Problém s PC, Zpomalení

[BL4zer]

Zdravím,
Mám problém, poslední dobou se mi zpomalil PC. ve správci úloh jsem zahlídl com surrogate a pak při spuštění mi vyskočí nějaká chyba cledx.exe a dle google nějaký trojan.
Mohli by jste mi poradit jak se toho zbavit aniž bych musel format C: ?
Díky moc za odpověď
edit: chtěl jsem si stáhnout dle vašeho návodu FRSTlauncher a chromě mě tam nepustí že je tam možnost virů nebo co.

[Rudy]

Zdravím!
Zkusíme to. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[BL4zer]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Paulie (administrator) on PAULIE-PC (09-01-2017 21:28:33)
Running from C:\Users\Paulie\Desktop
Loaded Profiles: Paulie (Available Profiles: Paulie)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) D:\Paulie\Games\Steam\Steam.exe
(Valve Corporation) D:\Paulie\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Paulie\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804416 2016-07-13] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-02] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => D:\Paulie\Programy\PowerISO\PWRISOVM.EXE [454792 2016-06-07] (Power Software Ltd)
HKLM-x32\...\Run: [H2O] => C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe [200069 2005-05-11] (Team H2O)
HKU\S-1-5-21-3252837874-167571560-541395448-1001\...\Run: [Steam] => D:\Paulie\Games\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3252837874-167571560-541395448-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-3252837874-167571560-541395448-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
Startup: C:\Users\Paulie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe [2017-01-09] ()
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{63780654-5c94-43c7-a869-a587b94b8ca0}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR StartupUrls: Default -> "","hxxp://search.gboxapp.com/","hxxp://www.google.com/","hxxp://mystart.incred ... 26&loc=skw"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default [2017-01-09]
CHR Extension: (Prezentace Google) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-13]
CHR Extension: (Dokumenty Google) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-13]
CHR Extension: (Disk Google) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-13]
CHR Extension: (YouTube) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-13]
CHR Extension: (Tabulky Google) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-13]
CHR Extension: (AdBlock) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-13]
CHR Extension: (Gmail) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-13]
CHR Extension: (Chrome Media Router) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-11-15] (Hi-Rez Studios) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2016-07-13] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_9ff5ab165faead52\nvlddmkm.sys [13754936 2016-08-26] (NVIDIA Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-09 21:28 - 2017-01-09 21:28 - 00008933 _____ C:\Users\Paulie\Desktop\FRST.txt
2017-01-09 21:15 - 2017-01-09 21:28 - 00000000 ____D C:\FRST
2017-01-09 21:15 - 2017-01-09 21:15 - 02419200 _____ (Farbar) C:\Users\Paulie\Desktop\FRST64.exe
2017-01-09 21:00 - 2017-01-09 21:02 - 00000140 _____ C:\WINDOWS\Reimage.ini
2017-01-09 19:26 - 2017-01-09 19:26 - 00000000 ____D C:\Users\Paulie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SyncroSoft Emu
2017-01-09 19:26 - 2005-11-03 17:14 - 00045056 _____ (SIA Syncrosoft) C:\WINDOWS\SysWOW64\Synsopos.exe
2017-01-09 19:26 - 2004-08-31 17:47 - 00021888 _____ (Syncrosoft GmbH) C:\WINDOWS\SysWOW64\Drivers\synUSB64.sys
2017-01-09 19:26 - 2003-07-31 19:28 - 00147425 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Aide.chm
2017-01-09 19:26 - 2003-05-26 14:29 - 00120468 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Hilfe.chm
2017-01-09 19:26 - 2003-05-26 14:29 - 00114279 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Help.chm
2017-01-09 19:25 - 2017-01-09 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncrosoft
2017-01-09 19:25 - 2017-01-09 19:26 - 00000000 ____D C:\Program Files (x86)\Syncrosoft
2017-01-09 19:25 - 2005-11-08 20:02 - 00708608 _____ (SIA Syncrosoft) C:\WINDOWS\SysWOW64\SYNSOACC.dll
2017-01-09 19:25 - 2005-11-08 11:20 - 00147456 _____ (SIA Syncrosoft) C:\WINDOWS\SysWOW64\SynsoLChk.dll
2017-01-09 19:13 - 2017-01-09 19:13 - 00000000 __SHD C:\AppCache
2017-01-09 19:09 - 2017-01-09 19:09 - 00000000 ____D C:\Users\Paulie\AppData\Local\PitchAndShiftAudio
2017-01-09 18:59 - 2017-01-09 18:59 - 00000000 ____D C:\Users\Paulie\AppData\Roaming\WinRAR
2017-01-09 18:59 - 2017-01-09 18:59 - 00000000 ____D C:\Users\Paulie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-09 18:59 - 2017-01-09 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-09 18:59 - 2017-01-09 18:59 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2017-01-09 17:13 - 2017-01-09 19:05 - 00000000 ____D C:\Users\Paulie\AppData\Roaming\Audacity
2017-01-09 17:13 - 2017-01-09 17:13 - 00000803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-12-17 21:23 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-12-17 21:23 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-12-17 21:23 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-12-17 21:23 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-12-17 21:23 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-12-17 21:23 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-12-14 19:00 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 19:00 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 19:00 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 19:00 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 19:00 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 19:00 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 19:00 - 2016-12-09 11:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 19:00 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 19:00 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 19:00 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 19:00 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 19:00 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 19:00 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 19:00 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 19:00 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 19:00 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 19:00 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 19:00 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 19:00 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 19:00 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 19:00 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 19:00 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 19:00 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 19:00 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 19:00 - 2016-12-09 11:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 19:00 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 19:00 - 2016-12-09 11:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 19:00 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 19:00 - 2016-12-09 11:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 19:00 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 19:00 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 19:00 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 19:00 - 2016-12-09 11:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 19:00 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 19:00 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 19:00 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 19:00 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 19:00 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 19:00 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 19:00 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 19:00 - 2016-12-09 10:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 19:00 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 19:00 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 19:00 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 19:00 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 19:00 - 2016-12-09 10:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 19:00 - 2016-12-09 10:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 19:00 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 19:00 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 19:00 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 19:00 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 19:00 - 2016-12-09 10:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 19:00 - 2016-12-09 10:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 19:00 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 19:00 - 2016-12-09 10:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 19:00 - 2016-12-09 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 19:00 - 2016-12-09 10:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 19:00 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 19:00 - 2016-12-09 10:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 19:00 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 19:00 - 2016-12-09 10:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 19:00 - 2016-12-09 10:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 19:00 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 19:00 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 19:00 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 19:00 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 19:00 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 19:00 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 19:00 - 2016-12-09 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 19:00 - 2016-12-09 10:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 19:00 - 2016-12-09 10:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 19:00 - 2016-12-09 10:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 19:00 - 2016-12-09 10:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 19:00 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 19:00 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 19:00 - 2016-12-09 10:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 19:00 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 19:00 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 19:00 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 19:00 - 2016-12-09 10:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 19:00 - 2016-12-09 10:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 19:00 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 19:00 - 2016-12-09 10:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 19:00 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 19:00 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 19:00 - 2016-12-09 10:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 19:00 - 2016-12-09 10:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 19:00 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 19:00 - 2016-12-09 10:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 19:00 - 2016-12-09 10:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 19:00 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 19:00 - 2016-12-09 10:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 19:00 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 19:00 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 19:00 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 19:00 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 19:00 - 2016-12-09 10:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 19:00 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 19:00 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 19:00 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 19:00 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 19:00 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 19:00 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 19:00 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 19:00 - 2016-12-09 10:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 19:00 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 19:00 - 2016-12-09 10:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 19:00 - 2016-12-09 10:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 19:00 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 19:00 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 19:00 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 19:00 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 19:00 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 19:00 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 19:00 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 19:00 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-13 20:29 - 2016-12-13 20:29 - 00000000 ____D C:\Users\Paulie\AppData\Local\Chromium
2016-12-10 00:29 - 2017-01-09 21:09 - 00065862 ____H C:\Users\Paulie\AppData\Local\IconCache.db

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-09 21:16 - 2016-07-16 23:25 - 00520622 _____ C:\WINDOWS\system32\perfh005.dat
2017-01-09 21:16 - 2016-07-16 23:25 - 00106424 _____ C:\WINDOWS\system32\perfc005.dat
2017-01-09 21:16 - 2016-07-13 15:37 - 01592832 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-09 21:09 - 2016-10-02 13:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-09 21:09 - 2016-10-02 13:25 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-09 21:09 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-09 20:02 - 2016-07-13 16:51 - 00000000 ___RD C:\Users\Paulie\Desktop\P & G
2017-01-09 19:26 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-08 22:45 - 2016-10-02 13:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-08 14:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-06 18:31 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-04 18:45 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-02 19:23 - 2016-10-02 13:26 - 00000000 ____D C:\Users\Paulie
2016-12-27 17:56 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\config
2016-12-19 14:10 - 2016-10-02 13:26 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-19 14:10 - 2016-10-02 13:26 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-19 14:10 - 2016-07-16 07:04 - 45350912 _____ C:\WINDOWS\system32\config\COMPONENTS
2016-12-19 12:33 - 2016-10-01 16:47 - 00000000 ____D C:\Users\Paulie\AppData\LocalLow\Heroes and Generals
2016-12-18 13:24 - 2016-09-02 13:38 - 00000000 ____D C:\Users\Paulie\AppData\Local\Battle.net
2016-12-18 13:21 - 2016-09-02 13:37 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-17 22:11 - 2016-09-15 18:55 - 00000000 ____D C:\Users\Paulie\AppData\Local\Ubisoft Game Launcher
2016-12-17 21:23 - 2016-07-16 12:47 - 00000000 __RSD C:\WINDOWS\assembly
2016-12-17 21:23 - 2016-07-13 17:07 - 00062434 _____ C:\WINDOWS\DirectX.log
2016-12-17 15:40 - 2016-10-02 13:30 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 15:40 - 2016-10-02 13:30 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-17 15:40 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-15 19:58 - 2016-07-13 15:41 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-15 17:00 - 2016-10-02 13:26 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 16:59 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-15 16:45 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-15 16:04 - 2016-10-02 13:24 - 00194440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-14 20:06 - 2016-10-02 13:24 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-14 20:06 - 2016-10-02 13:24 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-14 20:06 - 2016-07-16 12:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-14 20:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-14 20:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-14 20:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\drivers
2016-12-14 20:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-14 20:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 20:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-14 20:06 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-14 19:47 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 19:44 - 2016-07-13 15:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 19:43 - 2016-07-13 15:57 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-13 20:29 - 2016-07-13 15:56 - 00000000 ____D C:\Users\Paulie\AppData\Local\Steam
2016-12-12 00:56 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-10 18:41 - 2016-10-02 13:26 - 00524288 ___SH C:\Users\Paulie\NTUSER.DAT{92cf1ad9-88a3-11e6-9252-8713360bbfb0}.TMContainer00000000000000000001.regtrans-ms
2016-12-10 18:41 - 2016-10-02 13:26 - 00065536 ___SH C:\Users\Paulie\NTUSER.DAT{92cf1ad9-88a3-11e6-9252-8713360bbfb0}.TM.blf
2016-12-10 10:36 - 2016-10-02 13:31 - 00000174 ___SH C:\Users\Paulie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-10 10:36 - 2016-07-16 07:04 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-10 10:36 - 2016-07-13 15:31 - 00000402 ___SH C:\Users\Paulie\Documents\desktop.ini
2016-12-10 10:36 - 2016-07-13 15:31 - 00000282 ___SH C:\Users\Paulie\Downloads\desktop.ini
2016-12-10 10:36 - 2016-07-13 15:31 - 00000282 ___SH C:\Users\Paulie\Desktop\desktop.ini
2016-12-10 10:36 - 2016-07-13 15:31 - 00000174 ___SH C:\Users\Paulie\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-10 10:36 - 2016-07-13 15:31 - 00000000 ___RD C:\Users\Paulie\Videos
2016-12-10 10:36 - 2016-07-13 15:31 - 00000000 ___RD C:\Users\Paulie\Searches
2016-12-10 10:36 - 2016-07-13 15:31 - 00000000 ___RD C:\Users\Paulie\Saved Games
2016-12-10 10:36 - 2016-07-13 15:31 - 00000000 ___RD C:\Users\Paulie\Pictures
2016-12-10 10:36 - 2016-07-13 15:31 - 00000000 ___RD C:\Users\Paulie\Music
2016-12-10 10:36 - 2016-07-13 15:31 - 00000000 ___RD C:\Users\Paulie\Links
2016-12-10 10:36 - 2016-07-13 15:31 - 00000000 ___RD C:\Users\Paulie\Favorites
2016-12-10 10:36 - 2016-07-13 15:31 - 00000000 ___RD C:\Users\Paulie\Contacts
2016-12-10 10:36 - 2016-07-13 15:31 - 00000000 ___RD C:\Users\Paulie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-10 10:36 - 2016-04-27 08:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-10 00:31 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-10 00:31 - 2016-07-16 12:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-10 00:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-10 00:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-10 00:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-10 00:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-10 00:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-10 00:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-10 00:31 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-10 00:31 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-10 00:31 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-10 00:31 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-10 00:31 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-10 00:31 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing

Some files in TEMP:
====================
C:\Users\Paulie\AppData\Local\Temp\cteinlngjgrzxwaltkjx.exe
C:\Users\Paulie\AppData\Local\Temp\h2o.exe
C:\Users\Paulie\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Paulie\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Paulie\AppData\Local\Temp\ICReinstall_LAME_0067524954.exe
C:\Users\Paulie\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Paulie\AppData\Local\Temp\trueemu.exe
C:\Users\Paulie\AppData\Local\Temp\VirtualDJ New Version.exe
C:\Users\Paulie\AppData\Local\Temp\zvoalfppsyvyuxylo.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-01 20:29

==================== End of FRST.txt ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Paulie (09-01-2017 21:29:05)
Running from C:\Users\Paulie\Desktop
Windows 10 Pro Version 1607 (X64) (2016-10-02 12:30:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3252837874-167571560-541395448-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3252837874-167571560-541395448-503 - Limited - Disabled)
Guest (S-1-5-21-3252837874-167571560-541395448-501 - Limited - Disabled)
Paulie (S-1-5-21-3252837874-167571560-541395448-1001 - Administrator - Enabled) => C:\Users\Paulie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aktualizace NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version: - Ubisoft)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version: - Codemasters Racing Studio)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
firstobject XML Editor version 2.4.2 (HKLM-x32\...\firstobject XML Editor_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Heroes & Generals (HKLM\...\Steam App 227940) (Version: - Reto-Moto)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 369.09 (Version: 369.09 - NVIDIA Corporation) Hidden
Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SyncroSoft Emu (Remove only) (HKLM-x32\...\SyncroSoft Emu) (Version: - )
Syncrosoft's License Control (HKLM-x32\...\Syncrosoft's License Control) (Version: - SIA Syncrosoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)
Tom Clancy's Splinter Cell (HKLM-x32\...\Uplay Install 109) (Version: - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft)
WildStar (HKLM\...\Steam App 376570) (Version: - Carbine Studios)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EE91615-87C9-4113-BAC4-21B32B74FB68} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {CE21DF40-AC2B-4311-BCED-6CB2C0A339AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-13] (Google Inc.)
Task: {E48D4BFF-19E5-421C-86B2-C6763219ECF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-13] (Google Inc.)
Task: {ECE31AA5-E0D0-4B37-9EE8-5BC5187166B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 19:00 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-02 13:25 - 2016-08-01 13:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-14 19:00 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-02 13:33 - 2016-10-02 13:33 - 01864384 _____ () C:\Users\Paulie\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-10-02 14:21 - 2016-10-02 14:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 19:00 - 2016-12-09 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 16:49 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 16:49 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 16:49 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 16:49 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 16:49 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-15 19:58 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 19:58 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-13 20:29 - 2016-12-08 16:13 - 00656160 _____ () D:\Paulie\Games\Steam\SDL2.dll
2016-10-15 13:12 - 2016-09-01 02:02 - 04969248 _____ () D:\Paulie\Games\Steam\v8.dll
2016-12-21 17:23 - 2016-12-20 03:25 - 02322720 _____ () D:\Paulie\Games\Steam\video.dll
2016-10-15 13:12 - 2016-01-27 08:49 - 02549760 _____ () D:\Paulie\Games\Steam\libavcodec-56.dll
2016-10-15 13:12 - 2016-01-27 08:49 - 00491008 _____ () D:\Paulie\Games\Steam\libavformat-56.dll
2016-10-15 13:12 - 2016-01-27 08:49 - 00332800 _____ () D:\Paulie\Games\Steam\libavresample-2.dll
2016-10-15 13:12 - 2016-01-27 08:49 - 00442880 _____ () D:\Paulie\Games\Steam\libavutil-54.dll
2016-10-15 13:12 - 2016-01-27 08:49 - 00485888 _____ () D:\Paulie\Games\Steam\libswscale-3.dll
2016-10-15 13:12 - 2016-09-01 02:02 - 01563936 _____ () D:\Paulie\Games\Steam\icui18n.dll
2016-10-15 13:12 - 2016-09-01 02:02 - 01195296 _____ () D:\Paulie\Games\Steam\icuuc.dll
2016-12-21 17:23 - 2016-12-20 03:25 - 00838944 _____ () D:\Paulie\Games\Steam\bin\chromehtml.DLL
2016-10-15 13:12 - 2016-07-04 23:17 - 00266560 _____ () D:\Paulie\Games\Steam\openvr_api.dll
2016-12-13 20:29 - 2016-12-05 17:21 - 67304736 _____ () D:\Paulie\Games\Steam\bin\cef\cef.win7\libcef.dll
2016-12-21 17:23 - 2016-12-20 03:25 - 00388384 _____ () D:\Paulie\Games\Steam\steam.dll
2016-10-15 13:12 - 2015-09-25 00:52 - 00119208 _____ () D:\Paulie\Games\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Paulie:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-07-10 12:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3252837874-167571560-541395448-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Paulie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-3252837874-167571560-541395448-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{90105AFA-C97D-4E7F-88A7-8C70800C34B4}] => D:\Paulie\Games\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{838095D8-455C-400B-B909-9CCE51725A88}] => D:\Paulie\Games\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [UDP Query User{04BDFEA1-F99E-4FBE-A436-1A389773E8F1}D:\paulie\games\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => D:\paulie\games\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{513D3C51-7CA5-47B0-A2BA-641CDB6E1C8E}D:\paulie\games\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => D:\paulie\games\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{AD7759E9-F875-40E5-A1D2-FD1E450D737B}] => D:\Paulie\Games\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{BE801501-3304-4F3A-BCA8-C1C90CBA9EAF}] => D:\Paulie\Games\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{BB290CCD-7DDC-43EE-AE0E-EBA12176E326}] => D:\Paulie\Programy\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{36F6EFB8-8712-477E-89F6-B42904F34302}] => D:\Paulie\Programy\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [UDP Query User{091AB063-FA3A-4715-8146-D44233F0FFA5}D:\paulie\games\diablo iii\diablo iii.exe] => D:\paulie\games\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{0C7F3F27-B0FC-4E16-9395-12BD9C551C1B}D:\paulie\games\diablo iii\diablo iii.exe] => D:\paulie\games\diablo iii\diablo iii.exe
FirewallRules: [{89839963-9ACA-45A9-861A-7F8EBE23C810}] => D:\Paulie\Games\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{9FC1241E-6BFD-487E-8DB2-C8EBE0504997}] => D:\Paulie\Games\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{C189B885-5BA0-468A-927C-F01B001CB917}] => D:\Paulie\Games\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{8BBA1B44-3FE3-4678-AB12-9B90E6B3F26C}] => D:\Paulie\Games\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [UDP Query User{CCCDE3AB-3C6E-406F-9529-51B0C24EACF0}D:\paulie\programy\utorrent\utorrent.exe] => D:\paulie\programy\utorrent\utorrent.exe
FirewallRules: [TCP Query User{9C10A116-F76D-425E-A1FE-E2B585A10748}D:\paulie\programy\utorrent\utorrent.exe] => D:\paulie\programy\utorrent\utorrent.exe
FirewallRules: [{5A65A0DD-ECE1-41DD-89CE-264BDDD0B256}] => D:\Paulie\Games\Steam\steamapps\common\WildStar\Steam_WildStar.exe
FirewallRules: [{7278F737-FA53-4319-B6A4-99983B7E167E}] => D:\Paulie\Games\Steam\steamapps\common\WildStar\Steam_WildStar.exe
FirewallRules: [UDP Query User{FE87EEB8-143D-444D-A030-62C97755A43D}D:\paulie\games\steam\steamapps\common\riders of icarus\bin64\launcher.exe] => D:\paulie\games\steam\steamapps\common\riders of icarus\bin64\launcher.exe
FirewallRules: [TCP Query User{5191D0DD-94AA-48A2-88AD-340BE58299D6}D:\paulie\games\steam\steamapps\common\riders of icarus\bin64\launcher.exe] => D:\paulie\games\steam\steamapps\common\riders of icarus\bin64\launcher.exe
FirewallRules: [{8241A0AD-05A1-4A85-A31D-06E9C7D7D747}] => D:\Paulie\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{95F228F8-01B7-41CA-B96B-4B1059CAAFA7}] => D:\Paulie\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FFE3AAB8-9A98-419B-A7E3-0CC3CA2087C8}] => D:\Paulie\Games\Steam\Steam.exe
FirewallRules: [{4A2435F1-8CC1-4CB1-A620-104D3591E2DC}] => D:\Paulie\Games\Steam\Steam.exe
FirewallRules: [{587F07FF-FA62-42E5-B205-CCEB332E8826}] => D:\Paulie\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{787EA0C2-B169-445D-829E-E8A22B1ED828}] => D:\Paulie\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{28439889-7486-4370-A3E7-E174D69BE07D}] => D:\Paulie\Games\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FAC35B9A-9F58-470D-9546-677C42C72D32}] => D:\Paulie\Games\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{64301429-17B4-4312-927D-096C9442AD9A}] => D:\Paulie\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{FAF46F38-0B99-4D25-B941-E982BFC12A6B}] => D:\Paulie\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{B5AB55D1-EF92-46E4-BCA5-35C8B2C33699}] => D:\Paulie\Games\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{BC8A13AA-AA5C-4E0B-8957-B3E76C3095BA}] => D:\Paulie\Games\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{DB63A12A-DE02-4E5F-8B2E-50725D8F01D1}] => D:\Paulie\Games\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{D66E913A-499C-41A0-9224-C2B870D79038}] => D:\Paulie\Games\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{9664CE63-D925-43BA-9272-0D92DD335B76}D:\paulie\games\wowko\wow_cata\wow cata\launcher.patch.exe] => D:\paulie\games\wowko\wow_cata\wow cata\launcher.patch.exe
FirewallRules: [UDP Query User{FE2995E0-5236-41A1-9CF0-52CAAD898DF0}D:\paulie\games\wowko\wow_cata\wow cata\launcher.patch.exe] => D:\paulie\games\wowko\wow_cata\wow cata\launcher.patch.exe
FirewallRules: [TCP Query User{CE12D84D-17DB-4449-8926-EFB87D2F5BE3}D:\paulie\games\wowko\wow_cata\wow cata\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => D:\paulie\games\wowko\wow_cata\wow cata\temp\wow-4.2.1.2756-enus-tools-downloader.exe
FirewallRules: [UDP Query User{25C42615-2996-49CE-96AE-F5C0583694BE}D:\paulie\games\wowko\wow_cata\wow cata\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => D:\paulie\games\wowko\wow_cata\wow cata\temp\wow-4.2.1.2756-enus-tools-downloader.exe
FirewallRules: [{A0C65774-D199-4958-8CAC-93432F37427E}] => D:\Paulie\Programy\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{65EBFB83-221E-4836-A4EC-F10075E3A3ED}] => D:\Paulie\Programy\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{9B277F56-0BDE-4689-8DC0-975F6555BBBA}] => D:\Paulie\Programy\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{9CE83A04-A6B7-4344-8DA4-43D78C05A732}] => D:\Paulie\Programy\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{9C802322-2C26-4BA2-AAB6-C62124790B7C}] => D:\Paulie\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{32ACE717-702E-46D7-8DAB-5904E0C44C06}] => D:\Paulie\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{64E62497-DEAD-4BB9-8BB3-3C5546B33B85}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C22DDC88-9D46-4983-8E47-820AE5A0DF0A}] => D:\Paulie\Programy\Ubisoft Game Launcher\games\Tom Clancy's Splinter Cell\system\SplinterCell.exe
FirewallRules: [{44236493-C012-4CD9-83B4-4C81F960A0AC}] => D:\Paulie\Programy\Ubisoft Game Launcher\games\Tom Clancy's Splinter Cell\system\SplinterCell.exe
FirewallRules: [{17643DFF-3357-4016-9715-452202B763CE}] => D:\Paulie\Games\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2EE143D0-88CA-459E-874B-4F58B1646640}] => D:\Paulie\Games\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2017 09:10:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/09/2017 09:10:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/09/2017 09:09:44 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) Systém nemůže nalézt uvedený soubor.

Error: (01/09/2017 09:07:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 55.0.2883.87 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 93c

Čas spuštění: 01d26ab2cbc275ce

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

ID hlášení: 2ec40df2-d6a7-11e6-9bd6-9c5c8e785f25

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (01/09/2017 07:26:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program trueemu.exe verze 4.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: c14

Čas spuštění: 01d26aa5d986ee97

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\Paulie\AppData\Local\Temp\trueemu.exe

ID hlášení: 2b292387-d699-11e6-9bd6-9c5c8e785f25

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (01/09/2017 07:26:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program setup.exe verze 0.2.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: ad8

Čas spuštění: 01d26aa5c5b93d6f

Čas ukončení: 4294967295

Cesta k aplikaci: D:\Paulie\Programy\Nuendo.v3.2.0.1128\Nuendo.v3.2.0.1128 latest\setup.exe

ID hlášení: 29369261-d699-11e6-9bd6-9c5c8e785f25

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (01/09/2017 05:01:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/09/2017 05:01:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/09/2017 05:01:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=4

Error: (01/08/2017 10:45:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAULIE-PC)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.


System errors:
=============
Error: (01/09/2017 09:09:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/09/2017 07:27:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Hi-Rez Studios Authenticate and Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/09/2017 07:13:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Úložiště uživatelských dat_16afea7, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (01/09/2017 07:13:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/09/2017 07:13:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba CDPUserSvc_16afea7 byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 3000 milisekund: Restartovat službu.

Error: (01/09/2017 07:13:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/09/2017 07:13:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_16afea7 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (01/09/2017 07:13:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_16afea7 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (01/09/2017 07:13:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_16afea7 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (01/09/2017 07:13:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_16afea7 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.


==================== Memory info ===========================

Processor: AMD FX(tm)-8300 Eight-Core Processor
Percentage of memory in use: 29%
Total physical RAM: 8174.11 MB
Available physical RAM: 5773.03 MB
Total Virtual: 9454.11 MB
Available Virtual: 6867 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.3 GB) (Free:92 GB) NTFS
Drive d: () (Fixed) (Total:585.94 GB) (Free:404.75 GB) NTFS
Drive f: () (Fixed) (Total:345.57 GB) (Free:331.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 85007B26)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B1E18BDA)
Partition 1: (Not Active) - (Size=585.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Rudy]

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[BL4zer]

# AdwCleaner v6.042 - Log vytvořen 09/01/2017 v 22:07:01
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-09.3 [Místní]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Paulie - PAULIE-PC
# Spuštěno z : C:\Users\Paulie\Desktop\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****

[-] Soubor smazán: C:\WINDOWS\Reimage.ini
[-] Soubor smazán: C:\Users\Paulie\AppData\Local\Temp\reimage.log
[-] Soubor smazán: C:\Users\Paulie\AppData\Local\Temp\ReimagePackage.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: LaunchPreSignup


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Klíč smazán: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Klíč smazán: HKU\S-1-5-21-3252837874-167571560-541395448-1001\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-3252837874-167571560-541395448-1001\Software\PRODUCTSETUP
[-] Klíč smazán: HKU\S-1-5-21-3252837874-167571560-541395448-1001\Software\Reimage
[-] Klíč smazán: HKU\S-1-5-21-3252837874-167571560-541395448-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Klíč smazán: HKU\S-1-5-21-3252837874-167571560-541395448-1001\Software\csastats
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: HKCU\Software\Reimage
[#] Klíč smazán po restartu: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Klíč smazán po restartu: HKCU\Software\csastats
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: [x64] HKCU\Software\Reimage
[#] Klíč smazán po restartu: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Klíč smazán po restartu: [x64] HKCU\Software\csastats
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Reimage
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL


***** [ Prohlížeče ] *****

[-] [C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: wim.en.softonic.com
[-] [C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Smazáno: hxxp://search.gboxapp.com/
[-] [C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Smazáno: hxxp://mystart.incredibar.com/?a=6R8Sh2oEpi&i=26&loc=skw


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3564 Bajty] - [09/01/2017 22:07:01]
C:\AdwCleaner\AdwCleaner[S0].txt - [3615 Bajty] - [09/01/2017 22:05:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [3816 Bajty] - [09/01/2017 22:06:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3783 Bajty] ##########

[Rudy]

Dejte nový log RSIT.

[BL4zer]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Paulie at 2017-01-09 22:12:56
Microsoft Windows 10 Pro
System drive C: has 94 GB (83%) free of 114 GB
Total RAM: 8174 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:12:59, on 09.01.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
D:\Paulie\Games\Steam\Steam.exe
C:\Users\Paulie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
D:\Paulie\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
D:\Paulie\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\trend micro\Paulie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Paulie\Programy\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [H2O] C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [Steam] "D:\Paulie\Games\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: svchost.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6926 bytes

======Listing Processes======








winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
dashost.exe {d953083c-6436-452e-9e2df9527a32c6f4}
"D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel


sihost.exe

C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"D:\Paulie\Games\Steam\Steam.exe" -silent
C:\WINDOWS\system32\AUDIODG.EXE 0x1d8
"C:\Users\Paulie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
D:\Paulie\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe "-cachedir=C:\Users\Paulie\AppData\Local\Steam\htmlcache" "-steampid=5516" "-buildid=1482202200" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --disable-spell-checking --disable-out-of-process-pac --disable-smooth-scrolling --enable-direct-write
D:\Paulie\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe --type=crashpad-handler /prefetch:7 "--database=C:\Users\Paulie\AppData\Local\Chromium\User Data\Crashpad" "--metrics-dir=C:\Users\Paulie\AppData\Local\Chromium\User Data" --annotation=channel= --annotation=plat=Win32 --annotation=prod= --annotation=ver=01.00.00.01-devel --handshake-handle=0x2c0
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Paulie\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=55.0.2883.87 --handshake-handle=0x1a8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3460 --on-initialized-event-handle=436 --parent-handle=428 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled6_Zero_RTT/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/InstanceID/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=6,17,18,21,37,65 --gpu-vendor-id=0x10de --gpu-device-id=0x1402 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.6909 --gpu-driver-date=8-1-2016 --service-request-channel-token=8F451C1712BD793A0103D7F0F019A333 --mojo-platform-channel-handle=1280 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled6_Zero_RTT/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/*InstanceID/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=39ACD8FB6DBBFC0005E1C357ED635973 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=39ACD8FB6DBBFC0005E1C357ED635973 --mojo-platform-channel-handle=2348 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled6_Zero_RTT/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=583644CFEF7F7FA212C11FB20DB4757B --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=583644CFEF7F7FA212C11FB20DB4757B --mojo-platform-channel-handle=3116 /prefetch:1
"C:\Program Files\Windows Defender\\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 8122FB66-F307-56BA-4DF8-F2FE59D6C5D8 -Reinvoke
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled6_Zero_RTT/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_65/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=ABECBEEFA6BD496B73E83A053135799E --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=ABECBEEFA6BD496B73E83A053135799E --mojo-platform-channel-handle=5788 /prefetch:1

wmiadap.exe /F /T /R
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 660 664 672 8192 668
"C:\Users\Paulie\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-07-13 1804416]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-10-02 631808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Paulie\Games\Steam\steam.exe [2016-12-20 2876704]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-11-15 9105112]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"=D:\Paulie\Programy\PowerISO\PWRISOVM.EXE [2016-06-07 454792]
"H2O"=C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe [2005-05-11 200069]

C:\Users\Paulie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
svchost.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-09 22:12:56 ----D---- C:\rsit
2017-01-09 22:12:56 ----D---- C:\Program Files\trend micro
2017-01-09 22:04:51 ----D---- C:\AdwCleaner
2017-01-09 21:15:36 ----D---- C:\FRST
2017-01-09 19:26:01 ----A---- C:\WINDOWS\SYSWOW64\drivers\synUSB64.sys
2017-01-09 19:26:00 ----A---- C:\WINDOWS\SYSWOW64\Synsopos.exe
2017-01-09 19:25:57 ----A---- C:\WINDOWS\SYSWOW64\SynsoLChk.dll
2017-01-09 19:25:57 ----A---- C:\WINDOWS\SYSWOW64\SYNSOACC.dll
2017-01-09 19:25:56 ----D---- C:\Program Files (x86)\Syncrosoft
2017-01-09 19:13:48 ----SHD---- C:\AppCache
2017-01-09 18:59:43 ----AD---- C:\Program Files (x86)\Lame For Audacity
2017-01-09 18:59:33 ----D---- C:\Users\Paulie\AppData\Roaming\WinRAR
2017-01-09 17:13:32 ----D---- C:\Users\Paulie\AppData\Roaming\Audacity
2016-12-17 21:23:57 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_39.dll
2016-12-17 21:23:57 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_39.dll
2016-12-17 21:23:57 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2016-12-17 21:23:57 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2016-12-17 21:23:56 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_39.dll
2016-12-17 21:23:56 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2016-12-14 19:00:55 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2016-12-14 19:00:55 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\system32\ole32.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\system32\msi.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\system32\msdtctm.dll
2016-12-14 19:00:53 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2016-12-14 19:00:53 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2016-12-14 19:00:53 ----A---- C:\WINDOWS\system32\hvix64.exe
2016-12-14 19:00:53 ----A---- C:\WINDOWS\system32\hvax64.exe
2016-12-14 19:00:53 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 19:00:52 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 19:00:52 ----A---- C:\WINDOWS\SYSWOW64\TextInputFramework.dll
2016-12-14 19:00:52 ----A---- C:\WINDOWS\SYSWOW64\InputLocaleManager.dll
2016-12-14 19:00:52 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 19:00:52 ----A---- C:\WINDOWS\system32\hvloader.exe
2016-12-14 19:00:51 ----A---- C:\WINDOWS\SYSWOW64\WordBreakers.dll
2016-12-14 19:00:51 ----A---- C:\WINDOWS\SYSWOW64\EditBufferTestHook.dll
2016-12-14 19:00:51 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 19:00:51 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 19:00:51 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 19:00:51 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 19:00:51 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 19:00:50 ----A---- C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 19:00:50 ----A---- C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 19:00:50 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 19:00:50 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 19:00:49 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 19:00:49 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 19:00:48 ----A---- C:\WINDOWS\system32\aadtb.dll
2016-12-14 19:00:48 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 19:00:47 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2016-12-14 19:00:46 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2016-12-14 19:00:46 ----A---- C:\WINDOWS\system32\InputService.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2016-12-14 19:00:45 ----A---- C:\WINDOWS\SYSWOW64\sspicli.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\system32\ShareHost.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 19:00:44 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2016-12-14 19:00:44 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-12-14 19:00:44 ----A---- C:\WINDOWS\system32\win32k.sys
2016-12-14 19:00:44 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 19:00:43 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-12-14 19:00:43 ----A---- C:\WINDOWS\system32\user32.dll
2016-12-14 19:00:43 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-12-14 19:00:42 ----A---- C:\WINDOWS\system32\cdp.dll
2016-12-14 19:00:40 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2016-12-14 19:00:40 ----A---- C:\WINDOWS\system32\securekernel.exe
2016-12-14 19:00:40 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 19:00:39 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2016-12-14 19:00:39 ----A---- C:\WINDOWS\system32\gdi32full.dll
2016-12-14 19:00:39 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 19:00:38 ----A---- C:\WINDOWS\system32\winresume.exe
2016-12-14 19:00:38 ----A---- C:\WINDOWS\system32\winload.exe
2016-12-14 19:00:38 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 19:00:37 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\SYSWOW64\LicenseManager.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\system32\WinTypes.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\system32\combase.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\SYSWOW64\wincorlib.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\system32\wincorlib.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 19:00:35 ----A---- C:\WINDOWS\system32\appraiser.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\system32\acmigration.dll
2016-12-14 19:00:34 ----A---- C:\WINDOWS\SYSWOW64\mdmregistration.dll
2016-12-14 19:00:34 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2016-12-14 19:00:34 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2016-12-14 19:00:34 ----A---- C:\WINDOWS\SYSWOW64\bcrypt.dll
2016-12-14 19:00:34 ----A---- C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 19:00:34 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2016-12-14 19:00:34 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2016-12-14 19:00:34 ----A---- C:\WINDOWS\system32\bcrypt.dll
2016-12-14 19:00:33 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-12-14 19:00:33 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-12-14 19:00:33 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-12-14 19:00:33 ----A---- C:\WINDOWS\system32\fveapibase.dll
2016-12-14 19:00:32 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-12-14 19:00:32 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 19:00:32 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-12-14 19:00:32 ----A---- C:\WINDOWS\system32\fveapi.dll
2016-12-14 19:00:32 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2016-12-14 19:00:31 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-12-14 19:00:30 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 19:00:30 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2016-12-14 19:00:30 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2016-12-14 19:00:30 ----A---- C:\WINDOWS\system32\cdd.dll
2016-12-14 19:00:29 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2016-12-14 19:00:29 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-12-14 19:00:28 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-12-14 19:00:27 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2016-12-14 19:00:27 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-12-14 19:00:27 ----A---- C:\WINDOWS\SYSWOW64\indexeddbserver.dll
2016-12-14 19:00:25 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 19:00:25 ----A---- C:\WINDOWS\system32\sspicli.dll
2016-12-14 19:00:25 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 19:00:25 ----A---- C:\WINDOWS\system32\CryptoWinRT.dll

======List of files/folders modified in the last 1 month======

2017-01-09 22:12:56 ----RD---- C:\Program Files
2017-01-09 22:12:50 ----D---- C:\WINDOWS\Temp
2017-01-09 22:12:08 ----D---- C:\WINDOWS\Prefetch
2017-01-09 22:08:49 ----D---- C:\WINDOWS\system32\catroot2
2017-01-09 22:07:58 ----D---- C:\ProgramData\NVIDIA
2017-01-09 22:07:34 ----D---- C:\WINDOWS\system32\sru
2017-01-09 22:06:56 ----D---- C:\WINDOWS\system32\Tasks
2017-01-09 22:06:54 ----D---- C:\Windows
2017-01-09 22:00:07 ----RD---- C:\WINDOWS\Microsoft.NET
2017-01-09 21:59:52 ----D---- C:\WINDOWS\system32\SleepStudy
2017-01-09 21:16:12 ----D---- C:\WINDOWS\System32
2017-01-09 21:16:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-09 21:08:25 ----HD---- C:\ProgramData
2017-01-09 20:02:39 ----SHDC---- C:\WINDOWS\Installer
2017-01-09 20:02:39 ----SD---- C:\Users\Paulie\AppData\Roaming\Microsoft
2017-01-09 19:26:05 ----D---- C:\WINDOWS\SysWOW64
2017-01-09 19:26:01 ----D---- C:\WINDOWS\SYSWOW64\drivers
2017-01-09 19:26:01 ----D---- C:\WINDOWS\INF
2017-01-09 19:25:56 ----RD---- C:\Program Files (x86)
2017-01-08 14:07:23 ----D---- C:\WINDOWS\AppReadiness
2017-01-06 18:31:14 ----HD---- C:\Program Files\WindowsApps
2017-01-04 18:45:53 ----D---- C:\WINDOWS\LiveKernelReports
2016-12-27 17:56:33 ----D---- C:\WINDOWS\system32\config
2016-12-18 13:21:14 ----D---- C:\Program Files (x86)\Battle.net
2016-12-17 21:23:42 ----RSD---- C:\WINDOWS\assembly
2016-12-17 15:40:10 ----D---- C:\WINDOWS\Tasks
2016-12-15 16:59:07 ----D---- C:\WINDOWS\rescache
2016-12-15 16:45:25 ----D---- C:\WINDOWS\WinSxS
2016-12-14 20:06:39 ----D---- C:\WINDOWS\SYSWOW64\en-US
2016-12-14 20:06:39 ----D---- C:\WINDOWS\system32\en-US
2016-12-14 20:06:39 ----D---- C:\WINDOWS\system32\drivers
2016-12-14 20:06:39 ----D---- C:\WINDOWS\system32\Boot
2016-12-14 20:06:39 ----D---- C:\WINDOWS\ShellExperiences
2016-12-14 20:06:39 ----D---- C:\WINDOWS\AppPatch
2016-12-14 20:06:38 ----D---- C:\WINDOWS\system32\DriverStore
2016-12-14 19:47:16 ----D---- C:\WINDOWS\CbsTemp
2016-12-14 19:44:04 ----D---- C:\WINDOWS\system32\MRT
2016-12-14 19:43:02 ----AC---- C:\WINDOWS\system32\MRT.exe
2016-12-12 00:56:25 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2016-12-10 00:31:34 ----D---- C:\WINDOWS\SYSWOW64\oobe
2016-12-10 00:31:34 ----D---- C:\WINDOWS\SYSWOW64\Dism
2016-12-10 00:31:34 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2016-12-10 00:31:34 ----D---- C:\WINDOWS\system32\wbem
2016-12-10 00:31:34 ----D---- C:\WINDOWS\system32\Sysprep
2016-12-10 00:31:34 ----D---- C:\WINDOWS\system32\sr-Latn-CS
2016-12-10 00:31:34 ----D---- C:\WINDOWS\system32\oobe
2016-12-10 00:31:34 ----D---- C:\WINDOWS\system32\Dism
2016-12-10 00:31:33 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-12-10 00:31:33 ----D---- C:\WINDOWS\servicing
2016-12-10 00:31:33 ----D---- C:\WINDOWS\bcastdvr
2016-12-10 00:31:33 ----D---- C:\Program Files\Internet Explorer
2016-12-10 00:31:33 ----D---- C:\Program Files (x86)\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-07-16 88576]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-07-16 8192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2016-05-25 137280]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2016-07-16 48128]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2016-07-16 78336]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\WINDOWS\System32\drivers\L1C63x64.sys [2016-07-16 121344]
R3 MTsensor;@oem3.inf,%ASACPI.DisplayName%;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2016-07-13 17280]
R3 NVHDA;@oem8.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2016-08-26 240704]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_9ff5ab165faead52\nvlddmkm.sys [2016-08-26 13754936]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-07-16 105824]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-07-16 101216]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2016-07-16 58720]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2016-07-16 61792]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2016-07-16 32096]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2016-09-15 127328]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2016-07-16 157024]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2016-07-16 141152]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2016-07-16 9728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-07-16 38912]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-09-10 118272]
S3 dbx;dbx; C:\WINDOWS\system32\DRIVERS\dbx.sys []
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-07-16 20480]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-07-16 50016]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-10-02 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2016-07-16 81408]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-07-16 176384]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2016-07-16 526176]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-07-16 842584]
S3 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2016-07-16 179040]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2016-07-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2016-07-16 928608]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2016-07-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-07-16 50688]
S3 UdeCx;USB Device Emulation Support Library; C:\WINDOWS\system32\drivers\udecx.sys [2016-07-16 45568]
S3 Ufx01000;USB Function Class Extension; C:\WINDOWS\system32\drivers\ufx01000.sys [2016-07-16 263008]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-07-16 96608]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-07-16 137056]
S3 UrsCx01000;USB Role-Switch Support Library; C:\WINDOWS\system32\drivers\urscx01000.sys [2016-07-16 57696]
S3 UrsChipidea;@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urschipidea.sys [2016-07-16 28512]
S3 UrsSynopsys;@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-07-16 27488]
S3 usbser;@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver; C:\WINDOWS\System32\drivers\usbser.sys [2016-07-16 69120]
S4 UevAgentDriver;@%systemroot%\system32\drivers\UevAgentDriver.sys,-101; C:\WINDOWS\system32\drivers\UevAgentDriver.sys [2016-07-16 40288]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 CDPUserSvc_3390f;CDPUserSvc_3390f; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 DbxSvc;DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [2016-11-28 42096]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2016-11-15 9728]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2016-08-01 1365048]
R2 OneSyncSvc_3390f;Hostitel synchronizace_3390f; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-11-05 417400]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 PimIndexMaintenanceSvc_3390f;Data kontaktů_3390f; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-12-20 1467168]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 UnistoreSvc_3390f;Úložiště uživatelských dat_3390f; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-13 154440]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-07-16 93184]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-13 154440]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService_3390f;Služba zasílání zpráv_3390f; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-09-15 2889896]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-10-02 1312768]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2016-07-16 287744]
S3 UnistoreSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 UserDataSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-14001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2016-09-15 823136]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S4 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S4 UevAgentService;@%systemroot%\system32\AgentService.exe,-102; C:\WINDOWS\system32\AgentService.exe [2016-07-16 1227264]

-----------------EOF-----------------

[Rudy]

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Users\Paulie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe

:commands
[Purity]
[EmptyTemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

[BL4zer]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Paulie at 2017-01-10 18:46:18
Microsoft Windows 10 Pro
System drive C: has 95 GB (83%) free of 114 GB
Total RAM: 8174 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:46:19, on 10.01.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
D:\Paulie\Games\Steam\Steam.exe
D:\Paulie\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
D:\Paulie\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\trend micro\Paulie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Paulie\Programy\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [H2O] C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [Steam] "D:\Paulie\Games\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6808 bytes

======Listing Processes======








winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\DbxSvc.exe
"D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel

dashost.exe {1b9aceea-0718-4a22-990a8a7872edb040}

C:\WINDOWS\system32\wbem\wmiprvse.exe

sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"D:\Paulie\Games\Steam\Steam.exe" -silent
C:\WINDOWS\system32\AUDIODG.EXE 0x350
D:\Paulie\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe "-cachedir=C:\Users\Paulie\AppData\Local\Steam\htmlcache" "-steampid=2148" "-buildid=1482202200" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --disable-spell-checking --disable-out-of-process-pac --disable-smooth-scrolling --enable-direct-write
D:\Paulie\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe --type=crashpad-handler /prefetch:7 "--database=C:\Users\Paulie\AppData\Local\Chromium\User Data\Crashpad" "--metrics-dir=C:\Users\Paulie\AppData\Local\Chromium\User Data" --annotation=channel= --annotation=plat=Win32 --annotation=prod= --annotation=ver=01.00.00.01-devel --handshake-handle=0x2dc
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 464 652 660 8192 656
"C:\Program Files\Windows Defender\\MpCmdRun.exe" SpyNetServiceDss -RestrictPrivileges -AccessKey E678397C-3FC8-87ED-E839-D88AD4D12E78 -Reinvoke
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Paulie\Desktop\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-07-13 1804416]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-10-02 631808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Paulie\Games\Steam\steam.exe [2016-12-20 2876704]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-11-15 9105112]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"=D:\Paulie\Programy\PowerISO\PWRISOVM.EXE [2016-06-07 454792]
"H2O"=C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe [2005-05-11 200069]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-10 18:39:38 ----D---- C:\_OTM
2017-01-09 22:12:56 ----D---- C:\rsit
2017-01-09 22:12:56 ----D---- C:\Program Files\trend micro
2017-01-09 22:04:51 ----D---- C:\AdwCleaner
2017-01-09 21:15:36 ----D---- C:\FRST
2017-01-09 19:26:01 ----A---- C:\WINDOWS\SYSWOW64\drivers\synUSB64.sys
2017-01-09 19:26:00 ----A---- C:\WINDOWS\SYSWOW64\Synsopos.exe
2017-01-09 19:25:57 ----A---- C:\WINDOWS\SYSWOW64\SynsoLChk.dll
2017-01-09 19:25:57 ----A---- C:\WINDOWS\SYSWOW64\SYNSOACC.dll
2017-01-09 19:25:56 ----D---- C:\Program Files (x86)\Syncrosoft
2017-01-09 19:13:48 ----SHD---- C:\AppCache
2017-01-09 18:59:43 ----AD---- C:\Program Files (x86)\Lame For Audacity
2017-01-09 18:59:33 ----D---- C:\Users\Paulie\AppData\Roaming\WinRAR
2017-01-09 17:13:32 ----D---- C:\Users\Paulie\AppData\Roaming\Audacity
2016-12-17 21:23:57 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_39.dll
2016-12-17 21:23:57 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_39.dll
2016-12-17 21:23:57 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2016-12-17 21:23:57 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2016-12-17 21:23:56 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_39.dll
2016-12-17 21:23:56 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2016-12-14 19:00:55 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2016-12-14 19:00:55 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\system32\ole32.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\system32\msi.dll
2016-12-14 19:00:54 ----A---- C:\WINDOWS\system32\msdtctm.dll
2016-12-14 19:00:53 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2016-12-14 19:00:53 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2016-12-14 19:00:53 ----A---- C:\WINDOWS\system32\hvix64.exe
2016-12-14 19:00:53 ----A---- C:\WINDOWS\system32\hvax64.exe
2016-12-14 19:00:53 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 19:00:52 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 19:00:52 ----A---- C:\WINDOWS\SYSWOW64\TextInputFramework.dll
2016-12-14 19:00:52 ----A---- C:\WINDOWS\SYSWOW64\InputLocaleManager.dll
2016-12-14 19:00:52 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 19:00:52 ----A---- C:\WINDOWS\system32\hvloader.exe
2016-12-14 19:00:51 ----A---- C:\WINDOWS\SYSWOW64\WordBreakers.dll
2016-12-14 19:00:51 ----A---- C:\WINDOWS\SYSWOW64\EditBufferTestHook.dll
2016-12-14 19:00:51 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 19:00:51 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 19:00:51 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 19:00:51 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 19:00:51 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 19:00:50 ----A---- C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 19:00:50 ----A---- C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 19:00:50 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 19:00:50 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 19:00:49 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 19:00:49 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 19:00:48 ----A---- C:\WINDOWS\system32\aadtb.dll
2016-12-14 19:00:48 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 19:00:47 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2016-12-14 19:00:46 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2016-12-14 19:00:46 ----A---- C:\WINDOWS\system32\InputService.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2016-12-14 19:00:45 ----A---- C:\WINDOWS\SYSWOW64\sspicli.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\system32\ShareHost.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 19:00:45 ----A---- C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 19:00:44 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2016-12-14 19:00:44 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-12-14 19:00:44 ----A---- C:\WINDOWS\system32\win32k.sys
2016-12-14 19:00:44 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 19:00:43 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-12-14 19:00:43 ----A---- C:\WINDOWS\system32\user32.dll
2016-12-14 19:00:43 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-12-14 19:00:42 ----A---- C:\WINDOWS\system32\cdp.dll
2016-12-14 19:00:40 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2016-12-14 19:00:40 ----A---- C:\WINDOWS\system32\securekernel.exe
2016-12-14 19:00:40 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 19:00:39 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2016-12-14 19:00:39 ----A---- C:\WINDOWS\system32\gdi32full.dll
2016-12-14 19:00:39 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 19:00:38 ----A---- C:\WINDOWS\system32\winresume.exe
2016-12-14 19:00:38 ----A---- C:\WINDOWS\system32\winload.exe
2016-12-14 19:00:38 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 19:00:37 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\SYSWOW64\LicenseManager.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\system32\WinTypes.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-12-14 19:00:36 ----A---- C:\WINDOWS\system32\combase.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\SYSWOW64\wincorlib.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\system32\wincorlib.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 19:00:35 ----A---- C:\WINDOWS\system32\appraiser.dll
2016-12-14 19:00:35 ----A---- C:\WINDOWS\system32\acmigration.dll
2016-12-14 19:00:34 ----A---- C:\WINDOWS\SYSWOW64\mdmregistration.dll
2016-12-14 19:00:34 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2016-12-14 19:00:34 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2016-12-14 19:00:34 ----A---- C:\WINDOWS\SYSWOW64\bcrypt.dll
2016-12-14 19:00:34 ----A---- C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 19:00:34 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2016-12-14 19:00:34 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2016-12-14 19:00:34 ----A---- C:\WINDOWS\system32\bcrypt.dll
2016-12-14 19:00:33 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-12-14 19:00:33 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-12-14 19:00:33 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-12-14 19:00:33 ----A---- C:\WINDOWS\system32\fveapibase.dll
2016-12-14 19:00:32 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-12-14 19:00:32 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 19:00:32 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-12-14 19:00:32 ----A---- C:\WINDOWS\system32\fveapi.dll
2016-12-14 19:00:32 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2016-12-14 19:00:31 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-12-14 19:00:30 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 19:00:30 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2016-12-14 19:00:30 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2016-12-14 19:00:30 ----A---- C:\WINDOWS\system32\cdd.dll
2016-12-14 19:00:29 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2016-12-14 19:00:29 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-12-14 19:00:28 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-12-14 19:00:27 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2016-12-14 19:00:27 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-12-14 19:00:27 ----A---- C:\WINDOWS\SYSWOW64\indexeddbserver.dll
2016-12-14 19:00:25 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 19:00:25 ----A---- C:\WINDOWS\system32\sspicli.dll
2016-12-14 19:00:25 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 19:00:25 ----A---- C:\WINDOWS\system32\CryptoWinRT.dll

======List of files/folders modified in the last 1 month======

2017-01-10 18:46:15 ----D---- C:\WINDOWS\Temp
2017-01-10 18:45:04 ----D---- C:\WINDOWS\Prefetch
2017-01-10 18:44:22 ----D---- C:\ProgramData\NVIDIA
2017-01-10 18:43:58 ----D---- C:\WINDOWS\system32\sru
2017-01-10 18:41:10 ----D---- C:\WINDOWS\system32\catroot2
2017-01-10 18:36:52 ----D---- C:\WINDOWS\system32\SleepStudy
2017-01-10 18:10:47 ----RD---- C:\WINDOWS\Microsoft.NET
2017-01-10 17:30:01 ----HD---- C:\Program Files\WindowsApps
2017-01-10 17:30:01 ----D---- C:\WINDOWS\AppReadiness
2017-01-09 22:14:34 ----D---- C:\WINDOWS\System32
2017-01-09 22:14:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-09 22:12:56 ----RD---- C:\Program Files
2017-01-09 22:06:56 ----D---- C:\WINDOWS\system32\Tasks
2017-01-09 22:06:54 ----D---- C:\Windows
2017-01-09 21:08:25 ----HD---- C:\ProgramData
2017-01-09 20:02:39 ----SHDC---- C:\WINDOWS\Installer
2017-01-09 20:02:39 ----SD---- C:\Users\Paulie\AppData\Roaming\Microsoft
2017-01-09 19:26:05 ----D---- C:\WINDOWS\SysWOW64
2017-01-09 19:26:01 ----D---- C:\WINDOWS\SYSWOW64\drivers
2017-01-09 19:26:01 ----D---- C:\WINDOWS\INF
2017-01-09 19:25:56 ----RD---- C:\Program Files (x86)
2017-01-04 18:45:53 ----D---- C:\WINDOWS\LiveKernelReports
2016-12-27 17:56:33 ----D---- C:\WINDOWS\system32\config
2016-12-18 13:21:14 ----D---- C:\Program Files (x86)\Battle.net
2016-12-17 21:23:42 ----RSD---- C:\WINDOWS\assembly
2016-12-17 15:40:10 ----D---- C:\WINDOWS\Tasks
2016-12-15 16:59:07 ----D---- C:\WINDOWS\rescache
2016-12-15 16:45:25 ----D---- C:\WINDOWS\WinSxS
2016-12-14 20:06:39 ----D---- C:\WINDOWS\SYSWOW64\en-US
2016-12-14 20:06:39 ----D---- C:\WINDOWS\system32\en-US
2016-12-14 20:06:39 ----D---- C:\WINDOWS\system32\drivers
2016-12-14 20:06:39 ----D---- C:\WINDOWS\system32\Boot
2016-12-14 20:06:39 ----D---- C:\WINDOWS\ShellExperiences
2016-12-14 20:06:39 ----D---- C:\WINDOWS\AppPatch
2016-12-14 20:06:38 ----D---- C:\WINDOWS\system32\DriverStore
2016-12-14 19:47:16 ----D---- C:\WINDOWS\CbsTemp
2016-12-14 19:44:04 ----D---- C:\WINDOWS\system32\MRT
2016-12-14 19:43:02 ----AC---- C:\WINDOWS\system32\MRT.exe
2016-12-12 00:56:25 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-07-16 88576]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-07-16 8192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2016-05-25 137280]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2016-07-16 48128]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2016-07-16 78336]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\WINDOWS\System32\drivers\L1C63x64.sys [2016-07-16 121344]
R3 MTsensor;@oem3.inf,%ASACPI.DisplayName%;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2016-07-13 17280]
R3 NVHDA;@oem8.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2016-08-26 240704]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_9ff5ab165faead52\nvlddmkm.sys [2016-08-26 13754936]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-07-16 105824]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-07-16 101216]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2016-07-16 58720]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2016-07-16 61792]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2016-07-16 32096]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2016-09-15 127328]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2016-07-16 157024]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2016-07-16 141152]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2016-07-16 9728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-07-16 38912]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-09-10 118272]
S3 dbx;dbx; C:\WINDOWS\system32\DRIVERS\dbx.sys []
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-07-16 20480]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-07-16 50016]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-10-02 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2016-07-16 81408]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-07-16 176384]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2016-07-16 526176]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-07-16 842584]
S3 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2016-07-16 179040]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2016-07-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2016-07-16 928608]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2016-07-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-07-16 50688]
S3 UdeCx;USB Device Emulation Support Library; C:\WINDOWS\system32\drivers\udecx.sys [2016-07-16 45568]
S3 Ufx01000;USB Function Class Extension; C:\WINDOWS\system32\drivers\ufx01000.sys [2016-07-16 263008]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-07-16 96608]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-07-16 137056]
S3 UrsCx01000;USB Role-Switch Support Library; C:\WINDOWS\system32\drivers\urscx01000.sys [2016-07-16 57696]
S3 UrsChipidea;@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urschipidea.sys [2016-07-16 28512]
S3 UrsSynopsys;@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-07-16 27488]
S3 usbser;@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver; C:\WINDOWS\System32\drivers\usbser.sys [2016-07-16 69120]
S4 UevAgentDriver;@%systemroot%\system32\drivers\UevAgentDriver.sys,-101; C:\WINDOWS\system32\drivers\UevAgentDriver.sys [2016-07-16 40288]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CDPUserSvc_34078;CDPUserSvc_34078; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 DbxSvc;DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [2016-11-28 42096]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2016-11-15 9728]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2016-08-01 1365048]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-11-05 417400]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-12-20 1467168]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-13 154440]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 OneSyncSvc_34078;Hostitel synchronizace_34078; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-07-16 93184]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-13 154440]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService_34078;Služba zasílání zpráv_34078; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PimIndexMaintenanceSvc_34078;Data kontaktů_34078; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-09-15 2889896]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-10-02 1312768]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2016-07-16 287744]
S3 UnistoreSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 UnistoreSvc_34078;Úložiště uživatelských dat_34078; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 UserDataSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-14001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2016-09-15 823136]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S4 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S4 UevAgentService;@%systemroot%\system32\AgentService.exe,-102; C:\WINDOWS\system32\AgentService.exe [2016-07-16 1227264]

-----------------EOF-----------------

[Rudy]

Smazáno. Nastala nějaká změna?

[BL4zer]

při startu stále vyskakuje nějaká chyba cledx.exe a v správci uloh stale po spuštění nějaký com surrogate a jedno úplně prázdné políčko které bere občas až 90% procesoru :/

[Rudy]

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[BL4zer]

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 10.01.17
Čas skenování: 22:12
Logovací soubor: logmalware.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.972
Licence: Zkušební

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: PAULIE-PC\Paulie

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 378896
Uplynulý čas: 0 min, 51 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 2
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Žádná uživatelská akce, [1317], [327205],1.0.972
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Žádná uživatelská akce, [1317], [327206],1.0.972

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Rudy]

Všechny nálezy MBAM smažte.

[BL4zer]

Oba problémy do karantény a následně smazáno. Po restartu se objevila zase chyba Cledx.exe error