Časté vyskakování podivných reklam které nejdou zavřít apod.

[ave007]

PC se chová velmi nestandardně, cca každý třetí odkaz odkáže na podivné podvodné weby apod.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Michael7 at 2017-01-03 20:56:24
Microsoft Windows 10 Pro
System drive C: has 3 GB (3%) free of 114 GB
Total RAM: 8123 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:56:25, on 3. 1. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0713)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Michael7\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
C:\WINDOWS\STK03N\STK03NM.exe
C:\Users\Michael7\AppData\Roaming\Follow Liker\folikr.exe
C:\Users\Michael7\AppData\Roaming\Follow Liker\vfolikr.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Michael7.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13554
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Michael7\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Michael7\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: Killer Network Manager.lnk = ?
O4 - Global Startup: STK03N PNP Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FOLIKRSV - Unknown owner - C:\Users\Michael7\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Qualcomm Atheros Killer Service V2 - Qualcomm Atheros - C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14363 bytes

======Listing Processes======







C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
dashost.exe {0d916d14-8820-4bfd-a9b157244eb68541}
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"dwm.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session
C:\Windows\System32\RuntimeBroker.exe -Embedding
sihost.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" ad5853b4-9579-456a-88ad-4b7542899bb5 1
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
szndesktop.exe default start
"C:\Users\Michael7\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe" -minimize
"C:\WINDOWS\STK03N\STK03NM.exe"
"fontdrvhost.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Users\Michael7\AppData\Roaming\Follow Liker\folikr.exe" 2
"C:\Users\Michael7\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe" --defaults-file="C:\Users\Michael7\AppData\Roaming\Follow Liker\mdb\bin\srv.ini" FOLIKRSV
vfolikr.exe 2 6736 MXRlc3QuaW5zLmZsaw==
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Michael7\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=55.0.2883.87 --handshake-handle=0x1a8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=7496 --on-initialized-event-handle=564 --parent-handle=568 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/Html5ByDefault/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_99/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=6,17,18,21,37,65 --gpu-vendor-id=0x10de --gpu-device-id=0x11c0 --gpu-driver-vendor=NVIDIA --gpu-driver-version=10.18.13.5382 --gpu-driver-date=8-7-2015 --service-request-channel-token=9FFF52EE449B3E8B3FF391E1168A6ADC --mojo-platform-channel-handle=1256 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_99/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=7A2FC032112B43FD83EF819CB071BF19 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=7A2FC032112B43FD83EF819CB071BF19 --mojo-platform-channel-handle=2640 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_99/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=1CC1CF5F7396CFE04E7C637978F67AC8 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=1CC1CF5F7396CFE04E7C637978F67AC8 --mojo-platform-channel-handle=2728 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_99/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=C8E3E1D96B26F0FCB6F6062146495608 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=C8E3E1D96B26F0FCB6F6062146495608 --mojo-platform-channel-handle=2420 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/*EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/*Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_99/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=6FC2CC659ACC909AEF2491F452261728 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=6FC2CC659ACC909AEF2491F452261728 --mojo-platform-channel-handle=6072 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/*EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/*Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_99/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=931EBDAF41F1F9E70B27758EC6AA13A1 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=931EBDAF41F1F9E70B27758EC6AA13A1 --mojo-platform-channel-handle=6500 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/*EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/*Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_99/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=F01807B1B5873AC22BD28BBB4B4D8872 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=F01807B1B5873AC22BD28BBB4B4D8872 --mojo-platform-channel-handle=10204 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --ppapi-flash-args --lang=cs --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --service-request-channel-token=DA16604DD5AB19B525AC4CAB634E0CA6 --mojo-platform-channel-handle=9444 --ignored=" --type=renderer " /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/*EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/*Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_99/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=41F97F10FF1D749E5226C71D914238F2 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=41F97F10FF1D749E5226C71D914238F2 --mojo-platform-channel-handle=6700 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/*EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/*Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_99/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=44B20A03689E6E2953B33E236474A2B1 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=44B20A03689E6E2953B33E236474A2B1 --mojo-platform-channel-handle=3424 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled6/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/*EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/*Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_99/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=3DCAF8E3A110BDC32B7289CC2C7D4E71 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=3DCAF8E3A110BDC32B7289CC2C7D4E71 --mojo-platform-channel-handle=8296 /prefetch:1


C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Michael7\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe -check pepperplugin
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-04 214216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-04 2888904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-04 151240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-04 1955520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-10-06 16174328]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-03-28 2673296]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2015-03-28 1570672]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2015-07-08 5595848]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26 500936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2016-12-06 176440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-12-19 1517280]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-11-15 27219928]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2016-11-30 23818360]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-01-15 8619224]
"cz.seznam.software.autoupdate"=C:\Users\Michael7\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Michael7\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"NPSStartup"= []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Killer Network Manager.lnk - C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe
STK03N PNP Monitor.lnk - C:\WINDOWS\STK03N\STK03NM.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-03 19:32:41 ----D---- C:\Users\Michael7\AppData\Roaming\Mozilla
2016-12-29 17:06:59 ----D---- C:\Program Files\iTunes
2016-12-29 17:06:59 ----D---- C:\Program Files\iPod
2016-12-13 23:21:02 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2016-12-13 23:21:01 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2016-12-13 23:21:01 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2016-12-13 23:21:01 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2016-12-13 23:21:01 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-12-13 23:21:01 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-12-13 23:21:01 ----A---- C:\WINDOWS\SYSWOW64\gdi32.dll
2016-12-13 23:21:01 ----A---- C:\WINDOWS\SYSWOW64\GamePanel.exe
2016-12-13 23:21:01 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2016-12-13 23:21:01 ----A---- C:\WINDOWS\SYSWOW64\bcrypt.dll
2016-12-13 23:21:01 ----A---- C:\WINDOWS\SYSWOW64\bcastdvr.exe
2016-12-13 23:21:01 ----A---- C:\WINDOWS\SYSWOW64\appidapi.dll
2016-12-13 23:21:01 ----A---- C:\WINDOWS\SYSWOW64\AppCapture.dll
2016-12-13 23:21:01 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-12-13 23:21:01 ----A---- C:\WINDOWS\system32\msi.dll
2016-12-13 23:21:00 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-12-13 23:21:00 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2016-12-13 23:21:00 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-12-13 23:21:00 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-12-13 23:21:00 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2016-12-13 23:20:59 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-12-13 23:20:59 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2016-12-13 23:20:59 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-12-13 23:20:59 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-12-13 23:20:59 ----A---- C:\WINDOWS\system32\msfeeds.dll
2016-12-13 23:20:59 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-12-13 23:20:59 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-12-13 23:20:58 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 23:20:58 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-12-13 23:20:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-12-13 23:20:58 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2016-12-13 23:20:58 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-12-13 23:20:58 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2016-12-13 23:20:58 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-12-13 23:20:57 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-12-13 23:20:57 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-12-13 23:20:57 ----A---- C:\WINDOWS\system32\sppobjs.dll
2016-12-13 23:20:57 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-12-13 23:20:57 ----A---- C:\WINDOWS\system32\gdi32.dll
2016-12-13 23:20:57 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2016-12-13 23:20:57 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2016-12-13 23:20:57 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 23:20:57 ----A---- C:\WINDOWS\system32\bcrypt.dll
2016-12-13 23:20:56 ----A---- C:\WINDOWS\system32\user32.dll
2016-12-13 23:20:56 ----A---- C:\WINDOWS\system32\sppwinob.dll
2016-12-13 23:20:56 ----A---- C:\WINDOWS\system32\GamePanel.exe
2016-12-13 23:20:56 ----A---- C:\WINDOWS\system32\fveapibase.dll
2016-12-13 23:20:56 ----A---- C:\WINDOWS\system32\fveapi.dll
2016-12-13 23:20:56 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2016-12-13 23:20:56 ----A---- C:\WINDOWS\system32\appidsvc.dll
2016-12-13 23:20:56 ----A---- C:\WINDOWS\system32\appidpolicyconverter.exe
2016-12-13 23:20:56 ----A---- C:\WINDOWS\system32\appidcertstorecheck.exe
2016-12-13 23:20:56 ----A---- C:\WINDOWS\system32\appidapi.dll
2016-12-05 22:26:16 ----HD---- C:\_acestream_cache_
2016-12-05 22:22:30 ----D---- C:\Users\Michael7\AppData\Roaming\.ACEStream
2016-12-05 22:21:32 ----D---- C:\Users\Michael7\AppData\Roaming\ACEStream

======List of files/folders modified in the last 1 month======

2017-01-03 20:56:25 ----D---- C:\Program Files\trend micro
2017-01-03 20:55:42 ----D---- C:\WINDOWS\Temp
2017-01-03 20:48:10 ----D---- C:\Users\Michael7\AppData\Roaming\Skype
2017-01-03 19:19:00 ----D---- C:\WINDOWS\system32\sru
2017-01-03 03:49:58 ----D---- C:\WINDOWS\Microsoft.NET
2017-01-02 21:07:04 ----D---- C:\WINDOWS\AppReadiness
2017-01-02 21:04:00 ----D---- C:\Users\Michael7\AppData\Roaming\Seznam.cz
2017-01-02 21:01:54 ----HD---- C:\Program Files\WindowsApps
2017-01-02 20:59:58 ----D---- C:\WINDOWS\Prefetch
2017-01-02 20:59:38 ----AD---- C:\Users\Michael7\AppData\Roaming\Follow Liker
2016-12-31 14:00:22 ----D---- C:\WINDOWS\debug
2016-12-31 14:00:19 ----D---- C:\Windows
2016-12-29 18:43:21 ----D---- C:\Users\Michael7\AppData\Roaming\TeamViewer
2016-12-29 18:43:20 ----D---- C:\WINDOWS\INF
2016-12-29 17:32:15 ----SHD---- C:\WINDOWS\Installer
2016-12-29 17:32:14 ----AD---- C:\ProgramData\regid.1991-06.com.microsoft
2016-12-29 17:32:05 ----D---- C:\Program Files (x86)\Common Files
2016-12-29 17:31:32 ----AD---- C:\Program Files (x86)\Microsoft Office
2016-12-29 17:15:05 ----D---- C:\WINDOWS\System32
2016-12-29 17:15:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-29 17:08:34 ----D---- C:\ProgramData\NVIDIA
2016-12-29 17:07:54 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-12-29 17:07:54 ----D---- C:\Program Files\Futuremark
2016-12-29 17:06:59 ----RD---- C:\Program Files
2016-12-29 17:06:46 ----D---- C:\Program Files\Common Files\Apple
2016-12-29 17:01:53 ----D---- C:\WINDOWS\system32\drivers
2016-12-28 10:45:43 ----D---- C:\WINDOWS\system32\config
2016-12-23 20:28:58 ----HD---- C:\ProgramData
2016-12-23 12:41:54 ----D---- C:\WINDOWS\system32\Tasks
2016-12-23 12:41:54 ----AD---- C:\Program Files (x86)\Opera
2016-12-19 23:20:25 ----D---- C:\WINDOWS\rescache
2016-12-19 23:02:29 ----D---- C:\WINDOWS\WinSxS
2016-12-19 23:02:12 ----D---- C:\WINDOWS\system32\catroot2
2016-12-19 22:32:39 ----RD---- C:\WINDOWS\assembly
2016-12-19 22:32:22 ----D---- C:\ProgramData\Microsoft Help
2016-12-19 22:18:32 ----RD---- C:\Program Files (x86)
2016-12-19 22:18:31 ----D---- C:\WINDOWS\Tasks
2016-12-15 20:55:45 ----D---- C:\WINDOWS\system32\CatRoot
2016-12-15 20:55:34 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-12-15 20:55:34 ----D---- C:\WINDOWS\SysWOW64
2016-12-15 20:55:33 ----D---- C:\WINDOWS\system32\oobe
2016-12-15 20:55:33 ----D---- C:\WINDOWS\system32\DriverStore
2016-12-15 20:55:33 ----D---- C:\WINDOWS\system32\cs-CZ
2016-12-15 20:55:33 ----D---- C:\Program Files\Internet Explorer
2016-12-15 20:55:33 ----D---- C:\Program Files (x86)\Internet Explorer
2016-12-15 10:01:07 ----A---- C:\WINDOWS\win.ini
2016-12-15 10:00:27 ----D---- C:\WINDOWS\CbsTemp
2016-12-15 09:57:00 ----D---- C:\WINDOWS\system32\MRT
2016-12-15 09:55:50 ----AC---- C:\WINDOWS\system32\MRT.exe
2016-12-13 23:16:29 ----D---- C:\WINDOWS\system32\Macromed
2016-12-13 23:16:25 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2016-12-12 00:03:06 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2016-12-07 19:51:29 ----D---- C:\ProgramData\F-Secure

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 edevmon;edevmon; C:\WINDOWS\system32\DRIVERS\edevmon.sys [2015-07-14 251632]
R0 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2015-07-14 72400]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2015-07-14 255240]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2015-07-14 178520]
R1 EpfwLWF;@oem117.inf,%EpfwLWF_Desc%;Epfw NDIS LightWeight Filter; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [2015-07-14 53360]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-04-23 87552]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2015-07-14 231520]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-10-30 47616]
R2 speedfan;speedfan; \??\C:\WINDOWS\SysWOW64\speedfan.sys [2012-12-29 28664]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2015-10-30 78848]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-10-06 4585728]
R3 Ke2200;@oem16.inf,%L1C.Service.DispName%;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller; C:\WINDOWS\System32\drivers\e22w8x64.sys [2013-03-20 163536]
R3 MEIx64;@oem90.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2013-01-11 64624]
R3 NVHDA;@oem102.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2015-08-28 206152]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2015-08-28 11151488]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-03-28 19600]
R3 nvvad_WaveExtensible;@oem51.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 rzudd;@oem24.inf,%Razer.SvcDesc%;Razer Keyboard Driver; C:\WINDOWS\System32\drivers\rzudd.sys [2015-10-06 202952]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S1 BfLwf;Qualcomm Atheros Bandwidth Control; C:\WINDOWS\system32\DRIVERS\bwcW8x64.sys [2013-02-13 75056]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2015-11-22 117248]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-10-25 20992]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2015-10-13 19304]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-10-30 26624]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2015-10-30 930656]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2016-04-23 63488]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library; C:\WINDOWS\system32\drivers\udecx.sys [2015-10-30 45056]
S3 Ufx01000;USB Function Class Extension; C:\WINDOWS\system32\drivers\ufx01000.sys [2016-05-28 258912]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-09-07 131424]
S3 UrsChipidea;@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library; C:\WINDOWS\system32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 USBAAPL64;@oem112.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl64.sys [2015-06-10 54784]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-09-22 83768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-12-04 3698888]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2015-07-08 1353720]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-03-28 1152144]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-03-28 1878672]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-03-28 22995600]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2015-08-07 937592]
R2 OneSyncSvc_9edec73;Hostitel synchronizace_9edec73; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [2013-08-08 343040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-04-08 410952]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-03-02 6942480]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 FOLIKRSV;FOLIKRSV; C:\Users\Michael7\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe [2016-12-28 8180224]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2016-12-06 651576]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_4c159;Hostitel synchronizace_4c159; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_638ff5;Hostitel synchronizace_638ff5; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13 270936]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2014-09-02 614624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4c159;Služba zasílání zpráv_4c159; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_638ff5;Služba zasílání zpráv_638ff5; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_9edec73;Služba zasílání zpráv_9edec73; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-02-10 1910128]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-12-03 209088]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_4c159;Data kontaktů_4c159; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_638ff5;Data kontaktů_638ff5; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_9edec73;Data kontaktů_9edec73; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-09-07 1297408]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2015-10-30 290304]
S3 UnistoreSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 UnistoreSvc_4c159;Úložiště uživatelských dat_4c159; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 UnistoreSvc_638ff5;Úložiště uživatelských dat_638ff5; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 UnistoreSvc_9edec73;Úložiště uživatelských dat_9edec73; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S4 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S4 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]

-----------------EOF-----------------

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[ave007]

# AdwCleaner v6.041 - Log vytvořen 03/01/2017 v 21:37:57
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2017-01-03.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Michael7 - MICHAEL
# Spuštěno z : C:\Users\Michael7\Desktop\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\Michael7\AppData\LocalLow\.acestream
[-] Složka smazána: C:\Users\Michael7\AppData\Roaming\.acestream
[-] Složka smazána: C:\Users\Michael7\AppData\Roaming\acestream
[-] Složka smazána: C:\Users\Michael7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
[-] Složka smazána: C:\_acestream_cache_
[-] Složka smazána: C:\Users\Michael7\AppData\Local\Geckofx


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Classes\.acelive
[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Classes\.acemedia
[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Classes\.acestream
[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Classes\.tslive
[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Classes\acestream
[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Classes\AceStream.CDAudio
[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Classes\AceStream.DVDMovie
[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Classes\AceStream.file
[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Classes\AceStream.OPENFolder
[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Classes\AceStream.SVCDMovie
[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Classes\AceStream.VCDMovie
[#] Klíč smazán po restartu: HKCU\Software\Classes\.acelive
[#] Klíč smazán po restartu: HKCU\Software\Classes\.acemedia
[#] Klíč smazán po restartu: HKCU\Software\Classes\.acestream
[#] Klíč smazán po restartu: HKCU\Software\Classes\.tslive
[#] Klíč smazán po restartu: HKCU\Software\Classes\acestream
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.CDAudio
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.DVDMovie
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.file
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.OPENFolder
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.SVCDMovie
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.VCDMovie
[-] Klíč smazán: HKLM\SOFTWARE\Classes\.acestream
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\.acelive
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\.acemedia
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\.acestream
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\.tslive
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\acestream
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.CDAudio
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.DVDMovie
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.file
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.OPENFolder
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.SVCDMovie
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.VCDMovie
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\.acestream
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\AceStream
[-] Klíč smazán: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[#] Klíč smazán po restartu: HKCU\Software\AceStream
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[#] Klíč smazán po restartu: [x64] HKCU\Software\AceStream
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[-] Klíč smazán: HKCU\Software\Classes\Applications\ace_player.exe
[-] Klíč smazán: HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
[-] Klíč smazán: HKCU\Software\Classes\DVD\shell\PlayWithACEStream
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Classes\Applications\ace_player.exe


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6717 Bajty] - [03/01/2017 21:37:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [6590 Bajty] - [03/01/2017 21:36:56]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6863 Bajty] ##########

[Rudy]

Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[ave007]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Michael7 (administrator) on MICHAEL (03-01-2017 23:25:33)
Running from C:\Users\Michael7\Downloads
Loaded Profiles: Michael7 (Available Profiles: Michael7)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Users\Michael7\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Michael7\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Syntek Ltd.) C:\Windows\STK03N\STK03NM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Michael7\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174328 2015-10-06] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Michael7\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Michael7\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\...\RunOnce: [Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\...\RunOnce: [Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\...\RunOnce: [Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\...\RunOnce: [Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\...\RunOnce: [Uninstall C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael7\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-10-29]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK03N PNP Monitor.lnk [2016-03-23]
ShortcutTarget: STK03N PNP Monitor.lnk -> C:\Windows\STK03N\STK03NM.exe (Syntek Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{d4bfe5a3-91ce-45ee-a333-8026126e1f66}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=13554
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001 -> {2BCE0BE9-D8A7-4472-9D92-09131C8FE4D0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_13554
SearchScopes: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001 -> {308099F4-1F27-412C-A45D-2306781D9BE2} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_13554
SearchScopes: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001 -> {4C52160B-74F3-4F3C-ADA3-5B5CFCA2D80E} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13554
SearchScopes: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001 -> {61D3DFEB-3B07-4477-9983-EEA422752F43} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_13554
SearchScopes: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001 -> {71C1365D-0A6C-43B5-9AE8-D975CEB0D455} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13554
SearchScopes: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001 -> {72F35E48-72AC-470F-B77F-E8A53BA6B6AA} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_13554
SearchScopes: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001 -> {7A3EC7C0-BC75-48FA-A9D0-EE094F17755F} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_13554
SearchScopes: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001 -> {A1E93868-E671-4390-BBAB-5513F06ACAB3} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13554
SearchScopes: HKU\S-1-5-21-2070481859-1754916886-4248104055-1001 -> {BB2AA0A1-F396-4DB3-970F-24A3A997E547} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13554
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)

FireFox:
========
FF HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Michael7\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2070481859-1754916886-4248104055-1001: @acestream.net/acestreamplugin,version=3.1.11 -> C:\Users\Michael7\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://centrum.cz/
CHR Profile: C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default [2017-01-03]
CHR Extension: (Prezentace Google) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Dokumenty Google) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Disk Google) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Highlight Opened) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpifghoofjemmgpcablimgihhjakaplg [2016-12-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2016-11-21]
CHR Extension: (Tabulky Google) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-29]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-19]
CHR HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2070481859-1754916886-4248104055-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (AdBlock) - C:\Users\Michael7\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-09-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
S3 FOLIKRSV; C:\Users\Michael7\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe [8180224 2016-12-28] () [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-09-02] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-10] (Electronic Arts)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [231520 2015-07-14] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [53360 2015-07-14] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
R3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-03 23:23 - 2017-01-03 23:23 - 02418176 _____ (Farbar) C:\Users\Michael7\Downloads\FRST64 (1).exe
2017-01-03 23:22 - 2017-01-03 23:22 - 00112640 _____ (forum.viry.cz) C:\Users\Michael7\Downloads\Nepotvrzeno 499780.crdownload
2017-01-03 21:36 - 2017-01-03 21:37 - 00000000 ____D C:\AdwCleaner
2017-01-03 21:35 - 2017-01-03 21:35 - 03977168 _____ C:\Users\Michael7\Desktop\adwcleaner_6.041.exe
2017-01-03 20:48 - 2017-01-03 20:48 - 01323520 _____ C:\Users\Michael7\Downloads\RSITx64 (1).exe
2017-01-03 19:32 - 2017-01-03 19:32 - 00000000 ____D C:\Users\Michael7\AppData\Roaming\Mozilla
2017-01-03 19:24 - 2017-01-03 19:24 - 23890341 _____ C:\Users\Michael7\Downloads\FacebookAutomation.rar
2017-01-03 16:34 - 2017-01-03 19:22 - 00000000 ____D C:\Users\Michael7\Desktop\stock
2016-12-31 14:00 - 2017-01-03 21:39 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-31 13:52 - 2016-12-31 13:52 - 00063979 _____ C:\Users\Michael7\Desktop\15589659_1257346680993641_1197250033295286722_n.jpg
2016-12-29 17:13 - 2016-12-29 17:14 - 03553992 _____ C:\Users\Michael7\Downloads\iTools0520E.zip
2016-12-29 17:07 - 2016-12-29 17:07 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-29 17:07 - 2016-12-29 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-29 17:06 - 2016-12-29 17:07 - 00000000 ____D C:\Program Files\iTunes
2016-12-29 17:06 - 2016-12-29 17:06 - 00000000 ____D C:\Program Files\iPod
2016-12-29 13:07 - 2016-12-29 13:07 - 08736000 _____ C:\Users\Michael7\Desktop\DEAF KEV - Invincible [NCS Release] (256 kbps).mp3
2016-12-29 00:45 - 2016-12-29 00:45 - 00088998 _____ C:\Users\Michael7\Desktop\15776708_1154559701324122_5671361445330427307_o.jpg
2016-12-28 23:10 - 2016-12-28 23:10 - 00115543 _____ C:\Users\Michael7\Desktop\2016-12-28_231030.jpg
2016-12-27 23:13 - 2016-12-27 23:13 - 00010231 _____ C:\Users\Michael7\Downloads\Konting.-tabulka (1).xlsx
2016-12-27 23:12 - 2016-12-27 23:12 - 00010231 _____ C:\Users\Michael7\Downloads\Konting.-tabulka.xlsx
2016-12-27 23:09 - 2016-12-27 23:09 - 00024640 _____ C:\Users\Michael7\Downloads\Excel2-1.xlsx
2016-12-27 22:11 - 2016-12-27 22:11 - 01161685 _____ C:\Users\Michael7\Desktop\počet_osob_v_účtování_služeb_2016.pdf
2016-12-22 21:35 - 2016-12-22 21:35 - 00046329 _____ C:\Users\Michael7\Desktop\15541879_739284366228159_7987106898609237234_n.jpg
2016-12-21 19:53 - 2016-12-21 19:53 - 00072696 _____ C:\Users\Michael7\Desktop\268679-78b94-32798233-400.jpg
2016-12-21 19:20 - 2016-12-21 19:20 - 00070579 _____ C:\Users\Michael7\Desktop\2016-12-21_192049.jpg
2016-12-21 10:34 - 2016-12-21 10:47 - 00043313 _____ C:\Users\Michael7\Desktop\Office 6654132316.docx
2016-12-21 10:34 - 2016-12-21 10:34 - 00043279 _____ C:\Users\Michael7\Downloads\Office_6532413555.docx
2016-12-20 13:26 - 2016-12-20 13:26 - 00000000 _____ C:\Users\Michael7\Desktop\adresaaa.docx
2016-12-19 22:53 - 2016-12-19 22:53 - 00080173 _____ C:\Users\Michael7\Desktop\Mischger3-0.jpg
2016-12-19 22:52 - 2016-12-19 22:52 - 00137223 _____ C:\Users\Michael7\Desktop\Beck_V2_gyros-0.jpg
2016-12-19 22:16 - 2016-12-19 22:16 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-15 09:57 - 2016-12-15 09:57 - 00000000 _____ C:\Users\Michael7\Desktop\Nový Dokument Microsoft Wordu (2).docx
2016-12-14 20:48 - 2016-12-14 20:48 - 00000878 _____ C:\Users\Michael7\Desktop\skupiny_volna_velke shit.txt
2016-12-13 23:21 - 2016-11-22 10:32 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-12-13 23:21 - 2016-11-22 10:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-12-13 23:21 - 2016-11-22 10:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 23:21 - 2016-11-22 10:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2016-12-13 23:21 - 2016-11-22 09:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-12-13 23:21 - 2016-11-22 09:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 23:21 - 2016-11-22 09:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 23:21 - 2016-11-22 09:47 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-13 23:21 - 2016-11-22 09:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 23:21 - 2016-11-22 09:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-12-13 23:21 - 2016-11-22 08:57 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 23:21 - 2016-11-22 08:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-13 23:21 - 2016-11-22 08:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-13 23:21 - 2016-11-22 08:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-12-13 23:21 - 2016-11-22 08:26 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-13 23:21 - 2016-11-22 07:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 23:21 - 2016-11-22 07:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-13 23:21 - 2016-11-22 07:35 - 19350016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 23:21 - 2016-11-22 07:34 - 18670080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 23:21 - 2016-11-22 07:32 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 23:20 - 2016-11-22 12:42 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 23:20 - 2016-11-22 11:43 - 03692040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-12-13 23:20 - 2016-11-22 11:38 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-13 23:20 - 2016-11-22 11:38 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-13 23:20 - 2016-11-22 11:36 - 00159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 23:20 - 2016-11-22 11:35 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 23:20 - 2016-11-22 11:35 - 00075448 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2016-12-13 23:20 - 2016-11-22 11:04 - 02549456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 23:20 - 2016-11-22 11:03 - 01777280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 23:20 - 2016-11-22 11:02 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-13 23:20 - 2016-11-22 11:02 - 01399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 23:20 - 2016-11-22 10:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2016-12-13 23:20 - 2016-11-22 10:13 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2016-12-13 23:20 - 2016-11-22 10:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2016-12-13 23:20 - 2016-11-22 09:55 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-13 23:20 - 2016-11-22 09:54 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-12-13 23:20 - 2016-11-22 09:50 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-12-13 23:20 - 2016-11-22 09:35 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-13 23:20 - 2016-11-22 09:32 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 23:20 - 2016-11-22 09:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-13 23:20 - 2016-11-22 09:20 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-13 23:20 - 2016-11-22 09:04 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 23:20 - 2016-11-22 08:53 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-13 23:20 - 2016-11-22 08:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 23:20 - 2016-11-22 08:26 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 23:20 - 2016-11-22 08:21 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-13 23:20 - 2016-11-22 08:15 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 23:20 - 2016-11-22 08:14 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 23:20 - 2016-11-22 08:02 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 23:20 - 2016-11-22 08:01 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 23:20 - 2016-11-22 07:49 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 23:20 - 2016-11-22 07:34 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 23:20 - 2016-11-22 07:17 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-13 23:04 - 2016-12-13 23:04 - 05135576 _____ (Facebook Inc.) C:\Users\Michael7\Downloads\Kaspersky_T157066648103720T_.exe
2016-12-07 19:49 - 2016-12-07 19:49 - 05135576 _____ (Facebook Inc.) C:\Users\Michael7\Downloads\Fsecure_T149981068816262T_.exe
2016-12-06 19:10 - 2016-12-06 19:10 - 05135576 _____ (Facebook Inc.) C:\Users\Michael7\Downloads\ESET_T136455100172887T_.exe
2016-12-05 22:21 - 2016-12-05 22:21 - 00002168 _____ C:\Users\Michael7\Desktop\Ace Stream Media Center.lnk
2016-12-05 22:21 - 2016-12-05 22:21 - 00002064 _____ C:\Users\Michael7\Desktop\Ace Player.lnk
2016-12-05 22:20 - 2016-12-05 22:21 - 82334592 _____ C:\Users\Michael7\Downloads\Ace_Stream_Media_3.1.11.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-03 23:25 - 2016-07-12 19:46 - 00021932 _____ C:\Users\Michael7\Downloads\FRST.txt
2017-01-03 23:25 - 2015-01-06 20:50 - 00000000 ____D C:\FRST
2017-01-03 23:16 - 2015-03-05 00:11 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-03 22:53 - 2014-11-20 10:41 - 00000000 ____D C:\Users\Michael7\AppData\Roaming\Skype
2017-01-03 22:23 - 2014-10-30 02:37 - 00004202 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F269AAD2-C3AC-464D-A62E-EC4C8031B8C0}
2017-01-03 21:45 - 2015-10-30 19:31 - 00750030 _____ C:\WINDOWS\system32\perfh005.dat
2017-01-03 21:45 - 2015-10-30 19:31 - 00150654 _____ C:\WINDOWS\system32\perfc005.dat
2017-01-03 21:45 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2017-01-03 21:45 - 2015-10-06 10:45 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-03 21:44 - 2016-05-11 09:34 - 00000000 ____D C:\Users\Michael7\AppData\Roaming\Seznam.cz
2017-01-03 21:38 - 2015-12-23 03:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-03 21:38 - 2015-12-23 03:42 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-03 21:38 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-01-03 20:56 - 2015-01-06 10:44 - 00000000 ____D C:\Program Files\trend micro
2017-01-03 20:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-03 19:43 - 2016-02-16 10:09 - 00000000 ____D C:\Users\Michael7\Desktop\Skupiny
2017-01-03 19:25 - 2016-03-08 10:04 - 00000000 ____D C:\Users\Michael7\Desktop\FB auto2
2017-01-03 14:24 - 2016-10-18 08:10 - 00013345 _____ C:\Users\Michael7\Desktop\price quotation.xlsx
2017-01-03 02:00 - 2015-02-02 21:29 - 00000000 ____D C:\Users\Michael7\AppData\Local\Adobe
2017-01-02 21:01 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-02 20:59 - 2016-07-30 15:23 - 00000000 ____D C:\Users\Michael7\AppData\Roaming\Follow Liker
2017-01-01 01:48 - 2015-03-05 00:11 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-31 18:43 - 2015-11-09 23:48 - 00001938 _____ C:\Users\Michael7\Desktop\BitLord.lnk
2016-12-31 18:43 - 2015-01-28 14:54 - 00001029 _____ C:\Users\Michael7\Desktop\Jpeg Resampler 2010.lnk
2016-12-31 18:43 - 2015-01-01 21:45 - 00001584 _____ C:\Users\Michael7\Desktop\ESET NOD32.lnk
2016-12-31 18:43 - 2014-11-13 15:02 - 00001195 _____ C:\Users\Michael7\Desktop\AIDA64 Extreme.lnk
2016-12-31 18:43 - 2014-11-05 19:49 - 00001424 _____ C:\Users\Michael7\Desktop\F1 2014.lnk
2016-12-31 14:00 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\debug
2016-12-31 13:46 - 2016-11-07 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Follow Liker
2016-12-29 18:43 - 2016-09-07 15:14 - 00000000 ____D C:\Users\Michael7\AppData\Local\CrashDumps
2016-12-29 18:43 - 2014-12-30 10:51 - 00000000 ____D C:\Users\Michael7\AppData\Roaming\TeamViewer
2016-12-29 17:32 - 2015-10-30 08:24 - 00000000 __SHD C:\WINDOWS\Installer
2016-12-29 17:32 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-29 17:32 - 2015-10-30 07:28 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-29 17:31 - 2015-04-23 17:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-29 17:08 - 2015-12-23 03:41 - 00374648 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-29 17:07 - 2015-10-30 08:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs
2016-12-29 17:07 - 2014-11-11 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2016-12-29 17:07 - 2014-11-11 23:26 - 00000000 ____D C:\Program Files\Futuremark
2016-12-29 17:07 - 2014-10-29 20:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-29 17:07 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-29 17:06 - 2015-10-30 07:28 - 00000000 ___RD C:\Program Files
2016-12-29 17:06 - 2015-01-01 15:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-29 17:01 - 2015-10-30 08:23 - 00000000 ____D C:\WINDOWS\system32\drivers
2016-12-29 11:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\config\RegBack
2016-12-28 10:45 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\config
2016-12-27 23:13 - 2014-10-29 19:53 - 00000000 ____D C:\Users\Michael7\AppData\Local\Packages
2016-12-23 20:39 - 2014-10-29 22:03 - 00000000 ____D C:\Users\Michael7\Desktop\1vkládání
2016-12-23 20:29 - 2014-10-30 02:23 - 00000000 ____D C:\Users\Michael7\Desktop\faktury
2016-12-23 20:28 - 2015-10-30 08:24 - 00000000 ___HD C:\ProgramData
2016-12-23 12:41 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Tasks
2016-12-23 12:41 - 2014-11-05 18:50 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1415209820
2016-12-23 12:41 - 2014-11-05 18:50 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-23 12:41 - 2014-11-05 18:50 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-23 08:54 - 2015-12-23 03:42 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{485596d2-7ed5-11e5-80df-e41d2d718e10}.TMContainer00000000000000000001.regtrans-ms
2016-12-23 08:54 - 2015-12-23 03:42 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{485596d2-7ed5-11e5-80df-e41d2d718e10}.TM.blf
2016-12-23 08:54 - 2015-10-30 07:28 - 48234496 _____ C:\WINDOWS\system32\config\COMPONENTS
2016-12-20 21:10 - 2016-02-17 23:25 - 00001817 ____H C:\Users\Michael7\Desktop\Disk Google.lnk
2016-12-19 23:20 - 2015-12-23 03:42 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{485596d2-7ed5-11e5-80df-e41d2d718e10}.TMContainer00000000000000000002.regtrans-ms
2016-12-19 23:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-12-19 23:02 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-19 23:02 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-19 22:32 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-19 22:32 - 2015-04-23 17:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-12-19 22:32 - 2015-04-23 17:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-19 22:18 - 2015-10-30 07:28 - 00000000 ___RD C:\Program Files (x86)
2016-12-19 22:18 - 2015-05-18 22:12 - 00003500 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d091af68ba3b5c
2016-12-19 22:18 - 2014-10-29 22:01 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-19 22:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-19 22:16 - 2015-10-06 10:43 - 00002437 _____ C:\Users\Michael7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-19 22:16 - 2015-10-06 10:43 - 00000000 ___RD C:\Users\Michael7\OneDrive
2016-12-19 22:15 - 2015-10-30 07:28 - 00262144 ___SH C:\Users\Default\NTUSER.DAT
2016-12-19 22:14 - 2016-08-24 20:17 - 00000000 ____D C:\Users\Michael7\AppData\Local\FSDART
2016-12-15 20:55 - 2015-12-23 03:41 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{485596e0-7ed5-11e5-80df-e41d2d718e10}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 20:55 - 2015-12-23 03:41 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{485596e0-7ed5-11e5-80df-e41d2d718e10}.TM.blf
2016-12-15 20:55 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\cs-CZ
2016-12-15 20:55 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-15 20:55 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\cs-CZ
2016-12-15 20:55 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-15 20:55 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-15 20:55 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64
2016-12-15 20:55 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-15 20:55 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-15 12:36 - 2016-02-17 23:25 - 00002115 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-12-15 12:36 - 2016-02-17 23:25 - 00002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-12-15 12:36 - 2016-02-17 23:25 - 00002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-12-15 12:36 - 2016-02-17 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-12-15 10:01 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-12-15 10:00 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-15 09:57 - 2014-10-29 20:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-15 09:55 - 2014-10-29 20:49 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-14 21:35 - 2014-10-29 22:01 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 21:35 - 2014-10-29 22:01 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 20:38 - 2016-10-17 14:07 - 00000000 ____D C:\Users\Michael7\Desktop\tisk X
2016-12-13 23:17 - 2016-09-13 09:15 - 00000000 ____D C:\ProgramData\AppData\Local\Temp
2016-12-13 23:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 23:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 23:16 - 2015-03-05 00:11 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-12 00:03 - 2015-10-30 08:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:03 - 2015-10-30 08:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-07 19:51 - 2016-08-24 20:17 - 00000000 ____D C:\ProgramData\F-Secure
2016-12-06 19:11 - 2016-07-07 17:49 - 00001206 _____ C:\Users\Michael7\Downloads\log.txt
2016-12-05 21:43 - 2014-12-02 00:56 - 00000000 ____D C:\Users\Michael7\AppData\Local\Diagnostics

==================== Files in the root of some directories =======

2014-11-05 18:18 - 2015-03-03 10:41 - 0000000 _____ () C:\Users\Michael7\AppData\Roaming\bitlord_log.txt
2016-03-22 20:43 - 2016-06-14 17:33 - 0000112 _____ () C:\Users\Michael7\AppData\Roaming\Předvolby CS6 pro JP2K
2014-10-29 20:14 - 2014-10-29 20:14 - 0000000 _____ () C:\Users\Michael7\AppData\Local\Driver_LOM_8161Present.flag
2016-08-24 20:23 - 2016-08-24 20:23 - 0000036 _____ () C:\Users\Michael7\AppData\Local\housecall.guid.cache
2015-01-06 20:48 - 2015-01-06 20:49 - 0029696 _____ () C:\Users\Michael7\AppData\Local\MSGBOX.EXE
2014-11-05 18:24 - 2014-11-05 18:24 - 0000218 _____ () C:\Users\Michael7\AppData\Local\recently-used.xbel
2014-11-13 14:03 - 2014-11-13 14:03 - 0007661 _____ () C:\Users\Michael7\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Michael7\AppData\Local\Temp\dateinj01.dll
C:\Users\Michael7\AppData\Local\Temp\libeay32.dll
C:\Users\Michael7\AppData\Local\Temp\msvcr120.dll
C:\Users\Michael7\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-29 11:06

==================== End of FRST.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [NPSStartup] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Michael7\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[ave007]

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Michael7 (04-01-2017 19:22:26) Run:3
Running from C:\Users\Michael7\Desktop
Loaded Profiles: Michael7 (Available Profiles: Michael7)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [NPSStartup] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Michael7\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

"C:\Users\Michael7\AppData\Local\Temp" folder move:

Could not move "C:\Users\Michael7\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 47163034 B
Java, Flash, Steam htmlcache => 792 B
Windows/system/drivers => 2039929 B
Edge => 390 B
Chrome => 331886603 B
Firefox => 0 B
Opera => 30018642 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 814 B
NetworkService => 0 B
Michael7 => 48238383 B

RecycleBin => 84079916 B
EmptyTemp: => 518.3 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-01-2017 19:23:24)

C:\Users\Michael7\AppData\Local\Temp => moved successfully

==== End of Fixlog 19:23:24 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[ave007]

Bohužel. Velmi často vyskakuje nějaké podokno.
Posílám ukázku fotku.

[Rudy]

Zkusíme vyčistit prohlížeče. Proveďte následující skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[ave007]

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Michael7 on Wed 04. 01. 2017 at 21:26:04,77.
Microsoft Windows 10 Pro 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Michael7\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4. 1. 2017 21:32:17 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Free Video Flip and Rotate deleted successfully
C:\PROGRA~2\Razer deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Michael7\AppData\Local\ActiveSync deleted successfully
C:\Users\Michael7\AppData\Local\CrashDumps deleted successfully
C:\Users\Michael7\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Michael7\AppData\Local\EmieSiteList deleted successfully
C:\Users\Michael7\AppData\Local\EmieUserList deleted successfully
C:\Users\Michael7\AppData\Local\FSDART deleted successfully
C:\Users\Michael7\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Michael7\AppData\Local\Skype deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2070481859-1754916886-4248104055-1001\SOFTWARE\Mozilla\Firefox\Extensions\acewebextension_unlisted@acestream.org deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Free Video Flip and Rotate not found
C:\PROGRA~2\Razer not found
C:\PROGRA~2\BitLord deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Michael7\AppData\Local\MSGBOX.EXE deleted
C:\Users\Michael7\AppData\Local\BitLord deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Michael7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord deleted
C:\Users\Michael7\Documents\BitLord deleted
"C:\Users\Michael7\AppData\Roaming\Předvolby CS6 pro JP2K" deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
mjbepbhonbojpoaenhckjocchgfiaofo - No path found[]

Highlight Opened - Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpifghoofjemmgpcablimgihhjakaplg
Photo Zoom for Facebook - Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi
Google Drive App Launcher - Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Chrome Media Router - Michael7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage deleted successfully
C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal deleted successfully
C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage deleted successfully
C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully
C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=13554"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=13554"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02
HKCU\SearchScopes\{2BCE0BE9-D8A7-4472-9D92-09131C8FE4D0} - http://search.seznam.cz/?q={searchTerms ... arch_13554
HKCU\SearchScopes\{308099F4-1F27-412C-A45D-2306781D9BE2} - http://www.mapy.cz/?query={searchTerms} ... arch_13554
HKCU\SearchScopes\{4C52160B-74F3-4F3C-ADA3-5B5CFCA2D80E} - http://encyklopedie.seznam.cz/search?q= ... arch_13554
HKCU\SearchScopes\{61D3DFEB-3B07-4477-9983-EEA422752F43} - http://www.firmy.cz/?q={searchTerms}&so ... arch_13554
HKCU\SearchScopes\{71C1365D-0A6C-43B5-9AE8-D975CEB0D455} - http://tv.seznam.cz/hledej?w={searchTer ... arch_13554
HKCU\SearchScopes\{72F35E48-72AC-470F-B77F-E8A53BA6B6AA} - http://www.novinky.cz/hledej?w={searchT ... arch_13554
HKCU\SearchScopes\{7A3EC7C0-BC75-48FA-A9D0-EE094F17755F} - http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13554
HKCU\SearchScopes\{A1E93868-E671-4390-BBAB-5513F06ACAB3} - http://slovnik.seznam.cz/?q={searchTerm ... arch_13554
HKCU\SearchScopes\{BB2AA0A1-F396-4DB3-970F-24A3A997E547} - http://slovnik.seznam.cz/?q={searchTerm ... arch_13554

==== Reset Google Chrome ======================

C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Michael7\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Michael7\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Michael7\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Michael7\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Michael7\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Michael7\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=880 folders=271 2082380728 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Michael7\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 04. 01. 2017 at 21:42:26,44 ======================

[ave007]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by Michael7 (Administrator) on Wed 04. 01. 2017 at 21:43:25,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2BCE0BE9-D8A7-4472-9D92-09131C8FE4D0} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04. 01. 2017 at 21:44:18,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Rudy]

Změnilo se nyní?

[ave007]

Ano. Vypadá to, že je vpořádku (Y)

[ave007]

Chtěl jsem se ještě zeptat, můj táta má trošku podobný problém s jeho primárním prohlížečem Chrome.
Nejde mu například odeslat e-mail s přílohou, zkoušeli jsme v jiném prohlížeči tam to šlo.
Ten čistič prohlížeče by mu myslím mohl pomoci.
Bylo by možné udělat ještě sem do tohoto vlákna poslat log, nebo na to mám udělat nové vlákno?

Jinak tenhle PC se zdá být už v pořádku, za což samozřejmě moc děkuji.