]
R1 iSafeKrnlKit;YAC Kit Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [2016-05-23 110112]
R1 iSafeKrnlMon;YAC Monitor Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [2016-05-23 52440]
R1 iSafeKrnlR3;YAC Ring3 Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [2016-05-23 103904]
R1 iSafeNetFilter;YAC NDIS Driver; C:\Windows\system32\DRIVERS\iSafeNetFilter.sys [2016-05-19 52392]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-02-02 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-02-02 43680]
R2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-05-14 196384]
R3 P17;SB Live! 24-bit; C:\Windows\system32\drivers\P17.sys [2007-12-06 1276928]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-05-14 33008]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [2005-08-03 151552]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2005-08-03 573952]
S3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2005-08-03 738560]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [2005-08-03 695808]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [2005-08-03 208896]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [2005-08-03 316928]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [2005-08-03 169472]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [2005-08-03 356864]
S3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2005-08-03 9728]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [2005-08-03 676864]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2005-08-03 284160]
S3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2005-08-03 130048]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\Windows\system32\drivers\ha10kx2k.sys [2005-08-03 1300480]
S3 iSafeKrnlBoot;YAC Boot Driver; C:\Windows\system32\DRIVERS\iSafeKrnlBoot.sys []
S3 kxwdmdrv;kX WDM Driver Service; C:\Windows\system32\drivers\kx.sys []
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2005-08-03 205824]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2014-02-15 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2014-02-15 57856]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 iSafeService;YAC Service; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [2016-08-19 131024]
R2 MCSvc;Microsoft Cache Service; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-11-11 922912]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-08-08 76888]
R2 ProductAgentService;ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [2016-10-28 1100392]
R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2013-01-09 376832]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2013-01-09 1259872]
R2 SentinelSecurityRuntime;Sentinel Security Runtime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2013-01-09 293216]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-05-02 7031056]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 iThemes5;iThemes5; rundll32 C:\Program Files (x86)\Common Files\Services\iThemes.dll,fnde_svr []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-07 154440]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-25 1260320]
S2 Qovchgroserge;Qovchgroserge; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S2 Windows;Windows; C:\Windows\svchost.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-10 270016]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-07 154440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-10-27 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-10-22 172488]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-20 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 306400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zavírený PC

#8 Příspěvek od Rudy »

Zkuste ho spustit v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
PureHate44
Návštěvník
Návštěvník
Příspěvky: 158
Registrován: 28 čer 2011 17:49

Re: Zavírený PC

#9 Příspěvek od PureHate44 »

Takže..Skùšal som to aj v nudzovom režime a tak isto ta aplikácia zamrzla..reštartoval som PC a nejde spústiť ani v normálnom a ani v nudzovom režime :( (attempting repairs)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zavírený PC

#10 Příspěvek od Rudy »

No spíše to vidím na poškozený systém, než na problém s uneseným prohlížečem (tomu přesměrování se říká únos prohlížeče. Nabootujte z instalačky a pokuste se opravit systém: http://forum.viry.cz/viewtopic.php?f=46&t=106339 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
PureHate44
Návštěvník
Návštěvník
Příspěvky: 158
Registrován: 28 čer 2011 17:49

Re: Zavírený PC

#11 Příspěvek od PureHate44 »

Preinštaloval som window a už ide tak, ako má :) ďakujem :)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zavírený PC

#12 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“