USB disk - soubory i složky jsou zástupci

Zpráva

Murdoc · #1 Příspěvek od **Murdoc** » 03 bře 2017 18:49

Dobrý den

poprosil bych pomoc s odstraněním havěti z USB klíčenek. Už jsem s tím kdysi měl tu čest - ze všech souborů a složek jsou najednou zástupci.

díky předem, přikládám log

Logfile of random's system information tool 1.15 (written by random/random)
Run by bizap at 2017-03-03 18:45:37
Microsoft Windows 10 Pro
System drive C: has 53 GB (53%) free of 99 GB
Total RAM: 4094 MB (28% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:45:49, on 03.03.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
C:\Users\bizap\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\bizap\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe
C:\Users\bizap\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Users\bizap\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Users\bizap\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Users\bizap\AppData\Roaming\Spotify\SpotifyCrashService.exe
C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe
C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Program Files\trend micro\bizap_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [OneDrive] "C:\Users\bizap\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\bizap\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Users\bizap\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9865 bytes

====== Enumerating Processes ======

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\system32\AUDIODG.EXE 0x53c
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\System32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\System32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\WINDOWS\SYSWOW64\WSCRIPT.EXE" "C:\Users\bizap\AppData\Roaming\MICROSOFT\Microsoft Office 2013 Activator.vbs"
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Users\bizap\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Users\bizap\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
"C:\Users\bizap\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Users\bizap\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe" uTorrent_9712_037F1D68_1648437776 µTorrent4823DF041B09 uTorrent
"C:\Users\bizap\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe" uTorrent_9712_037F28B0_1127139810 µTorrent4823DF041B09 uTorrent
"C:\Users\bizap\AppData\Roaming\Spotify\SpotifyCrashService.exe"
"C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --channel="5484.0.268130515\1723830329" --mojo-application-channel-token=1F29DC1BEBE26248D73F37A1609CCA0C --no-sandbox --disable-d3d11 --enable-crash-reporter --lang=en-US --log-file="C:\Users\bizap\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.49.125 --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,14,18,31,56,70 --gpu-vendor-id=0x10de --gpu-device-id=0x0e22 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.7653 --gpu-driver-date=12-29-2016 --enable-crash-reporter --lang=en-US --log-file="C:\Users\bizap\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.49.125 --mojo-platform-channel-handle=1592 /prefetch:2
"C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE" -Embedding
"C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --disable-pinch --no-sandbox --primordial-pipe-token=F0F27453973184F52E2755814A7FE2D5 --lang=en-US --enable-crash-reporter --lang=en-US --log-file="C:\Users\bizap\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.49.125 --disable-extensions --disable-spell-checking --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=F63141F0E3F1C77BC4EDBA5C3A3AB66A --mojo-application-channel-token=F0F27453973184F52E2755814A7FE2D5 --channel="5484.1.409239315\1980842903" --mojo-platform-channel-handle=2588 /prefetch:1
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe"
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe --type=crashpad-handler /prefetch:7 "--database=C:\Users\bizap\AppData\Local\Chromium\User Data\Crashpad" "--metrics-dir=C:\Users\bizap\AppData\Local\Chromium\User Data" --annotation=channel= --annotation=plat=Win32 --annotation=prod=Vivaldi --annotation=ver=1.7.735.46 --initial-client-data=0x1c0,0x1c4,0x1c8,0x1bc,0x1cc,0x730b6294,0x730b62a4,0x730b62b4
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=gpu-process --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,19,20,23,40,71 --gpu-vendor-id=0x10de --gpu-device-id=0x0e22 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.7653 --gpu-driver-date=12-29-2016 --service-request-channel-token=EE4FF8B06AA8BC3ECEC1C74758457A67 --mojo-platform-channel-handle=1284 --ignored=" --type=renderer " /prefetch:2
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=FEBDBBE3ED482C51D1CD9EEF9A80005A --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_23_0_0_205.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=FEBDBBE3ED482C51D1CD9EEF9A80005A --renderer-client-id=8 --running-vivaldi --mojo-platform-channel-handle=2244 /prefetch:1
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=A95EC9E657765FB5D4BC9AEFFC8C9952 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_23_0_0_205.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=A95EC9E657765FB5D4BC9AEFFC8C9952 --renderer-client-id=15 --running-vivaldi --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files\Windows Defender\MpCmdRun.exe
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=42BED64867C3B1748BB01EA9CA620F38 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_23_0_0_205.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=42BED64867C3B1748BB01EA9CA620F38 --renderer-client-id=17 --running-vivaldi --mojo-platform-channel-handle=5980 /prefetch:1
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=9CC53AF8A67B21BF4E6A70DE064535B4 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_23_0_0_205.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=9CC53AF8A67B21BF4E6A70DE064535B4 --renderer-client-id=9 --running-vivaldi --mojo-platform-channel-handle=8644 /prefetch:1
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=4B14C216552B2459CE1C86FC9EB99821 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_23_0_0_205.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=4B14C216552B2459CE1C86FC9EB99821 --renderer-client-id=22 --running-vivaldi --mojo-platform-channel-handle=8744 /prefetch:1
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=3F0B728887BD9612BAAE24C5E64531A0 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_23_0_0_205.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=3F0B728887BD9612BAAE24C5E64531A0 --renderer-client-id=25 --running-vivaldi --mojo-platform-channel-handle=8824 /prefetch:1
C:\WINDOWS\System32\taskhostw.exe
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=AA987A4B5EA134645AD9C2B825FC5E1C --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_23_0_0_205.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=AA987A4B5EA134645AD9C2B825FC5E1C --renderer-client-id=26 --running-vivaldi --mojo-platform-channel-handle=5036 /prefetch:1
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=382BF6AFCC72E50C92A4E6D134CE113C --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_23_0_0_205.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=382BF6AFCC72E50C92A4E6D134CE113C --renderer-client-id=27 --running-vivaldi --mojo-platform-channel-handle=3364 /prefetch:1
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-6143be82-1ff2-4cb4-a9a4-d26fac7f9049 -SystemEventPortName:HostProcess-02e7e62e-34a6-455c-b993-340eade42676 -IoCancelEventPortName:HostProcess-fd80104d-79a0-4e62-8324-4904322140b3 -NonStateChangingEventPortName:HostProcess-a2d322e7-ff45-4d1e-816b-afd798170938 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:73efaa40-6fc3-4204-a0cb-8d1b0eb8673a -DeviceGroupId:WpdFsGroup
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=49429E78E3B1A0233C12F109C23F552B --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_23_0_0_205.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=49429E78E3B1A0233C12F109C23F552B --renderer-client-id=29 --running-vivaldi --mojo-platform-channel-handle=7692 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe26_ Global\UsGthrCtrlFltPipeMssGthrPipe26 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 648 652 660 8192 656
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{133EAC4F-5891-4D04-BADA-D84870380A80}
"C:\Users\bizap\Downloads\RSITx64.exe"

====== Scheduled tasks folder ======

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe -check pepperplugin
C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe -check pepperplugin
C:\WINDOWS\system32\tasks\DropboxUpdateTaskMachineCore - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\system32\tasks\DropboxUpdateTaskMachineUA - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task - C:\Users\bizap\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\WindowsUpda2ta - C:\Users\bizap\AppData\Roaming\MICROSOFT\Microsoft Office 2013 Activator.vbs
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\UpgradeSubscription.exe -e
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\UpgradeSubscription.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload

=========Google Chrome=========

C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.8.8
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage:
default_search_provider.search_url:
C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

======Registry dump ======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13 229064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2016-11-15 2351920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13 163528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2016-11-15 1743664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-07-13 1795728]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-11-26 631808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\bizap\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-02-23 1518304]
"Spotify Web Helper"=C:\Users\bizap\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-02-20 1446000]
"Spotify"=C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe [2017-02-20 7067760]
"uTorrent"=C:\Users\bizap\AppData\Roaming\uTorrent\uTorrent.exe [2017-02-11 2400960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2017-02-21 26781320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=lvcod64.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2017-03-03 18:45:38 ----D---- C:\Program Files\trend micro
2017-03-03 18:45:37 ----D---- C:\rsit
2017-03-03 16:40:31 ----HD---- C:\OneDriveTemp
2017-02-21 19:49:04 ----A---- C:\WINDOWS\system32\drivers\dbx-dev.sys
2017-02-21 19:49:04 ----A---- C:\WINDOWS\system32\drivers\dbx-canary.sys
2017-02-15 09:22:05 ----SHD---- C:\Config.Msi
2017-02-13 08:40:47 ----SHD---- C:\found.000
2017-02-11 10:35:52 ----HD---- C:\$Windows.~WS
2017-02-11 10:27:55 ----D---- C:\Users\bizap\AppData\Roaming\Ashampoo
2017-02-11 10:27:48 ----AD---- C:\ProgramData\Ashampoo
2017-02-11 10:27:40 ----D---- C:\Program Files (x86)\Ashampoo
2017-02-11 09:56:59 ----D---- C:\Users\bizap\AppData\Roaming\uTorrent
2017-02-11 09:33:39 ----D---- C:\ESD
2017-02-11 09:12:53 ----D---- C:\$WINDOWS.~BT
2017-02-10 09:16:44 ----A---- C:\WINDOWS\SYSWOW64\nvStreaming.exe
2017-02-10 09:16:42 ----A---- C:\WINDOWS\SYSWOW64\vulkaninfo.exe
2017-02-10 09:16:42 ----A---- C:\WINDOWS\SYSWOW64\vulkan-1.dll
2017-02-10 09:16:42 ----A---- C:\WINDOWS\system32\vulkaninfo.exe
2017-02-10 09:16:42 ----A---- C:\WINDOWS\system32\vulkan-1.dll
2017-02-10 09:16:41 ----D---- C:\Program Files (x86)\VulkanRT
2017-02-10 09:16:12 ----A---- C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 09:16:08 ----A---- C:\WINDOWS\system32\OpenCL.dll
2017-02-09 09:33:38 ----A---- C:\WINDOWS\system32\drivers\dbx-stable.sys
2017-02-09 09:33:38 ----A---- C:\WINDOWS\system32\DbxSvc.exe

====== List of files/folders modified in the last 1 month ======

2017-03-03 18:45:38 ----RD---- C:\Program Files
2017-03-03 18:45:35 ----D---- C:\Users\bizap\AppData\Roaming\Spotify
2017-03-03 18:45:33 ----D---- C:\WINDOWS\Prefetch
2017-03-03 18:42:00 ----D---- C:\WINDOWS\system32\sru
2017-03-03 18:36:58 ----D---- C:\WINDOWS\Temp
2017-03-03 18:36:08 ----D---- C:\WINDOWS\system32\SleepStudy
2017-03-03 16:56:20 ----D---- C:\WINDOWS\system32\config
2017-03-03 16:51:19 ----RD---- C:\WINDOWS\Microsoft.NET
2017-03-03 08:16:26 ----HD---- C:\Program Files\WindowsApps
2017-03-03 08:16:26 ----D---- C:\WINDOWS\AppReadiness
2017-02-28 08:11:38 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2017-02-28 08:07:44 ----D---- C:\Program Files (x86)\Dropbox
2017-02-28 08:07:26 ----D---- C:\WINDOWS\system32\drivers
2017-02-28 08:07:26 ----D---- C:\WINDOWS\System32
2017-02-25 08:40:35 ----D---- C:\WINDOWS\WinSxS
2017-02-25 08:39:28 ----D---- C:\WINDOWS\system32\catroot2
2017-02-24 12:30:46 ----D---- C:\Windows
2017-02-24 12:30:37 ----D---- C:\ProgramData\NVIDIA
2017-02-23 14:44:33 ----D---- C:\WINDOWS\SysWOW64
2017-02-23 14:27:28 ----D---- C:\WINDOWS\CbsTemp
2017-02-23 14:26:54 ----D---- C:\WINDOWS\system32\MRT
2017-02-23 14:21:45 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-02-23 13:51:30 ----D---- C:\WINDOWS\system32\Tasks
2017-02-17 20:44:28 ----HD---- C:\ProgramData
2017-02-17 20:36:17 ----SHD---- C:\System Volume Information
2017-02-15 09:23:31 ----SHDC---- C:\WINDOWS\Installer
2017-02-15 09:23:11 ----D---- C:\ProgramData\Microsoft Help
2017-02-15 09:22:56 ----RD---- C:\WINDOWS\assembly
2017-02-11 21:22:37 ----D---- C:\Users\bizap\AppData\Roaming\vlc
2017-02-11 19:41:32 ----D---- C:\WINDOWS\LiveKernelReports
2017-02-11 19:41:31 ----D---- C:\WINDOWS\INF
2017-02-11 12:25:45 ----DC---- C:\WINDOWS\Panther
2017-02-11 10:27:40 ----RD---- C:\Program Files (x86)
2017-02-11 09:56:37 ----SD---- C:\Users\bizap\AppData\Roaming\Microsoft
2017-02-11 09:12:49 ----D---- C:\WINDOWS\Logs
2017-02-10 09:17:18 ----D---- C:\ProgramData\NVIDIA Corporation
2017-02-10 09:16:12 ----D---- C:\Program Files\NVIDIA Corporation
2017-02-10 09:16:12 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2017-02-10 09:15:06 ----D---- C:\WINDOWS\system32\DriverStore
2017-02-10 09:15:05 ----D---- C:\WINDOWS\system32\CatRoot
2017-02-06 20:48:07 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-26 48992]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R3 lvpepf64;@oem11.inf,%pepifilter.SrvDesc%;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 lvrs64;@oem11.inf,%lvrs.SrvDesc%;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBS64.sys [2008-07-26 50072]
R3 NVHDA;@oem18.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2017-01-04 221640]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [2017-01-04 14199224]
R3 PID_PEPI;@oem5.inf,%PID_08A0_DD%(PID_PEPI);Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V64.SYS [2008-07-26 2624408]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-16 589824]
R3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;Ovladač zvuků USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2016-07-16 132096]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-26 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2016-11-26 127328]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2016-07-16 157024]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2016-07-16 141152]
S3 dbx;dbx; C:\WINDOWS\system32\DRIVERS\dbx.sys []
S3 dg_ssudbus;@oem4.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2016-08-06 25640]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2016-08-06 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2016-08-06 30528]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-11-26 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2016-07-16 179040]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 ssudmdm;@oem7.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-09-05 165504]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\WINDOWS\system32\drivers\tsusbhub.sys [2016-07-16 123392]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]
S4 UevAgentDriver;@%systemroot%\system32\drivers\UevAgentDriver.sys,-101; C:\WINDOWS\system32\drivers\UevAgentDriver.sys [2016-07-16 40288]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 CDPUserSvc_28834f4;CDPUserSvc_28834f4; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 DbxSvc;DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [2017-02-09 46408]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-12-29 458176]
R2 OneSyncSvc_28834f4;Hostitel synchronizace_28834f4; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R3 PimIndexMaintenanceSvc_28834f4;Data kontaktů_28834f4; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\TimeBrokerServer.dll
R3 UnistoreSvc_28834f4;Úložiště uživatelských dat_28834f4; C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-19 143144]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-19 143144]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 MessagingService_28834f4;Služba zasílání zpráv_28834f4; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 178760]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-11-26 2889896]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2016-12-14 822624]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll
S4 UevAgentService;@%systemroot%\system32\AgentService.exe,-102; C:\WINDOWS\system32\AgentService.exe [2016-07-16 1227264]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 03 bře 2017 19:36

Zdravím!
USB připojte a pusťte na něj USBFix: http://www.stahuj.centrum.cz/utility_a_ ... ve/usbfix/ . Po skenu smažte vše, co najde. Pak na PC spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Murdoc · #3 Příspěvek od **Murdoc** » 03 bře 2017 21:34

USB Fix - promazáno

AdwCleaner log

# AdwCleaner v6.044 - Log vytvořen 03/03/2017 v 21:25:25
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-02.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : bizap - DESKTOP-4AOMQ6O
# Spuštěno z : C:\Users\bizap\Downloads\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your Software Deals_is1

***** [ Prohlížeče ] *****

[-] [C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: zsmutenice.cz

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1021 Bajty] - [03/03/2017 21:25:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [1462 Bajty] - [03/03/2017 21:24:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1167 Bajty] ##########

#4 Příspěvek od **Rudy** » 03 bře 2017 22:02

Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Murdoc · #5 Příspěvek od **Murdoc** » 03 bře 2017 22:42

Logfile of random's system information tool 1.15 (written by random/random)
Run by bizap at 2017-03-03 22:38:52
Microsoft Windows 10 Pro
System drive C: has 53 GB (53%) free of 99 GB
Total RAM: 4094 MB (51% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:38:55, on 03.03.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\bizap\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\bizap\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe
C:\Users\bizap\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Users\bizap\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Users\bizap\AppData\Roaming\Spotify\SpotifyCrashService.exe
C:\Users\bizap\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe
C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
E:\PROGRAMY\ArchiCAD-20-Build-4012-CZE+Add-ons+Crack\ArchiCAD 20 Build 4012 CZE+Add-ons+Crack\1.ArchiCAD 20 CZE\Setup.exe
E:\PROGRAMY\ArchiCAD-20-Build-4012-CZE+Add-ons+Crack\ArchiCAD 20 Build 4012 CZE+Add-ons+Crack\1.ArchiCAD 20 CZE\ARCHICAD 20\Setup.exe
E:\PROGRAMY\ArchiCAD-20-Build-4012-CZE+Add-ons+Crack\ArchiCAD 20 Build 4012 CZE+Add-ons+Crack\1.ArchiCAD 20 CZE\ARCHICAD 20\archive.exe
C:\Program Files (x86)\Java\jre1.8.0_72\bin\javaw.exe
C:\Program Files\trend micro\bizap_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_72\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_72\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\bizap\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\bizap\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Users\bizap\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10228 bytes

====== Enumerating Processes ======

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-7c2ebdd3-7e24-4dfb-928e-e550ec130c51 -SystemEventPortName:HostProcess-61ce528e-5dfb-43bf-b5fb-108d8da1a9ac -IoCancelEventPortName:HostProcess-91694f5d-a435-4b2e-a58c-6f92d3532be9 -NonStateChangingEventPortName:HostProcess-fc7281a5-7d96-4303-a6d4-18f101e29d95 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c5d20343-1f4f-4946-aeaf-acc59facd322 -DeviceGroupId:WpdFsGroup
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Users\bizap\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Users\bizap\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
"C:\Users\bizap\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Users\bizap\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe" uTorrent_6004_00B14518_1934561006 µTorrent4823DF041B09 uTorrent
"C:\Users\bizap\AppData\Roaming\Spotify\SpotifyCrashService.exe"
"C:\Users\bizap\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe" uTorrent_6004_03EF5058_12509507 µTorrent4823DF041B09 uTorrent
"C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --channel="5996.0.1278473652\55876529" --mojo-application-channel-token=BEFF118C1341F528AB09E712A19D76A8 --no-sandbox --disable-d3d11 --enable-crash-reporter --lang=en-US --log-file="C:\Users\bizap\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.49.125 --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,14,18,31,56,70 --gpu-vendor-id=0x10de --gpu-device-id=0x0e22 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.7653 --gpu-driver-date=12-29-2016 --enable-crash-reporter --lang=en-US --log-file="C:\Users\bizap\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.49.125 --mojo-platform-channel-handle=1588 /prefetch:2
"C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE" -Embedding
"C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --disable-pinch --no-sandbox --primordial-pipe-token=EF6E23CA0EC502FD92B9966A79724528 --lang=en-US --enable-crash-reporter --lang=en-US --log-file="C:\Users\bizap\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.49.125 --disable-extensions --disable-spell-checking --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=1B67A83120A8B05831CD81840400E465 --mojo-application-channel-token=EF6E23CA0EC502FD92B9966A79724528 --channel="5996.1.1339049617\890557414" --mojo-platform-channel-handle=1708 /prefetch:1
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe"
C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe --type=crashpad-handler /prefetch:7 "--database=C:\Users\bizap\AppData\Local\Chromium\User Data\Crashpad" "--metrics-dir=C:\Users\bizap\AppData\Local\Chromium\User Data" --annotation=channel= --annotation=plat=Win32 --annotation=prod=Vivaldi --annotation=ver=1.7.735.46 --initial-client-data=0x1e8,0x1ec,0x1f0,0x1e4,0x1f4,0x5bf86294,0x5bf862a4,0x5bf862b4
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=gpu-process --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,19,20,23,40,71 --gpu-vendor-id=0x10de --gpu-device-id=0x0e22 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.7653 --gpu-driver-date=12-29-2016 --service-request-channel-token=C99F34E3D81C1CD119DF63DAA4A097FE --mojo-platform-channel-handle=1284 --ignored=" --type=renderer " /prefetch:2
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=3BD9D3051240DDDC7225D37B579E8BF9 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_23_0_0_205.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=3BD9D3051240DDDC7225D37B579E8BF9 --renderer-client-id=8 --running-vivaldi --mojo-platform-channel-handle=2208 /prefetch:1
"C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --enable-blink-features=ResizeObserver --disable-features=MetricsReporting<MetricsAndCrashSampling --force-fieldtrials=MetricsAndCrashSampling/OutOfReportingSample/ --primordial-pipe-token=119873FCB84E5F43C50050C5286DDF35 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_23_0_0_205.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=119873FCB84E5F43C50050C5286DDF35 --renderer-client-id=15 --running-vivaldi --mojo-platform-channel-handle=4104 /prefetch:1
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WinRAR\WinRAR.exe" "E:\PROGRAMY\ArchiCAD-20-Build-4012-CZE+Add-ons+Crack.zip"
"C:\WINDOWS\system32\NOTEPAD.EXE" E:\PROGRAMY\ArchiCAD-20-Build-4012-CZE+Add-ons+Crack\ArchiCAD 20 Build 4012 CZE+Add-ons+Crack\Navod-cti_me.txt
"E:\PROGRAMY\ArchiCAD-20-Build-4012-CZE+Add-ons+Crack\ArchiCAD 20 Build 4012 CZE+Add-ons+Crack\1.ArchiCAD 20 CZE\Setup.exe"
C:\WINDOWS\splwow64.exe 12288
"E:\PROGRAMY\ArchiCAD-20-Build-4012-CZE+Add-ons+Crack\ArchiCAD 20 Build 4012 CZE+Add-ons+Crack\1.ArchiCAD 20 CZE\ARCHICAD 20\Setup.exe"
"E:\PROGRAMY\ArchiCAD-20-Build-4012-CZE+Add-ons+Crack\ArchiCAD 20 Build 4012 CZE+Add-ons+Crack\1.ArchiCAD 20 CZE\ARCHICAD 20\archive.exe"
"C:\Program Files (x86)\Java\jre1.8.0_72\bin\javaw.exe" -splash:"E:\PROGRAMY\ArchiCAD-20-Build-4012-CZE+Add-ons+Crack\ArchiCAD 20 Build 4012 CZE+Add-ons+Crack\1.ArchiCAD 20 CZE\ARCHICAD 20\archive.gif" -Duser.language=cs -jar "E:\PROGRAMY\ArchiCAD-20-Build-4012-CZE+Add-ons+Crack\ArchiCAD 20 Build 4012 CZE+Add-ons+Crack\1.ArchiCAD 20 CZE\ARCHICAD 20\archive.jar"
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\WINDOWS\system32\AUDIODG.EXE 0x3bc
"C:\Users\bizap\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

====== Scheduled tasks folder ======

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe -check pepperplugin
C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe -check pepperplugin
C:\WINDOWS\system32\tasks\DropboxUpdateTaskMachineCore - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\system32\tasks\DropboxUpdateTaskMachineUA - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task - C:\Users\bizap\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\WindowsUpda2ta - C:\Users\bizap\AppData\Roaming\MICROSOFT\Microsoft Office 2013 Activator.vbs
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\UpgradeSubscription.exe -e
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\UpgradeSubscription.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload

=========Google Chrome=========

C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.8.8
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage:
default_search_provider.search_url:
C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

======Registry dump ======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13 229064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2016-11-15 2351920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13 163528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_72\bin\ssv.dll [2017-03-03 462432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2016-11-15 1743664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_72\bin\jp2ssv.dll [2017-03-03 173152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-07-13 1795728]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-11-26 631808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\bizap\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-02-23 1518304]
"Spotify Web Helper"=C:\Users\bizap\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-02-20 1446000]
"Spotify"=C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe [2017-02-20 7067760]
"uTorrent"=C:\Users\bizap\AppData\Roaming\uTorrent\uTorrent.exe [2017-02-11 2400960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2017-02-21 26781320]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-12-22 597040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=lvcod64.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2017-03-03 21:37:46 ----D---- C:\Users\bizap\AppData\Roaming\Install.GS
2017-03-03 21:37:31 ----D---- C:\Users\bizap\AppData\Roaming\Sun
2017-03-03 21:37:28 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2017-03-03 21:37:16 ----D---- C:\ProgramData\Oracle
2017-03-03 21:37:14 ----D---- C:\Program Files (x86)\Java
2017-03-03 21:23:09 ----D---- C:\AdwCleaner
2017-03-03 19:41:57 ----D---- C:\UsbFix
2017-03-03 18:45:38 ----D---- C:\Program Files\trend micro
2017-03-03 18:45:37 ----D---- C:\rsit
2017-03-03 16:40:31 ----HD---- C:\OneDriveTemp
2017-02-21 19:49:04 ----A---- C:\WINDOWS\system32\drivers\dbx-dev.sys
2017-02-21 19:49:04 ----A---- C:\WINDOWS\system32\drivers\dbx-canary.sys
2017-02-13 08:40:47 ----SHD---- C:\found.000
2017-02-11 10:35:52 ----D---- C:\$Windows.~WS
2017-02-11 10:27:55 ----D---- C:\Users\bizap\AppData\Roaming\Ashampoo
2017-02-11 10:27:48 ----AD---- C:\ProgramData\Ashampoo
2017-02-11 10:27:40 ----D---- C:\Program Files (x86)\Ashampoo
2017-02-11 09:56:59 ----D---- C:\Users\bizap\AppData\Roaming\uTorrent
2017-02-11 09:33:39 ----D---- C:\ESD
2017-02-11 09:12:53 ----D---- C:\$WINDOWS.~BT
2017-02-10 09:16:44 ----A---- C:\WINDOWS\SYSWOW64\nvStreaming.exe
2017-02-10 09:16:42 ----A---- C:\WINDOWS\SYSWOW64\vulkaninfo.exe
2017-02-10 09:16:42 ----A---- C:\WINDOWS\SYSWOW64\vulkan-1.dll
2017-02-10 09:16:42 ----A---- C:\WINDOWS\system32\vulkaninfo.exe
2017-02-10 09:16:42 ----A---- C:\WINDOWS\system32\vulkan-1.dll
2017-02-10 09:16:41 ----D---- C:\Program Files (x86)\VulkanRT
2017-02-10 09:16:12 ----A---- C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 09:16:08 ----A---- C:\WINDOWS\system32\OpenCL.dll
2017-02-09 09:33:38 ----A---- C:\WINDOWS\system32\drivers\dbx-stable.sys
2017-02-09 09:33:38 ----A---- C:\WINDOWS\system32\DbxSvc.exe

====== List of files/folders modified in the last 1 month ======

2017-03-03 22:38:55 ----D---- C:\WINDOWS\Prefetch
2017-03-03 22:36:02 ----D---- C:\WINDOWS\Temp
2017-03-03 22:36:02 ----D---- C:\WINDOWS\system32\SleepStudy
2017-03-03 22:27:00 ----D---- C:\WINDOWS\system32\sru
2017-03-03 21:37:45 ----D---- C:\Windows
2017-03-03 21:37:36 ----SHDC---- C:\WINDOWS\Installer
2017-03-03 21:37:35 ----D---- C:\Program Files (x86)\Common Files
2017-03-03 21:37:28 ----D---- C:\WINDOWS\SysWOW64
2017-03-03 21:37:16 ----HD---- C:\ProgramData
2017-03-03 21:37:14 ----RD---- C:\Program Files (x86)
2017-03-03 21:28:22 ----D---- C:\Users\bizap\AppData\Roaming\Spotify
2017-03-03 21:26:26 ----D---- C:\ProgramData\NVIDIA
2017-03-03 21:25:42 ----D---- C:\WINDOWS\system32\catroot2
2017-03-03 21:18:29 ----SD---- C:\Users\bizap\AppData\Roaming\Microsoft
2017-03-03 18:45:38 ----RD---- C:\Program Files
2017-03-03 16:56:20 ----D---- C:\WINDOWS\system32\config
2017-03-03 16:51:19 ----RD---- C:\WINDOWS\Microsoft.NET
2017-03-03 08:16:26 ----HD---- C:\Program Files\WindowsApps
2017-03-03 08:16:26 ----D---- C:\WINDOWS\AppReadiness
2017-02-28 08:11:38 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2017-02-28 08:07:44 ----D---- C:\Program Files (x86)\Dropbox
2017-02-28 08:07:26 ----D---- C:\WINDOWS\system32\drivers
2017-02-28 08:07:26 ----D---- C:\WINDOWS\System32
2017-02-25 08:40:35 ----D---- C:\WINDOWS\WinSxS
2017-02-23 14:27:28 ----D---- C:\WINDOWS\CbsTemp
2017-02-23 14:26:54 ----D---- C:\WINDOWS\system32\MRT
2017-02-23 14:21:45 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-02-23 13:51:30 ----D---- C:\WINDOWS\system32\Tasks
2017-02-17 20:36:17 ----SHD---- C:\System Volume Information
2017-02-15 09:23:11 ----D---- C:\ProgramData\Microsoft Help
2017-02-15 09:22:56 ----RD---- C:\WINDOWS\assembly
2017-02-11 21:22:37 ----D---- C:\Users\bizap\AppData\Roaming\vlc
2017-02-11 19:41:32 ----D---- C:\WINDOWS\LiveKernelReports
2017-02-11 19:41:31 ----D---- C:\WINDOWS\INF
2017-02-11 12:25:45 ----DC---- C:\WINDOWS\Panther
2017-02-11 09:12:49 ----D---- C:\WINDOWS\Logs
2017-02-10 09:17:18 ----D---- C:\ProgramData\NVIDIA Corporation
2017-02-10 09:16:12 ----D---- C:\Program Files\NVIDIA Corporation
2017-02-10 09:16:12 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2017-02-10 09:15:06 ----D---- C:\WINDOWS\system32\DriverStore
2017-02-10 09:15:05 ----D---- C:\WINDOWS\system32\CatRoot
2017-02-06 20:48:07 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-26 48992]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R3 lvpepf64;@oem11.inf,%pepifilter.SrvDesc%;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 lvrs64;@oem11.inf,%lvrs.SrvDesc%;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBS64.sys [2008-07-26 50072]
R3 NVHDA;@oem18.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2017-01-04 221640]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [2017-01-04 14199224]
R3 PID_PEPI;@oem5.inf,%PID_08A0_DD%(PID_PEPI);Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V64.SYS [2008-07-26 2624408]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-16 589824]
R3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;Ovladač zvuků USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2016-07-16 132096]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-26 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2016-11-26 127328]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2016-07-16 157024]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2016-07-16 141152]
S3 dbx;dbx; C:\WINDOWS\system32\DRIVERS\dbx.sys []
S3 dg_ssudbus;@oem4.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2016-08-06 25640]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2016-08-06 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2016-08-06 30528]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-11-26 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2016-07-16 179040]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 ssudmdm;@oem7.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-09-05 165504]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\WINDOWS\system32\drivers\tsusbhub.sys [2016-07-16 123392]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]
S4 UevAgentDriver;@%systemroot%\system32\drivers\UevAgentDriver.sys,-101; C:\WINDOWS\system32\drivers\UevAgentDriver.sys [2016-07-16 40288]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 CDPUserSvc_2b978;CDPUserSvc_2b978; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 DbxSvc;DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [2017-02-09 46408]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-12-29 458176]
R2 OneSyncSvc_2b978;Hostitel synchronizace_2b978; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R3 PimIndexMaintenanceSvc_2b978;Data kontaktů_2b978; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\TimeBrokerServer.dll
R3 UnistoreSvc_2b978;Úložiště uživatelských dat_2b978; C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-19 143144]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-19 143144]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 MessagingService_2b978;Služba zasílání zpráv_2b978; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 178760]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-11-26 2889896]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2016-12-14 822624]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll
S4 UevAgentService;@%systemroot%\system32\AgentService.exe,-102; C:\WINDOWS\system32\AgentService.exe [2016-07-16 1227264]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 04 bře 2017 11:38

Rudy píše:Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Toto je RSIT a já potřebuji FRST. V desítkách není možné mazat z RSIT z důvodu možného poškození systému.

Murdoc · #7 Příspěvek od **Murdoc** » 05 bře 2017 10:50

pardon moje chyba

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-03-2017
Ran by bizap (administrator) on DESKTOP-4AOMQ6O (05-03-2017 10:38:58)
Running from C:\Users\bizap\Downloads
Loaded Profiles: bizap (Available Profiles: bizap)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Spotify Ltd) C:\Users\bizap\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Spotify Ltd) C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe
(BitTorrent Inc.) C:\Users\bizap\AppData\Roaming\uTorrent\uTorrent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Spotify Ltd) C:\Users\bizap\AppData\Roaming\Spotify\SpotifyCrashService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(BitTorrent Inc.) C:\Users\bizap\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(BitTorrent Inc.) C:\Users\bizap\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Spotify Ltd) C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\SilverFast Application\SilverFast 8\SilverFast 8.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\bizap\AppData\Local\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-07-13] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-2172335363-1738720639-4197107604-1001\...\Run: [Spotify Web Helper] => C:\Users\bizap\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-20] (Spotify Ltd)
HKU\S-1-5-21-2172335363-1738720639-4197107604-1001\...\Run: [Spotify] => C:\Users\bizap\AppData\Roaming\Spotify\Spotify.exe [7067760 2017-02-20] (Spotify Ltd)
HKU\S-1-5-21-2172335363-1738720639-4197107604-1001\...\Run: [uTorrent] => C:\Users\bizap\AppData\Roaming\uTorrent\uTorrent.exe [2400960 2017-02-11] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4acbb484-df25-4f2b-a597-82972aebd1e6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\ssv.dll [2017-03-03] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\jp2ssv.dll [2017-03-03] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-08-16] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2017-03-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2017-03-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.centrum.cz/"
CHR Profile: C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (Prezentace Google) - C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-31]
CHR Extension: (Dokumenty Google) - C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-31]
CHR Extension: (Disk Google) - C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-31]
CHR Extension: (YouTube) - C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-31]
CHR Extension: (Tabulky Google) - C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-31]
CHR Extension: (Dokumenty Google offline) - C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-31]
CHR Extension: (AdBlock) - C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Gmail) - C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-31]
CHR Extension: (Chrome Media Router) - C:\Users\bizap\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-08-06] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 10:38 - 2017-03-05 10:39 - 00016775 _____ C:\Users\bizap\Downloads\FRST.txt
2017-03-05 10:38 - 2017-03-05 10:38 - 00000000 ____D C:\FRST
2017-03-05 10:30 - 2017-03-05 10:30 - 02423296 _____ (Farbar) C:\Users\bizap\Downloads\FRST64.exe
2017-03-04 07:44 - 2017-03-04 07:44 - 00000000 ___HD C:\OneDriveTemp
2017-03-03 21:37 - 2017-03-03 22:40 - 00000000 ____D C:\Users\bizap\AppData\Roaming\Install.GS
2017-03-03 21:37 - 2017-03-03 21:37 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-03-03 21:37 - 2017-03-03 21:37 - 00000000 ____D C:\Users\bizap\AppData\Roaming\Sun
2017-03-03 21:37 - 2017-03-03 21:37 - 00000000 ____D C:\Users\bizap\AppData\LocalLow\Sun
2017-03-03 21:37 - 2017-03-03 21:37 - 00000000 ____D C:\Users\bizap\AppData\LocalLow\Oracle
2017-03-03 21:37 - 2017-03-03 21:37 - 00000000 ____D C:\Users\bizap\.oracle_jre_usage
2017-03-03 21:37 - 2017-03-03 21:37 - 00000000 ____D C:\ProgramData\Oracle
2017-03-03 21:37 - 2017-03-03 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-03 21:37 - 2017-03-03 21:37 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-03 21:27 - 2017-03-04 07:44 - 00000000 ____D C:\Users\bizap\AppData\LocalLow\uTorrent
2017-03-03 21:23 - 2017-03-03 21:25 - 00000000 ____D C:\AdwCleaner
2017-03-03 21:23 - 2017-03-03 21:23 - 04031440 _____ C:\Users\bizap\Downloads\adwcleaner_6.044.exe
2017-03-03 21:18 - 2017-03-03 21:32 - 00006901 _____ C:\Users\bizap\Desktop\UsbFix_Report.txt
2017-03-03 19:55 - 2017-03-03 21:14 - 03812256 _____ (SOSVirus) C:\Users\bizap\Downloads\UsbFix_9.030.exe
2017-03-03 19:42 - 2017-03-03 19:42 - 00001485 _____ C:\Users\bizap\Desktop\UsbFix.lnk
2017-03-03 19:42 - 2017-03-03 19:42 - 00000000 ____D C:\Users\bizap\AppData\Local\CrashDumps
2017-03-03 19:41 - 2017-03-03 21:14 - 00000000 ____D C:\UsbFix
2017-03-03 19:41 - 2017-03-03 19:41 - 03812131 _____ (SOSVirus) C:\Users\bizap\Downloads\UsbFix.exe
2017-03-03 18:45 - 2017-03-03 22:38 - 00000000 ____D C:\Program Files\trend micro
2017-03-03 18:45 - 2017-03-03 18:46 - 00000000 ____D C:\rsit
2017-03-03 18:45 - 2017-03-03 18:45 - 01324032 _____ C:\Users\bizap\Downloads\RSITx64.exe
2017-02-28 08:07 - 2017-02-28 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-24 12:40 - 2017-02-24 12:41 - 06634198 _____ C:\Users\bizap\Downloads\VID-20170123-WA0001.mp4
2017-02-21 19:49 - 2017-02-21 19:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-21 19:49 - 2017-02-21 19:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-21 15:23 - 2017-02-21 15:23 - 05542332 _____ C:\Users\bizap\Downloads\Epilation.mp4
2017-02-15 08:26 - 2017-02-15 08:26 - 00000000 _____ C:\Users\bizap\AppData\Local\{33366B31-C2E4-44A4-AB09-0B0ABAC82887}
2017-02-13 08:40 - 2017-02-13 08:40 - 00000000 __SHD C:\found.000
2017-02-11 17:43 - 2017-02-11 17:43 - 00040359 _____ C:\Users\bizap\Downloads\The-Young-Pope-S01E02(0000278375).srt
2017-02-11 10:35 - 2017-02-11 10:35 - 00000000 ____D C:\$Windows.~WS
2017-02-11 10:27 - 2017-02-11 10:27 - 00001902 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk
2017-02-11 10:27 - 2017-02-11 10:27 - 00001394 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
2017-02-11 10:27 - 2017-02-11 10:27 - 00000000 ____D C:\Users\bizap\AppData\Roaming\Ashampoo
2017-02-11 10:27 - 2017-02-11 10:27 - 00000000 ____D C:\Users\bizap\AppData\Local\ashampoo
2017-02-11 10:27 - 2017-02-11 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-02-11 10:27 - 2017-02-11 10:27 - 00000000 ____D C:\ProgramData\Ashampoo
2017-02-11 10:27 - 2017-02-11 10:27 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2017-02-11 10:26 - 2017-02-11 10:27 - 12891208 _____ (Ashampoo GmbH & Co. KG ) C:\Users\bizap\Downloads\ashampoo_burning_studio_6_free_6.84_13471.exe
2017-02-11 10:06 - 2017-02-11 10:08 - 4030005248 _____ C:\Users\bizap\Documents\Windows.iso
2017-02-11 09:59 - 2017-02-11 09:59 - 00002684 _____ C:\Users\bizap\Desktop\µTorrent.lnk
2017-02-11 09:59 - 2017-02-11 09:59 - 00002684 _____ C:\Users\bizap\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-02-11 09:56 - 2017-03-05 10:37 - 00000000 ____D C:\Users\bizap\AppData\Roaming\uTorrent
2017-02-11 09:56 - 2017-02-11 09:56 - 02400960 _____ (BitTorrent Inc.) C:\Users\bizap\Downloads\uTorrent.exe
2017-02-11 09:33 - 2017-02-11 12:25 - 00000000 ____D C:\ESD
2017-02-11 09:12 - 2017-02-11 09:12 - 18309328 _____ (Microsoft Corporation) C:\Users\bizap\Downloads\MediaCreationTool.exe
2017-02-11 09:12 - 2017-02-11 09:12 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-10 09:17 - 2017-02-10 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-10 09:16 - 2017-02-10 09:16 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 09:16 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-10 09:16 - 2016-12-29 14:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 09:16 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-10 09:16 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-10 09:16 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-10 09:16 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-10 09:16 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-09 09:33 - 2017-02-09 09:33 - 00046408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-09 09:33 - 2017-02-09 09:33 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 10:36 - 2016-11-26 04:04 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-05 10:26 - 2016-09-24 10:43 - 00000000 ____D C:\Users\bizap\AppData\Roaming\Spotify
2017-03-05 10:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-04 08:39 - 2016-09-18 09:15 - 00000128 ____H C:\ProgramData\V93GE
2017-03-04 07:46 - 2016-11-19 13:18 - 00000000 ___RD C:\Users\bizap\Dropbox
2017-03-04 07:45 - 2016-09-24 10:44 - 00000000 ____D C:\Users\bizap\AppData\Local\Spotify
2017-03-04 07:44 - 2016-07-31 16:54 - 00000000 ___RD C:\Users\bizap\OneDrive
2017-03-04 07:43 - 2016-11-26 04:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-04 07:43 - 2016-11-26 04:06 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-03 22:43 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-03 21:37 - 2016-11-26 04:09 - 00000000 ____D C:\Users\bizap
2017-03-03 08:16 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-28 08:21 - 2016-07-31 16:51 - 00000000 ____D C:\Users\bizap\AppData\Local\Packages
2017-02-28 08:11 - 2016-08-01 18:35 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-28 08:07 - 2016-11-19 12:46 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-23 14:27 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-23 14:26 - 2016-08-05 07:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 14:21 - 2016-08-05 07:26 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 13:51 - 2016-12-09 08:40 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-23 13:51 - 2016-07-31 16:54 - 00002391 _____ C:\Users\bizap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-15 09:23 - 2016-08-07 19:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-11 21:22 - 2016-09-10 06:34 - 00000000 ____D C:\Users\bizap\AppData\Roaming\vlc
2017-02-11 19:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-11 19:41 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-11 12:25 - 2016-11-26 04:03 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-11 10:08 - 2016-09-10 08:28 - 00002334 _____ C:\Users\bizap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-02-11 10:08 - 2016-09-10 08:28 - 00002326 _____ C:\Users\bizap\Desktop\Vivaldi.lnk
2017-02-11 10:08 - 2016-09-10 08:28 - 00000000 ____D C:\Users\bizap\AppData\Local\Vivaldi
2017-02-10 09:17 - 2016-11-26 04:05 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 09:16 - 2016-11-26 04:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 09:16 - 2016-11-26 04:05 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 08:37 - 2016-07-31 17:09 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 08:37 - 2016-07-31 17:09 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-02-15 08:26 - 2017-02-15 08:26 - 0000000 _____ () C:\Users\bizap\AppData\Local\{33366B31-C2E4-44A4-AB09-0B0ABAC82887}
2016-09-18 09:15 - 2017-03-04 08:39 - 0000128 ____H () C:\ProgramData\V93GE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-03 16:50

==================== End of FRST.txt ============================

#8 Příspěvek od **Rudy** » 05 bře 2017 11:17

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
C:\ProgramData\V93GE
C:\Users\bizap\AppData\Local\{33366B31-C2E4-44A4-AB09-0B0ABAC82887}
Task: {23675A63-ADC2-4CF3-B6E0-6522D6ABC77F} - System32\Tasks\WindowsUpda2ta => C:\Users\bizap\AppData\Roaming\MICROSOFT\Microsoft Office 2013 Activator.vbs <==== ATTENTION

EmptyTemp:
End

Uložte do C:\Users\bizap\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Murdoc · #9 Příspěvek od **Murdoc** » 05 bře 2017 11:31

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017
Ran by bizap (05-03-2017 11:22:23) Run:1
Running from C:\Users\bizap\Downloads
Loaded Profiles: bizap (Available Profiles: bizap)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
C:\ProgramData\V93GE
C:\Users\bizap\AppData\Local\{33366B31-C2E4-44A4-AB09-0B0ABAC82887}
Task: {23675A63-ADC2-4CF3-B6E0-6522D6ABC77F} - System32\Tasks\WindowsUpda2ta => C:\Users\bizap\AppData\Roaming\MICROSOFT\Microsoft Office 2013 Activator.vbs <==== ATTENTION

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
C:\ProgramData\V93GE => moved successfully
C:\Users\bizap\AppData\Local\{33366B31-C2E4-44A4-AB09-0B0ABAC82887} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23675A63-ADC2-4CF3-B6E0-6522D6ABC77F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23675A63-ADC2-4CF3-B6E0-6522D6ABC77F} => key removed successfully
C:\WINDOWS\System32\Tasks\WindowsUpda2ta => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindowsUpda2ta => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1395975 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68222950 B
Java, Flash, Steam htmlcache => 1232 B
Windows/system/drivers => 3007304 B
Edge => 32678546 B
Chrome => 772653987 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 66286 B
bizap => 98253770 B

RecycleBin => 6791237 B
EmptyTemp: => 937.5 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 11:23:39 ====

#10 Příspěvek od **Rudy** » 05 bře 2017 12:14

Smazáno, log by již měl být OK.

Murdoc · #11 Příspěvek od **Murdoc** » 05 bře 2017 15:08

potvrzuji, díky moc. posílám drobný příspěveček.

#12 Příspěvek od **Rudy** » 05 bře 2017 18:43

Za příspěvek děkujeme. Nemáte zač!

VIRY.CZ

USB disk - soubory i složky jsou zástupci

USB disk - soubory i složky jsou zástupci

Re: USB disk - soubory i složky jsou zástupci

Re: USB disk - soubory i složky jsou zástupci

Re: USB disk - soubory i složky jsou zástupci

Re: USB disk - soubory i složky jsou zástupci

Re: USB disk - soubory i složky jsou zástupci

Re: USB disk - soubory i složky jsou zástupci

Re: USB disk - soubory i složky jsou zástupci

Re: USB disk - soubory i složky jsou zástupci

Re: USB disk - soubory i složky jsou zástupci

Re: USB disk - soubory i složky jsou zástupci

Re: USB disk - soubory i složky jsou zástupci