V prohlížeči se mění domovská stránka

[margot]

Dobrý večer, prosím o kontrolu logu. Při spuštění Chromu se místo domovské stránky Google otevře StartPageing123.com.
Předem děkuji za ochotu a váš čas...



Logfile of random's system information tool 1.15 (written by random/random)
Run by Margotka at 2017-03-08 19:35:30
Microsoft Windows 10 Home
System drive C: has 44 GB (58%) free of 76 GB
Total RAM: 2046 MB (32% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:35:36, on 08.03.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Margotka_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpageing123.com/?type=hp ... 6686866868
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpageing123.com/?type=hp ... 6686866868
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpageing123.com/?type=hp ... 6686866868
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startpageing123.com/search/? ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.startpageing123.com/search/? ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpageing123.com/?type=hp ... 6686866868
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: ed2k idle service (ed2kidle) - Unknown owner - C:\Program Files (x86)\amulell\ed2k.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Kyubey - Unknown owner - C:\Users\Margotka\AppData\Roaming\Kyubey\Kyubey.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10500 bytes

====== Enumerating Processes ======

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
C:\Users\Margotka\AppData\Roaming\Kyubey\Kyubey.exe -s
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\System32\svchost.exe -k WinSnare
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
C:\WINDOWS\SysWoW64\svchost.exe -k WinSAPSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" f88c71f3-33dd-4269-93de-c2042f75bd79
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\sihost.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\Windows Defender\MSASCuiL.exe"
C:\Program Files\Windows Defender\MpCmdRun.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe" -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{86D5EB8A-859F-4C7B-A76B-2BD819B7A850}
C:\Windows\helppane.exe -Embedding
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.startpageing123.com/?type=sc ... 6686866868
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Margotka\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=56.0.2924.87 --initial-client-data=0x220,0x254,0x258,0x21c,0x25c,0x68a67598,0x68a675bc,0x68a675a4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=5532 --on-initialized-event-handle=708 --parent-handle=712 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled2/InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_54/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,19,20,23,40,71 --gpu-vendor-id=0x10de --gpu-device-id=0x1287 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.7866 --gpu-driver-date=2-9-2017 --service-request-channel-token=06A58211C285D03D198EC6430C995973 --mojo-platform-channel-handle=1384 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled2/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_54/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --primordial-pipe-token=699BAEBDB275BCD55585C0A290CA8DE9 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=699BAEBDB275BCD55585C0A290CA8DE9 --renderer-client-id=9 --mojo-platform-channel-handle=2472 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled2/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_54/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=CF6485ACD792E0D20480875AA8B6A1DF --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=CF6485ACD792E0D20480875AA8B6A1DF --renderer-client-id=8 --mojo-platform-channel-handle=3772 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled2/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_54/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=6257315A188E7785EE5449A9B6753DD8 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=6257315A188E7785EE5449A9B6753DD8 --renderer-client-id=7 --mojo-platform-channel-handle=4680 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled2/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_54/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=64670790DADD6C74FA9580A7D708A938 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=64670790DADD6C74FA9580A7D708A938 --renderer-client-id=4 --mojo-platform-channel-handle=5160 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 636 640 648 8192 644
C:\WINDOWS\system32\AUDIODG.EXE 0x3e8
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Users\Margotka\Desktop\RSITx64.exe"

====== Scheduled tasks folder ======

C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Foladomgracuge - "msiexec" /i HtTp://d2buh1bf1g584w.cloudfront.net/ms ... &v=2017223 /q
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\Milimili - "C:\Program Files (x86)\MIO\MIO.exe" -bindurl http://api.suibianmaimaicom.com/wdcxwd5 ... 866868.dat cmd=
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\{A4FC1AC3-09F0-40AA-A1F5-B2577D06A5EA} - "c:\windows\system32\launchwinapp.exe" https://ui.skype.com/ui/0/7.30.64.105/c ... age=tsMain
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader - %windir%\system32\WSqmCons.exe -u
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task

=========Google Chrome=========

C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kbejacapfbbfcbonimhhmpdbbpjdoplf 2 Weather Hub 1.2.9
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: https://www.google.cz/webhp?sourceid=ch ... 2&ie=UTF-8
default_search_provider.search_url:
C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kbejacapfbbfcbonimhhmpdbbpjdoplf]
"Path"=


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"=http://www.startpageing123.com/search/? ... earchTerms}


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"=http://www.startpageing123.com/search/? ... earchTerms}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-12-14 631808]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-12-02 16776192]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-08-27 2634872]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2015-08-27 1710568]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2017-01-19 176440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-02-22 1518304]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-02-08 27427808]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2017-01-17 67384]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-02-07 4701888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"=C:\WINDOWS\system32\cmd.exe [2016-07-16 232960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2013-07-23 1282632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux3"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2017-03-08 19:35:30 ----D---- C:\rsit
2017-03-08 19:35:30 ----D---- C:\Program Files\trend micro
2017-03-08 17:38:00 ----D---- C:\WINDOWS\Microsoft Antimalware
2017-03-08 15:06:36 ----D---- C:\AdwCleaner
2017-03-08 14:35:43 ----D---- C:\Users\Margotka\AppData\Roaming\aMule
2017-03-07 18:08:01 ----D---- C:\Program Files (x86)\{80CFB430-DE15-4807-A960-9B6DC8A815AC}
2017-03-07 16:55:06 ----D---- C:\Users\Margotka\AppData\Roaming\Kyubey
2017-03-07 16:55:05 ----D---- C:\Program Files (x86)\BikaQRss
2017-03-07 16:55:02 ----D---- C:\Program Files (x86)\MIO
2017-03-07 16:55:00 ----D---- C:\Users\Margotka\AppData\Roaming\WinSnare
2017-03-07 16:54:56 ----D---- C:\Users\Margotka\AppData\Roaming\WinSAPSvc
2017-03-07 16:49:56 ----D---- C:\Program Files (x86)\MK
2017-03-07 16:49:13 ----A---- C:\WINDOWS\system32\drivers\PROCEXP152.SYS
2017-03-07 16:49:03 ----D---- C:\Program Files (x86)\{B42440EF-D129-47A1-ACDA-6E562ECDD84B}
2017-03-03 11:35:51 ----D---- C:\Program Files\iPod
2017-03-03 11:35:40 ----AD---- C:\Program Files\iTunes
2017-02-26 12:34:59 ----D---- C:\Program Files (x86)\WeatherHub
2017-02-24 08:28:05 ----HD---- C:\ProgramData\CanonIJEGV
2017-02-24 08:22:25 ----D---- C:\Program Files (x86)\Adobe
2017-02-24 08:21:38 ----D---- C:\ProgramData\Adobe
2017-02-23 17:06:45 ----A---- C:\WINDOWS\system32\drivers\dtliteusbbus.sys
2017-02-23 17:06:37 ----A---- C:\WINDOWS\system32\drivers\dtlitescsibus.sys
2017-02-23 17:06:35 ----D---- C:\Users\Margotka\AppData\Roaming\DAEMON Tools Lite
2017-02-23 17:06:26 ----D---- C:\Program Files\DAEMON Tools Lite
2017-02-23 17:06:18 ----D---- C:\ProgramData\DAEMON Tools Lite
2017-02-23 16:35:40 ----A---- C:\WINDOWS\system32\drivers\VBoxDrv.sys
2017-02-23 16:35:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2017-02-23 16:35:31 ----A---- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2017-02-23 16:35:25 ----D---- C:\Program Files\Oracle
2017-02-23 15:50:01 ----D---- C:\Pharaoh
2017-02-21 18:36:36 ----A---- C:\WINDOWS\SYSWOW64\nvStreaming.exe
2017-02-21 18:36:21 ----A---- C:\WINDOWS\SYSWOW64\vulkaninfo.exe
2017-02-21 18:36:21 ----A---- C:\WINDOWS\SYSWOW64\vulkan-1.dll
2017-02-21 18:36:21 ----A---- C:\WINDOWS\system32\vulkaninfo.exe
2017-02-21 18:36:21 ----A---- C:\WINDOWS\system32\vulkan-1.dll
2017-02-21 18:36:19 ----D---- C:\Program Files (x86)\VulkanRT
2017-02-21 18:35:57 ----A---- C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-21 18:35:57 ----A---- C:\WINDOWS\system32\nv3dappshext.dll
2017-02-21 18:35:18 ----A---- C:\WINDOWS\NvContainerRecovery.bat
2017-02-21 18:31:29 ----D---- C:\ProgramData\Package Cache
2017-02-21 18:29:51 ----A---- C:\WINDOWS\system32\nvhdap64.dll
2017-02-21 18:29:48 ----A---- C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-21 18:29:47 ----A---- C:\WINDOWS\SYSWOW64\nvptxJitCompiler.dll
2017-02-21 18:29:47 ----A---- C:\WINDOWS\SYSWOW64\nvopencl.dll
2017-02-21 18:29:47 ----A---- C:\WINDOWS\SYSWOW64\nvoglv32.dll
2017-02-21 18:29:47 ----A---- C:\WINDOWS\system32\nvopencl.dll
2017-02-21 18:29:47 ----A---- C:\WINDOWS\system32\nvoglv64.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\SYSWOW64\NvIFROpenGL.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\SYSWOW64\NvIFR.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\SYSWOW64\NvFBC.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\SYSWOW64\nvfatbinaryLoader.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\SYSWOW64\nvEncodeAPI.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\SYSWOW64\nvEncMFTH264.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\NvIFR64.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\NvFBC64.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-02-21 18:29:45 ----A---- C:\WINDOWS\SYSWOW64\nvDecMFTMjpeg.dll
2017-02-21 18:29:45 ----A---- C:\WINDOWS\SYSWOW64\nvcuvid.dll
2017-02-21 18:29:45 ----A---- C:\WINDOWS\SYSWOW64\nvcuda.dll
2017-02-21 18:29:45 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2017-02-21 18:29:45 ----A---- C:\WINDOWS\system32\nvcuda.dll
2017-02-21 18:29:41 ----A---- C:\WINDOWS\SYSWOW64\nvcompiler.dll
2017-02-21 18:29:41 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2017-02-21 18:20:01 ----A---- C:\WINDOWS\SYSWOW64\d3dx11_43.dll
2017-02-21 18:20:01 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2017-02-21 18:20:00 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_43.dll
2017-02-21 18:20:00 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2017-02-21 18:19:59 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_43.dll
2017-02-21 18:19:59 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2017-02-21 18:19:50 ----RA---- C:\WINDOWS\system32\nvspbridge64.dll
2017-02-21 18:19:49 ----RA---- C:\WINDOWS\system32\nvspcap64.dll
2017-02-21 18:19:47 ----RA---- C:\WINDOWS\SYSWOW64\nvspbridge.dll
2017-02-21 18:19:46 ----RA---- C:\WINDOWS\SYSWOW64\nvspcap.dll
2017-02-21 18:18:42 ----A---- C:\WINDOWS\SYSWOW64\nvaudcap32v.dll
2017-02-21 18:18:42 ----A---- C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-21 18:18:42 ----A---- C:\WINDOWS\system32\drivers\nvvad64v.sys
2017-02-21 18:17:41 ----D---- C:\ProgramData\NVIDIA
2017-02-21 18:17:27 ----A---- C:\WINDOWS\system32\nvsvcr.dll
2017-02-21 18:17:27 ----A---- C:\WINDOWS\system32\nvsvc64.dll
2017-02-21 18:17:27 ----A---- C:\WINDOWS\system32\nvshext.dll
2017-02-21 18:17:27 ----A---- C:\WINDOWS\system32\nvcpl.dll
2017-02-21 18:17:26 ----A---- C:\WINDOWS\system32\nvmctray.dll
2017-02-21 18:16:57 ----A---- C:\WINDOWS\SYSWOW64\OpenCL.dll
2017-02-21 18:16:57 ----A---- C:\WINDOWS\system32\OpenCL.dll
2017-02-21 18:16:02 ----A---- C:\WINDOWS\system32\nvdispco6435582.dll
2017-02-21 18:15:58 ----A---- C:\WINDOWS\system32\nvdispgenco6435582.dll
2017-02-21 18:13:21 ----D---- C:\ProgramData\NVIDIA Corporation
2017-02-21 18:13:07 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2017-02-21 18:12:16 ----A---- C:\WINDOWS\SYSWOW64\nvapi.dll
2017-02-21 18:12:10 ----N---- C:\WINDOWS\system32\nvwgf2umx.dll
2017-02-21 18:11:21 ----N---- C:\WINDOWS\SYSWOW64\nvd3dum.dll
2017-02-21 18:11:16 ----N---- C:\WINDOWS\system32\drivers\nvlddmkm.sys
2017-02-21 18:11:16 ----A---- C:\WINDOWS\system32\nvapi64.dll
2017-02-21 18:09:44 ----D---- C:\Program Files\NVIDIA Corporation
2017-02-19 12:59:06 ----D---- C:\Program Files (x86)\Seznam.cz
2017-02-19 12:58:33 ----D---- C:\Users\Margotka\AppData\Roaming\Seznam.cz
2017-02-19 10:06:37 ----AD---- C:\Program Files (x86)\HD Tune
2017-02-19 06:23:17 ----D---- C:\WINDOWS\Minidump
2017-02-12 11:14:06 ----D---- C:\Users\Margotka\AppData\Roaming\MPC-HC
2017-02-12 11:12:44 ----AD---- C:\Program Files (x86)\MPC-HC
2017-02-09 18:03:59 ----D---- C:\SIERRA
2017-02-09 17:19:39 ----D---- C:\Users\Margotka\AppData\Roaming\Canon
2017-02-09 17:19:30 ----HD---- C:\ProgramData\CanonIJQuickMenu
2017-02-09 17:18:39 ----D---- C:\ProgramData\CanonIJPLM
2017-02-09 17:04:27 ----A---- C:\WINDOWS\system32\CNMXLMC1.DLL
2017-02-09 17:02:57 ----D---- C:\ProgramData\CanonIJWSpt
2017-02-09 16:59:48 ----D---- C:\Program Files\Canon
2017-02-09 16:58:37 ----HD---- C:\Program Files\CanonBJ
2017-02-09 16:56:42 ----D---- C:\Program Files (x86)\Canon
2017-02-09 16:53:14 ----HD---- C:\ProgramData\CanonBJ
2017-02-09 16:52:59 ----A---- C:\WINDOWS\system32\CNMLMC1.DLL

====== List of files/folders modified in the last 1 month ======

2017-03-08 19:35:33 ----D---- C:\WINDOWS\Prefetch
2017-03-08 19:35:30 ----RD---- C:\Program Files
2017-03-08 19:21:46 ----D---- C:\WINDOWS\Temp
2017-03-08 19:19:29 ----RD---- C:\WINDOWS\Microsoft.NET
2017-03-08 19:07:01 ----D---- C:\Users\Margotka\AppData\Roaming\Skype
2017-03-08 19:05:23 ----D---- C:\WINDOWS\system32\config
2017-03-08 19:04:00 ----D---- C:\WINDOWS\system32\sru
2017-03-08 18:49:12 ----D---- C:\WINDOWS\SysWOW64
2017-03-08 18:10:15 ----D---- C:\WINDOWS\System32
2017-03-08 18:10:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 17:38:00 ----D---- C:\Windows
2017-03-08 14:49:42 ----D---- C:\WINDOWS\AppReadiness
2017-03-08 14:49:41 ----HD---- C:\Program Files\WindowsApps
2017-03-08 14:47:47 ----SHD---- C:\WINDOWS\Installer
2017-03-08 14:47:46 ----D---- C:\WINDOWS\system32\Tasks
2017-03-08 14:47:40 ----SD---- C:\Users\Margotka\AppData\Roaming\Microsoft
2017-03-08 14:47:39 ----RD---- C:\Program Files (x86)
2017-03-08 14:28:39 ----D---- C:\WINDOWS\system32\SleepStudy
2017-03-07 16:49:13 ----D---- C:\WINDOWS\system32\drivers
2017-03-06 04:00:24 ----D---- C:\WINDOWS\LiveKernelReports
2017-03-05 14:44:43 ----D---- C:\WINDOWS\system32\catroot2
2017-03-05 14:44:43 ----D---- C:\WINDOWS\system32\CatRoot
2017-03-03 11:35:49 ----D---- C:\Program Files\Common Files\Apple
2017-02-28 09:31:58 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2017-02-26 12:35:31 ----D---- C:\WINDOWS\WinSxS
2017-02-26 12:35:19 ----D---- C:\Program Files\Common Files\microsoft shared
2017-02-24 08:28:05 ----HD---- C:\ProgramData
2017-02-24 08:25:39 ----D---- C:\Users\Margotka\AppData\Roaming\Adobe
2017-02-24 08:22:25 ----D---- C:\Program Files (x86)\Common Files
2017-02-23 20:02:44 ----D---- C:\WINDOWS\CbsTemp
2017-02-23 20:02:29 ----D---- C:\WINDOWS\system32\MRT
2017-02-23 19:59:01 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-02-23 17:06:47 ----D---- C:\WINDOWS\system32\DriverStore
2017-02-23 17:06:47 ----D---- C:\WINDOWS\INF
2017-02-23 15:55:20 ----SHD---- C:\System Volume Information
2017-02-23 15:53:33 ----A---- C:\WINDOWS\SIERRA.INI
2017-02-23 15:50:12 ----D---- C:\Program Files (x86)\Sierra On-Line
2017-02-21 18:19:51 ----D---- C:\WINDOWS\Logs
2017-02-21 18:17:22 ----D---- C:\WINDOWS\Help
2017-02-19 12:43:58 ----D---- C:\WINDOWS\system32\LogFiles
2017-02-19 08:40:40 ----D---- C:\WINDOWS\system32\WDI
2017-02-10 04:08:29 ----D---- C:\ProgramData\Skype
2017-02-10 04:08:26 ----RD---- C:\Program Files (x86)\Skype
2017-02-10 03:33:54 ----A---- C:\WINDOWS\system32\nvhdagenco6420103.dll

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-12-14 48992]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R3 cmuda3;@oem4.inf,%CMUDA.SvcDesc%;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmudax3.sys [2016-12-15 1155072]
R3 dtlitescsibus;@oem31.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2017-02-23 30264]
R3 dtliteusbbus;@oem32.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2017-02-23 47672]
R3 NVHDA;@oem26.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2017-02-10 217528]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys [2017-02-10 14516664]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-08-27 19576]
R3 nvvad_WaveExtensible;@oem23.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2015-08-11 50472]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-16 589824]
R3 RTL8023x64;@netrtl64.inf,%Rtlnicx64.Service.DispName%;Realtek 10/100 NIC Family NDIS x64 Driver; C:\WINDOWS\System32\drivers\Rtnic64.sys [2016-07-16 51712]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-12-14 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2016-12-13 11922944]
S3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2016-12-13 359936]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-12-14 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]
S3 USBAAPL64;@oem13.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl64.sys [2016-03-28 54784]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;Ovladač zvuků USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2016-07-16 132096]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2016-12-14 226816]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2016-12-13 238080]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-09-22 83768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CDPUserSvc_5a24b;CDPUserSvc_5a24b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-08-27 1155192]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2013-06-28 84616]
R2 Kyubey;Kyubey; C:\Users\Margotka\AppData\Roaming\Kyubey\Kyubey.exe [2017-03-08 111104]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-02-10 462784]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-08-27 1872504]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-08-27 5544568]
R2 OneSyncSvc_5a24b;Hostitel synchronizace_5a24b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-11-28 10216688]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-07 1471168]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2017-01-19 651576]
R3 PimIndexMaintenanceSvc_5a24b;Data kontaktů_5a24b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\TimeBrokerServer.dll
R3 UnistoreSvc_5a24b;Úložiště uživatelských dat_5a24b; C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S2 ed2kidle;ed2k idle service; C:\Program Files (x86)\amulell\ed2k.exe -downloadwhenidle []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-01-16 317400]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 MessagingService_5a24b;Služba zasílání zpráv_5a24b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[margot]

# AdwCleaner v6.044 - Log vytvořen 09/03/2017 v 04:24:52
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-07.1 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Margotka - DESKTOP-K5DSTCE
# Spuštěno z : C:\Users\Margotka\Desktop\adwcleaner_6.044.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Služba nalezena: WinSAPSvc
Služba nalezena: ed2kidle
Služba nalezena: WinSnare
Služba nalezena: Kyubey


***** [ Složky ] *****

Složka nalezena: C:\Users\Margotka\AppData\Local\DriverToolkit
Složka nalezena: C:\Users\Margotka\AppData\Roaming\WinSAPSvc
Složka nalezena: C:\Users\Margotka\AppData\Roaming\winsapsvc
Složka nalezena: C:\Users\Margotka\AppData\Roaming\aMule
Složka nalezena: C:\Users\Margotka\AppData\Roaming\WinSnare
Složka nalezena: C:\Users\Margotka\AppData\Roaming\Kyubey
Složka nalezena: C:\Program Files (x86)\DriverToolkit
Složka nalezena: C:\Program Files (x86)\WEATHERHUB
Složka nalezena: C:\Program Files (x86)\WeatherHub
Složka nalezena: C:\Program Files (x86)\BikaQRss
Složka nalezena: C:\Users\Margotka\AppData\Local\Temp\DriverFinder
Složka nalezena: C:\Users\Margotka\AppData\Local\Temp\driverfinder
Složka nalezena: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
Složka nalezena: C:\Users\Margotka\AppData\Roaming\WinSnare
Složka nalezena: C:\Program Files (x86)\MIO


***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Zástupce infikován: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... DCXWD5000A
Zástupce infikován: C:\Users\Margotka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... 2bdb2t5b2e
Zástupce infikován: C:\Users\Margotka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... o1o&from=c
Zástupce infikován: C:\Users\Margotka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... a173g0z2bd


***** [ Naplánované úlohy ] *****

Naplánovaná úloha nalezena: Foladomgracuge
Naplánovaná úloha nalezena: Milimili


***** [ Registry ] *****

Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Klíč nalezen: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Klíč nalezen: HKU\S-1-5-21-1975653691-2592054781-435822119-1001\Software\DriverToolkit
Klíč nalezen: HKCU\Software\DriverToolkit
Klíč nalezen: HKLM\SOFTWARE\ScreenShot
Klíč nalezen: HKLM\SOFTWARE\startpageing123Software
Klíč nalezen: HKLM\SOFTWARE\msServer
Klíč nalezen: [x64] HKCU\Software\DriverToolkit
Klíč nalezen: [x64] HKLM\SOFTWARE\InterSect Alliance
Data nalezena: HKU\S-1-5-21-1975653691-2592054781-435822119-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... bdb2t5b2e9
Data nalezena: HKU\S-1-5-21-1975653691-2592054781-435822119-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... 73g0z2bdb2
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... KS-00UU3A0
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... 5000AAKS-0
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... 5000AAKS-0
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds ... id=WDCXWD5
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds ... WD5000AAKS
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... KS-00UU3A0
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... AAKS-00UU3
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... WD5000AAKS
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... WD5000AAKS
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds ... &uid=WDCXW
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds ... CXWD5000AA
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... AAKS-00UU3
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Data nalezena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=148 ... a9c300a0e9
Data nalezena: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488980224&z=56f7
Data nalezena: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488980224&z=56
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\Extensions\kbejacapfbbfcbonimhhmpdbbpjdoplf


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... che0812&ui
Chromium nastavení nalezeno: [C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
Chromium nastavení nalezeno: [C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - kbejacapfbbfcbonimhhmpdbbpjdoplf

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [8299 Bajty] - [09/03/2017 04:24:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8372 Bajty] ##########

[Rudy]

ADW nemazal, neklikl jste na mazání. Zkuste ještě jednou.

[margot]

# AdwCleaner v6.044 - Log vytvořen 09/03/2017 v 18:50:47
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-09.2 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Margotka - DESKTOP-K5DSTCE
# Spuštěno z : C:\Users\Margotka\Desktop\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: WinSAPSvc
[-] Služba smazána: ed2kidle
[-] Služba smazána: WinSnare
[-] Služba smazána: Kyubey


***** [ Složky ] *****

[-] Složka smazána: C:\Program Files (x86)\WinSnare(4.2.7)
[-] Složka smazána: C:\Users\Margotka\AppData\Local\DriverToolkit
[-] Složka smazána: C:\Users\Margotka\AppData\Roaming\WinSAPSvc
[#] Složka smazána po restartu: C:\Users\Margotka\AppData\Roaming\winsapsvc
[-] Složka smazána: C:\Users\Margotka\AppData\Roaming\aMule
[-] Složka smazána: C:\Users\Margotka\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Users\Margotka\AppData\Roaming\Kyubey
[-] Složka smazána: C:\Users\Margotka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
[-] Složka smazána: C:\Program Files (x86)\DriverToolkit
[-] Složka smazána: C:\Program Files (x86)\WEATHERHUB
[#] Složka smazána po restartu: C:\Program Files (x86)\WeatherHub
[-] Složka smazána: C:\Program Files (x86)\BikaQRss
[-] Složka smazána: C:\Users\Margotka\AppData\Local\Temp\DriverFinder
[#] Složka smazána po restartu: C:\Users\Margotka\AppData\Local\Temp\driverfinder
[-] Složka smazána: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
[#] Složka smazána po restartu: C:\Users\Margotka\AppData\Roaming\WinSnare


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****

[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\Margotka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\Margotka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\Margotka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk


***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Foladomgracuge
[-] Úloha smazána: Milimili


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKU\S-1-5-21-1975653691-2592054781-435822119-1001\Software\DriverToolkit
[-] Klíč smazán: HKU\S-1-5-21-1975653691-2592054781-435822119-1001\Software\WinSnare
[#] Klíč smazán po restartu: HKCU\Software\DriverToolkit
[#] Klíč smazán po restartu: HKCU\Software\WinSnare
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\msServer
[#] Klíč smazán po restartu: [x64] HKCU\Software\DriverToolkit
[#] Klíč smazán po restartu: [x64] HKCU\Software\WinSnare
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data obnovena: HKU\S-1-5-21-1975653691-2592054781-435822119-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKU\S-1-5-21-1975653691-2592054781-435822119-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Data obnovena: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\kbejacapfbbfcbonimhhmpdbbpjdoplf


***** [ Prohlížeče ] *****

[-] [C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Smazáno: hxxp://www.startpageing123.com/?type=hp&ts=148 ... 6686866868
[-] [C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Smazáno: hxxp://www.startpageing123.com/searchfavicon.ico
[-] [C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: kbejacapfbbfcbonimhhmpdbbpjdoplf


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6401 Bajty] - [09/03/2017 18:50:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [8499 Bajty] - [09/03/2017 04:24:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [8853 Bajty] - [09/03/2017 18:50:08]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6620 Bajty] ##########

[Rudy]

Teď je to OK. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[margot]

Logfile of random's system information tool 1.15 (written by random/random)
Run by Margotka at 2017-03-09 19:36:19
Microsoft Windows 10 Home
System drive C: has 45 GB (58%) free of 76 GB
Total RAM: 2046 MB (43% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:36:24, on 09.03.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\trend micro\Margotka_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8595 bytes

====== Enumerating Processes ======

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" f88c71f3-33dd-4269-93de-c2042f75bd79
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
C:\Program Files\Windows Defender\MpCmdRun.exe
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" -Embedding
"C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe" -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Users\Margotka\Desktop\RSITx64.exe"

====== Scheduled tasks folder ======

C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\{A4FC1AC3-09F0-40AA-A1F5-B2577D06A5EA} - "c:\windows\system32\launchwinapp.exe" https://ui.skype.com/ui/0/7.30.64.105/c ... age=tsMain
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader - %windir%\system32\WSqmCons.exe -u
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task

=========Google Chrome=========

C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.2
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: https://www.google.cz/webhp?sourceid=ch ... 2&ie=UTF-8
default_search_provider.search_url:
C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-12-14 631808]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-12-02 16776192]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-08-27 2634872]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2015-08-27 1710568]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2017-01-19 176440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-02-22 1518304]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-02-08 27427808]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2017-01-17 67384]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-02-07 4701888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"=C:\WINDOWS\system32\cmd.exe [2016-07-16 232960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2013-07-23 1282632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux3"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2017-03-09 15:25:05 ----D---- C:\Program Files (x86)\amulell
2017-03-08 19:35:30 ----D---- C:\rsit
2017-03-08 19:35:30 ----D---- C:\Program Files\trend micro
2017-03-08 17:38:00 ----D---- C:\WINDOWS\Microsoft Antimalware
2017-03-08 15:06:36 ----D---- C:\AdwCleaner
2017-03-07 18:08:01 ----D---- C:\Program Files (x86)\{80CFB430-DE15-4807-A960-9B6DC8A815AC}
2017-03-07 16:55:02 ----D---- C:\Program Files (x86)\MIO
2017-03-07 16:49:56 ----D---- C:\Program Files (x86)\MK
2017-03-07 16:49:13 ----A---- C:\WINDOWS\system32\drivers\PROCEXP152.SYS
2017-03-07 16:49:03 ----D---- C:\Program Files (x86)\{B42440EF-D129-47A1-ACDA-6E562ECDD84B}
2017-03-03 11:35:51 ----D---- C:\Program Files\iPod
2017-03-03 11:35:40 ----AD---- C:\Program Files\iTunes
2017-02-24 08:28:05 ----HD---- C:\ProgramData\CanonIJEGV
2017-02-24 08:22:25 ----D---- C:\Program Files (x86)\Adobe
2017-02-24 08:21:38 ----D---- C:\ProgramData\Adobe
2017-02-23 17:06:45 ----A---- C:\WINDOWS\system32\drivers\dtliteusbbus.sys
2017-02-23 17:06:37 ----A---- C:\WINDOWS\system32\drivers\dtlitescsibus.sys
2017-02-23 17:06:35 ----D---- C:\Users\Margotka\AppData\Roaming\DAEMON Tools Lite
2017-02-23 17:06:26 ----D---- C:\Program Files\DAEMON Tools Lite
2017-02-23 17:06:18 ----D---- C:\ProgramData\DAEMON Tools Lite
2017-02-23 16:35:40 ----A---- C:\WINDOWS\system32\drivers\VBoxDrv.sys
2017-02-23 16:35:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2017-02-23 16:35:31 ----A---- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2017-02-23 16:35:25 ----D---- C:\Program Files\Oracle
2017-02-23 15:50:01 ----D---- C:\Pharaoh
2017-02-21 18:36:36 ----A---- C:\WINDOWS\SYSWOW64\nvStreaming.exe
2017-02-21 18:36:21 ----A---- C:\WINDOWS\SYSWOW64\vulkaninfo.exe
2017-02-21 18:36:21 ----A---- C:\WINDOWS\SYSWOW64\vulkan-1.dll
2017-02-21 18:36:21 ----A---- C:\WINDOWS\system32\vulkaninfo.exe
2017-02-21 18:36:21 ----A---- C:\WINDOWS\system32\vulkan-1.dll
2017-02-21 18:36:19 ----D---- C:\Program Files (x86)\VulkanRT
2017-02-21 18:35:57 ----A---- C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-21 18:35:57 ----A---- C:\WINDOWS\system32\nv3dappshext.dll
2017-02-21 18:35:18 ----A---- C:\WINDOWS\NvContainerRecovery.bat
2017-02-21 18:31:29 ----D---- C:\ProgramData\Package Cache
2017-02-21 18:29:51 ----A---- C:\WINDOWS\system32\nvhdap64.dll
2017-02-21 18:29:48 ----A---- C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-21 18:29:47 ----A---- C:\WINDOWS\SYSWOW64\nvptxJitCompiler.dll
2017-02-21 18:29:47 ----A---- C:\WINDOWS\SYSWOW64\nvopencl.dll
2017-02-21 18:29:47 ----A---- C:\WINDOWS\SYSWOW64\nvoglv32.dll
2017-02-21 18:29:47 ----A---- C:\WINDOWS\system32\nvopencl.dll
2017-02-21 18:29:47 ----A---- C:\WINDOWS\system32\nvoglv64.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\SYSWOW64\NvIFROpenGL.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\SYSWOW64\NvIFR.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\SYSWOW64\NvFBC.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\SYSWOW64\nvfatbinaryLoader.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\SYSWOW64\nvEncodeAPI.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\SYSWOW64\nvEncMFTH264.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\NvIFR64.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\NvFBC64.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-21 18:29:46 ----A---- C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-02-21 18:29:45 ----A---- C:\WINDOWS\SYSWOW64\nvDecMFTMjpeg.dll
2017-02-21 18:29:45 ----A---- C:\WINDOWS\SYSWOW64\nvcuvid.dll
2017-02-21 18:29:45 ----A---- C:\WINDOWS\SYSWOW64\nvcuda.dll
2017-02-21 18:29:45 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2017-02-21 18:29:45 ----A---- C:\WINDOWS\system32\nvcuda.dll
2017-02-21 18:29:41 ----A---- C:\WINDOWS\SYSWOW64\nvcompiler.dll
2017-02-21 18:29:41 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2017-02-21 18:20:01 ----A---- C:\WINDOWS\SYSWOW64\d3dx11_43.dll
2017-02-21 18:20:01 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2017-02-21 18:20:00 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_43.dll
2017-02-21 18:20:00 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2017-02-21 18:19:59 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_43.dll
2017-02-21 18:19:59 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2017-02-21 18:19:50 ----RA---- C:\WINDOWS\system32\nvspbridge64.dll
2017-02-21 18:19:49 ----RA---- C:\WINDOWS\system32\nvspcap64.dll
2017-02-21 18:19:47 ----RA---- C:\WINDOWS\SYSWOW64\nvspbridge.dll
2017-02-21 18:19:46 ----RA---- C:\WINDOWS\SYSWOW64\nvspcap.dll
2017-02-21 18:18:42 ----A---- C:\WINDOWS\SYSWOW64\nvaudcap32v.dll
2017-02-21 18:18:42 ----A---- C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-21 18:18:42 ----A---- C:\WINDOWS\system32\drivers\nvvad64v.sys
2017-02-21 18:17:41 ----D---- C:\ProgramData\NVIDIA
2017-02-21 18:17:27 ----A---- C:\WINDOWS\system32\nvsvcr.dll
2017-02-21 18:17:27 ----A---- C:\WINDOWS\system32\nvsvc64.dll
2017-02-21 18:17:27 ----A---- C:\WINDOWS\system32\nvshext.dll
2017-02-21 18:17:27 ----A---- C:\WINDOWS\system32\nvcpl.dll
2017-02-21 18:17:26 ----A---- C:\WINDOWS\system32\nvmctray.dll
2017-02-21 18:16:57 ----A---- C:\WINDOWS\SYSWOW64\OpenCL.dll
2017-02-21 18:16:57 ----A---- C:\WINDOWS\system32\OpenCL.dll
2017-02-21 18:16:02 ----A---- C:\WINDOWS\system32\nvdispco6435582.dll
2017-02-21 18:15:58 ----A---- C:\WINDOWS\system32\nvdispgenco6435582.dll
2017-02-21 18:13:21 ----D---- C:\ProgramData\NVIDIA Corporation
2017-02-21 18:13:07 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2017-02-21 18:12:16 ----A---- C:\WINDOWS\SYSWOW64\nvapi.dll
2017-02-21 18:12:10 ----N---- C:\WINDOWS\system32\nvwgf2umx.dll
2017-02-21 18:11:21 ----N---- C:\WINDOWS\SYSWOW64\nvd3dum.dll
2017-02-21 18:11:16 ----N---- C:\WINDOWS\system32\drivers\nvlddmkm.sys
2017-02-21 18:11:16 ----A---- C:\WINDOWS\system32\nvapi64.dll
2017-02-21 18:09:44 ----D---- C:\Program Files\NVIDIA Corporation
2017-02-19 12:59:06 ----D---- C:\Program Files (x86)\Seznam.cz
2017-02-19 12:58:33 ----D---- C:\Users\Margotka\AppData\Roaming\Seznam.cz
2017-02-19 10:06:37 ----AD---- C:\Program Files (x86)\HD Tune
2017-02-19 06:23:17 ----D---- C:\WINDOWS\Minidump
2017-02-12 11:14:06 ----D---- C:\Users\Margotka\AppData\Roaming\MPC-HC
2017-02-12 11:12:44 ----AD---- C:\Program Files (x86)\MPC-HC

====== List of files/folders modified in the last 1 month ======

2017-03-09 19:35:19 ----D---- C:\WINDOWS\Prefetch
2017-03-09 19:31:01 ----D---- C:\WINDOWS\System32
2017-03-09 19:31:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-09 19:28:11 ----D---- C:\Users\Margotka\AppData\Roaming\Skype
2017-03-09 19:27:09 ----D---- C:\WINDOWS\Temp
2017-03-09 19:25:42 ----D---- C:\WINDOWS\system32\sru
2017-03-09 18:50:30 ----D---- C:\WINDOWS\system32\Tasks
2017-03-09 18:50:27 ----RD---- C:\Program Files (x86)
2017-03-09 16:34:39 ----D---- C:\WINDOWS\system32\SleepStudy
2017-03-09 15:25:07 ----SHD---- C:\WINDOWS\Installer
2017-03-09 15:25:05 ----SD---- C:\Users\Margotka\AppData\Roaming\Microsoft
2017-03-09 15:21:24 ----D---- C:\WINDOWS\SysWOW64
2017-03-09 04:53:21 ----RD---- C:\WINDOWS\Microsoft.NET
2017-03-09 04:17:16 ----D---- C:\WINDOWS\AppReadiness
2017-03-09 04:17:14 ----HD---- C:\Program Files\WindowsApps
2017-03-09 04:14:04 ----D---- C:\WINDOWS\LiveKernelReports
2017-03-08 19:35:30 ----RD---- C:\Program Files
2017-03-08 19:05:23 ----D---- C:\WINDOWS\system32\config
2017-03-08 17:38:00 ----D---- C:\Windows
2017-03-07 16:49:13 ----D---- C:\WINDOWS\system32\drivers
2017-03-05 14:44:43 ----D---- C:\WINDOWS\system32\catroot2
2017-03-05 14:44:43 ----D---- C:\WINDOWS\system32\CatRoot
2017-03-03 11:35:49 ----D---- C:\Program Files\Common Files\Apple
2017-02-28 09:31:58 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2017-02-26 12:35:31 ----D---- C:\WINDOWS\WinSxS
2017-02-26 12:35:19 ----D---- C:\Program Files\Common Files\microsoft shared
2017-02-26 12:30:24 ----D---- C:\SIERRA
2017-02-24 08:28:13 ----D---- C:\ProgramData\CanonIJPLM
2017-02-24 08:28:05 ----HD---- C:\ProgramData
2017-02-24 08:25:39 ----D---- C:\Users\Margotka\AppData\Roaming\Adobe
2017-02-24 08:22:25 ----D---- C:\Program Files (x86)\Common Files
2017-02-23 20:02:44 ----D---- C:\WINDOWS\CbsTemp
2017-02-23 20:02:29 ----D---- C:\WINDOWS\system32\MRT
2017-02-23 19:59:01 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-02-23 17:06:47 ----D---- C:\WINDOWS\system32\DriverStore
2017-02-23 17:06:47 ----D---- C:\WINDOWS\INF
2017-02-23 15:55:20 ----SHD---- C:\System Volume Information
2017-02-23 15:53:33 ----A---- C:\WINDOWS\SIERRA.INI
2017-02-23 15:50:12 ----D---- C:\Program Files (x86)\Sierra On-Line
2017-02-21 18:19:51 ----D---- C:\WINDOWS\Logs
2017-02-21 18:17:22 ----D---- C:\WINDOWS\Help
2017-02-19 12:43:58 ----D---- C:\WINDOWS\system32\LogFiles
2017-02-19 08:40:40 ----D---- C:\WINDOWS\system32\WDI
2017-02-17 02:13:22 ----D---- C:\Users\Margotka\AppData\Roaming\Canon
2017-02-10 04:08:29 ----D---- C:\ProgramData\Skype
2017-02-10 04:08:26 ----RD---- C:\Program Files (x86)\Skype
2017-02-10 03:33:54 ----A---- C:\WINDOWS\system32\nvhdagenco6420103.dll

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-12-14 48992]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R3 cmuda3;@oem4.inf,%CMUDA.SvcDesc%;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmudax3.sys [2016-12-15 1155072]
R3 dtlitescsibus;@oem31.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2017-02-23 30264]
R3 dtliteusbbus;@oem32.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2017-02-23 47672]
R3 NVHDA;@oem26.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2017-02-10 217528]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys [2017-02-10 14516664]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-08-27 19576]
R3 nvvad_WaveExtensible;@oem23.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2015-08-11 50472]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-16 589824]
R3 RTL8023x64;@netrtl64.inf,%Rtlnicx64.Service.DispName%;Realtek 10/100 NIC Family NDIS x64 Driver; C:\WINDOWS\System32\drivers\Rtnic64.sys [2016-07-16 51712]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-12-14 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2016-12-13 11922944]
S3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2016-12-13 359936]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-12-14 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]
S3 USBAAPL64;@oem13.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl64.sys [2016-03-28 54784]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;Ovladač zvuků USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2016-07-16 132096]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2016-12-14 226816]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2016-12-13 238080]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-09-22 83768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CDPUserSvc_4d327;CDPUserSvc_4d327; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-08-27 1155192]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2013-06-28 84616]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-02-10 462784]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-08-27 1872504]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-08-27 5544568]
R2 OneSyncSvc_4d327;Hostitel synchronizace_4d327; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-11-28 10216688]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-07 1471168]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2017-01-19 651576]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\TimeBrokerServer.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-01-16 317400]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 MessagingService_4d327;Služba zasílání zpráv_4d327; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PimIndexMaintenanceSvc_4d327;Data kontaktů_4d327; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
S3 UnistoreSvc_4d327;Úložiště uživatelských dat_4d327; C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 UserDataSvc_4d327;Přístup k uživatelským datům_4d327; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

[Rudy]

Teď je to OK. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Toto je RSIT, ze kterého v desítkách nemohu mazat bez rizika poškození systému. Potřebuji log FRST.

[margot]

tak snad uz je to ono.... omlouvam se...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Margotka (administrator) on DESKTOP-K5DSTCE (09-03-2017 20:28:11)
Running from C:\Users\Margotka\Desktop
Loaded Profiles: Margotka (Available Profiles: Margotka)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-12-14] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776192 2016-12-02] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKU\S-1-5-21-1975653691-2592054781-435822119-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1975653691-2592054781-435822119-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1975653691-2592054781-435822119-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-1975653691-2592054781-435822119-1001\...\RunOnce: [Uninstall C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Margotka\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c23db387-3611-4887-97ad-be5dc243f825}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d1781e8f-bd02-41d7-8619-c3c8735a2cc1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1975653691-2592054781-435822119-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1975653691-2592054781-435822119-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... 6686866868

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.cz/webhp?sourceid=chrome-ins ... 2&ie=UTF-8
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Prezentace Google) - C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-13]
CHR Extension: (Dokumenty Google) - C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-13]
CHR Extension: (Disk Google) - C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-13]
CHR Extension: (YouTube) - C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-13]
CHR Extension: (Tabulky Google) - C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-13]
CHR Extension: (Chrome Media Router) - C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cmuda3; C:\WINDOWS\system32\drivers\cmudax3.sys [1155072 2016-12-15] (C-Media Inc)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-02-23] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-02-23] (Disc Soft Ltd)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys [14516664 2017-02-10] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2016-07-16] (Realtek Semiconductor Corporation )
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-01-16] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 20:28 - 2017-03-09 20:29 - 00013818 _____ C:\Users\Margotka\Desktop\FRST.txt
2017-03-09 20:27 - 2017-03-09 20:28 - 00000000 ____D C:\FRST
2017-03-09 20:26 - 2017-03-09 20:27 - 02423808 _____ (Farbar) C:\Users\Margotka\Desktop\FRST64.exe
2017-03-09 20:21 - 2017-03-09 20:21 - 00015327 _____ C:\Users\Margotka\Desktop\LM.bat
2017-03-09 20:20 - 2017-03-09 20:20 - 00112640 _____ (forum.viry.cz) C:\Users\Margotka\Desktop\FRSTLauncher (1).exe
2017-03-09 20:19 - 2017-03-09 20:21 - 00029696 _____ C:\Users\Margotka\AppData\Local\MSGBOX.EXE
2017-03-09 20:19 - 2017-03-09 20:19 - 00112640 _____ (forum.viry.cz) C:\Users\Margotka\Desktop\FRSTLauncher.exe
2017-03-09 15:25 - 2017-03-09 15:25 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-09 15:21 - 2017-03-09 15:21 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-03-09 04:22 - 2017-03-09 04:22 - 04031440 _____ C:\Users\Margotka\Desktop\adwcleaner_6.044.exe
2017-03-08 19:35 - 2017-03-09 19:36 - 00000000 ____D C:\Program Files\trend micro
2017-03-08 19:35 - 2017-03-08 19:35 - 01324032 _____ C:\Users\Margotka\Desktop\RSITx64.exe
2017-03-08 19:35 - 2017-03-08 19:35 - 00000000 ____D C:\rsit
2017-03-08 18:57 - 2017-03-08 19:12 - 03636216 _____ (Google) C:\Users\Margotka\Desktop\chrome_cleanup_tool (1).exe
2017-03-08 18:49 - 2017-03-08 19:12 - 00000000 _____ C:\WINDOWS\SysWOW64\2
2017-03-08 18:48 - 2017-03-08 19:12 - 03636216 _____ (Google) C:\Users\Margotka\chrome_cleanup_tool.exe
2017-03-08 17:38 - 2017-03-08 18:02 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-03-08 15:06 - 2017-03-09 19:30 - 00000000 ____D C:\AdwCleaner
2017-03-08 14:46 - 2017-03-08 14:46 - 00000000 ____D C:\Users\Margotka\Documents\aMule Downloads
2017-03-08 14:37 - 2017-03-08 14:37 - 00000390 _____ C:\WINDOWS\SysWOW64\data.bin
2017-03-08 14:37 - 2017-03-08 14:37 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-08 14:37 - 2017-03-08 14:37 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-08 05:07 - 2017-03-08 05:07 - 06926938 _____ C:\Users\Margotka\Desktop\myokard_den-zen_data.pdf
2017-03-07 18:08 - 2017-03-07 18:08 - 00000000 ____D C:\Program Files (x86)\{80CFB430-DE15-4807-A960-9B6DC8A815AC}
2017-03-07 16:55 - 2017-03-07 16:55 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-07 16:49 - 2017-03-09 15:24 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-07 16:49 - 2017-03-09 15:19 - 00034328 _____ (Sysinternals - http://www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-03-07 16:49 - 2017-03-07 16:49 - 00000000 ____D C:\Program Files (x86)\{B42440EF-D129-47A1-ACDA-6E562ECDD84B}
2017-03-03 11:36 - 2017-03-03 11:36 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-03 11:36 - 2017-03-03 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-03 11:35 - 2017-03-03 11:36 - 00000000 ____D C:\Program Files\iTunes
2017-03-03 11:35 - 2017-03-03 11:35 - 00000000 ____D C:\Program Files\iPod
2017-03-03 11:30 - 2017-03-03 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-02-24 08:28 - 2017-02-24 08:28 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2017-02-24 08:25 - 2017-02-24 08:25 - 00000000 ____D C:\Users\Margotka\AppData\LocalLow\Adobe
2017-02-24 08:25 - 2017-02-24 08:25 - 00000000 ____D C:\Users\Margotka\AppData\Local\CEF
2017-02-24 08:23 - 2017-02-24 08:34 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-24 08:23 - 2017-02-24 08:33 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-02-24 08:22 - 2017-02-24 08:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-24 08:21 - 2017-02-24 08:26 - 00000000 ____D C:\ProgramData\Adobe
2017-02-24 08:20 - 2017-02-24 08:25 - 00000000 ____D C:\Users\Margotka\AppData\Local\Adobe
2017-02-24 08:13 - 2017-02-24 08:13 - 00174277 _____ C:\Users\Margotka\Desktop\S.pdf
2017-02-23 17:45 - 2017-02-23 17:45 - 00000000 ____D C:\Users\Margotka\AppData\Local\Disc_Soft_Ltd
2017-02-23 17:12 - 2011-05-15 14:43 - 00000602 _____ C:\Users\Margotka\Desktop\Čti mě!.txt
2017-02-23 17:11 - 2011-05-15 14:20 - 602527744 _____ C:\Users\Margotka\Desktop\VX2HOEM_CS.iso
2017-02-23 17:10 - 2017-02-23 17:10 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-02-23 17:06 - 2017-02-23 17:12 - 00000000 ____D C:\Users\Margotka\AppData\Roaming\DAEMON Tools Lite
2017-02-23 17:06 - 2017-02-23 17:09 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-02-23 17:06 - 2017-02-23 17:06 - 00047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-02-23 17:06 - 2017-02-23 17:06 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-02-23 17:06 - 2017-02-23 17:06 - 00001814 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-02-23 17:06 - 2017-02-23 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-02-23 17:06 - 2017-02-23 17:06 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-02-23 16:40 - 2017-02-23 17:10 - 543562498 _____ C:\Users\Margotka\Desktop\Windows-XP_Home-Edition_SP2_32bit.-CZ+Key...Stiffler23.rar
2017-02-23 16:36 - 2017-02-26 12:31 - 00000000 ____D C:\Users\Margotka\.VirtualBox
2017-02-23 16:36 - 2017-02-23 16:36 - 00000000 ____D C:\Users\Margotka\VirtualBox VMs
2017-02-23 16:35 - 2017-02-23 16:35 - 00001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2017-02-23 16:35 - 2017-02-23 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-02-23 16:35 - 2017-02-23 16:35 - 00000000 ____D C:\Program Files\Oracle
2017-02-23 16:35 - 2017-01-16 17:38 - 00959720 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2017-02-23 16:35 - 2017-01-16 17:38 - 00149304 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2017-02-23 15:50 - 2017-02-23 15:50 - 00000000 ____D C:\Pharaoh
2017-02-21 18:36 - 2017-02-21 18:36 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-21 18:36 - 2017-02-09 23:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-21 18:36 - 2017-01-26 01:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-21 18:36 - 2017-01-26 01:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-21 18:36 - 2017-01-26 01:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-21 18:36 - 2017-01-26 01:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-21 18:35 - 2017-02-10 00:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-21 18:35 - 2017-02-09 23:57 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-21 18:35 - 2017-02-09 23:57 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-21 18:31 - 2017-02-21 18:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-21 18:29 - 2017-02-10 03:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-02-21 18:29 - 2017-02-10 03:33 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-02-21 18:29 - 2017-02-10 03:33 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-02-21 18:20 - 2017-02-21 18:20 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-21 18:20 - 2017-02-21 18:20 - 00000000 ____D C:\Users\Margotka\AppData\Local\NVIDIA Corporation
2017-02-21 18:20 - 2017-02-21 18:20 - 00000000 ____D C:\Users\Margotka\AppData\Local\NVIDIA
2017-02-21 18:20 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-02-21 18:20 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-02-21 18:20 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-02-21 18:20 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-02-21 18:19 - 2015-08-27 01:37 - 01423120 ____R (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-02-21 18:19 - 2015-08-27 01:37 - 01316000 ____R (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-02-21 18:19 - 2015-08-27 01:36 - 01756424 ____R (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-02-21 18:19 - 2015-08-27 01:36 - 01710568 ____R (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-02-21 18:19 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-02-21 18:19 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-02-21 18:18 - 2017-02-21 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-21 18:18 - 2015-08-11 05:52 - 00072504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-21 18:18 - 2015-08-11 05:52 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-02-21 18:18 - 2015-08-11 05:52 - 00050472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-02-21 18:17 - 2017-03-09 19:26 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-21 18:17 - 2017-02-09 23:57 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-21 18:17 - 2017-02-09 23:57 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-21 18:17 - 2017-02-09 23:57 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-21 18:17 - 2017-02-09 23:57 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-21 18:17 - 2017-02-09 23:57 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-21 18:17 - 2017-02-09 23:57 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-21 18:16 - 2017-02-10 03:33 - 00512960 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-21 18:16 - 2017-02-10 03:33 - 00418752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-21 18:16 - 2015-08-25 19:38 - 01898104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435582.dll
2017-02-21 18:15 - 2015-08-25 19:38 - 01558648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435582.dll
2017-02-21 18:13 - 2017-02-21 18:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-21 18:13 - 2017-02-21 18:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-21 18:12 - 2017-02-10 03:33 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-21 18:12 - 2015-08-25 19:38 - 17932648 ____N (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2017-02-21 18:11 - 2017-02-10 03:33 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-21 18:11 - 2015-08-30 23:47 - 11188880 ____N (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2017-02-21 18:11 - 2015-08-25 19:38 - 12611824 ____N (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2017-02-21 18:09 - 2017-02-21 18:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-21 02:54 - 2017-02-21 02:55 - 01166812 _____ C:\WINDOWS\Minidump\022117-15703-01.dmp
2017-02-20 18:51 - 2017-02-20 18:51 - 00746940 _____ C:\WINDOWS\Minidump\022017-16312-01.dmp
2017-02-20 14:55 - 2017-02-20 14:56 - 00947172 _____ C:\WINDOWS\Minidump\022017-16609-01.dmp
2017-02-20 04:22 - 2017-02-20 04:23 - 00419548 _____ C:\WINDOWS\Minidump\022017-17125-01.dmp
2017-02-20 04:21 - 2017-02-20 04:21 - 00649660 _____ C:\WINDOWS\Minidump\022017-15453-01.dmp
2017-02-20 04:18 - 2017-02-20 04:18 - 00000000 _____ C:\WINDOWS\Minidump\022017-16046-01.dmp
2017-02-20 04:17 - 2017-02-20 04:17 - 00000000 _____ C:\WINDOWS\Minidump\022017-15562-01.dmp
2017-02-19 21:23 - 2017-02-19 21:24 - 00559196 _____ C:\WINDOWS\Minidump\021917-18656-01.dmp
2017-02-19 21:21 - 2017-02-19 21:22 - 00968044 _____ C:\WINDOWS\Minidump\021917-15453-01.dmp
2017-02-19 21:18 - 2017-02-19 21:18 - 01155292 _____ C:\WINDOWS\Minidump\021917-16671-01.dmp
2017-02-19 21:17 - 2017-02-19 21:17 - 01161076 _____ C:\WINDOWS\Minidump\021917-15234-01.dmp
2017-02-19 21:12 - 2017-02-19 21:12 - 01189812 _____ C:\WINDOWS\Minidump\021917-16609-01.dmp
2017-02-19 14:32 - 2017-02-19 14:33 - 00954988 _____ C:\WINDOWS\Minidump\021917-23171-01.dmp
2017-02-19 14:01 - 2017-02-19 14:01 - 00836652 _____ C:\WINDOWS\Minidump\021917-19265-01.dmp
2017-02-19 13:59 - 2017-02-19 13:59 - 00900860 _____ C:\WINDOWS\Minidump\021917-17203-01.dmp
2017-02-19 13:51 - 2017-02-19 13:52 - 00803052 _____ C:\WINDOWS\Minidump\021917-18468-01.dmp
2017-02-19 13:18 - 2017-02-19 13:19 - 00000000 ___RD C:\Users\Margotka\3D Objects
2017-02-19 12:59 - 2017-02-19 13:23 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2017-02-19 12:59 - 2017-02-19 12:59 - 00000000 ____D C:\Users\Default\AppData\Local\MicrosoftEdge
2017-02-19 12:59 - 2017-02-19 12:59 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-02-19 12:59 - 2017-02-19 12:59 - 00000000 ____D C:\Users\Default User\AppData\Local\MicrosoftEdge
2017-02-19 12:59 - 2017-02-19 12:59 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-02-19 12:58 - 2017-02-19 13:23 - 00000000 ____D C:\Users\Margotka\AppData\Roaming\Seznam.cz
2017-02-19 10:06 - 2017-02-19 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2017-02-19 10:06 - 2017-02-19 10:06 - 00000000 ____D C:\Program Files (x86)\HD Tune
2017-02-19 09:33 - 2017-02-19 09:34 - 01107212 _____ C:\WINDOWS\Minidump\021917-14703-01.dmp
2017-02-19 09:16 - 2017-02-19 09:17 - 00971892 _____ C:\WINDOWS\Minidump\021917-21796-01.dmp
2017-02-19 09:15 - 2017-02-19 09:15 - 00639996 _____ C:\WINDOWS\Minidump\021917-14046-01.dmp
2017-02-19 09:12 - 2017-02-19 09:12 - 00425740 _____ C:\WINDOWS\Minidump\021917-23328-01.dmp
2017-02-19 08:36 - 2017-02-19 08:36 - 00638612 _____ C:\WINDOWS\Minidump\021917-13390-01.dmp
2017-02-19 06:37 - 2017-02-19 06:37 - 00631852 _____ C:\WINDOWS\Minidump\021917-13859-01.dmp
2017-02-19 06:36 - 2017-02-19 06:36 - 00636964 _____ C:\WINDOWS\Minidump\021917-12968-01.dmp
2017-02-19 06:34 - 2017-02-19 06:34 - 00688964 _____ C:\WINDOWS\Minidump\021917-14265-01.dmp
2017-02-19 06:33 - 2017-02-19 06:33 - 00624796 _____ C:\WINDOWS\Minidump\021917-12703-01.dmp
2017-02-19 06:26 - 2017-02-19 06:26 - 00643092 _____ C:\WINDOWS\Minidump\021917-12828-01.dmp
2017-02-19 06:23 - 2017-02-21 02:54 - 261148167 _____ C:\WINDOWS\MEMORY.DMP
2017-02-19 06:23 - 2017-02-21 02:54 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-19 06:23 - 2017-02-19 06:23 - 00357084 _____ C:\WINDOWS\Minidump\021917-24828-01.dmp
2017-02-12 11:14 - 2017-02-12 11:14 - 00000000 ____D C:\Users\Margotka\AppData\Roaming\MPC-HC
2017-02-12 11:12 - 2017-02-12 11:12 - 00001152 _____ C:\Users\Public\Desktop\MPC-HC.lnk
2017-02-12 11:12 - 2017-02-12 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2017-02-12 11:12 - 2017-02-12 11:12 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2017-02-10 15:16 - 2017-02-23 15:53 - 00001372 _____ C:\Users\Public\Desktop\AT&T Special Offer.lnk
2017-02-10 15:15 - 2017-02-10 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Impressions Games
2017-02-09 18:03 - 2017-02-26 12:30 - 00000000 ____D C:\SIERRA
2017-02-09 17:19 - 2017-02-17 02:13 - 00000000 ____D C:\Users\Margotka\AppData\Roaming\Canon
2017-02-09 17:19 - 2017-02-09 17:19 - 00000000 ___HD C:\ProgramData\CanonIJQuickMenu
2017-02-09 17:18 - 2017-02-24 08:28 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-09 17:04 - 2017-02-09 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrace uživatele zařízení Canon iP2800 series
2017-02-09 17:04 - 2013-09-12 05:00 - 00394240 _____ (CANON INC.) C:\WINDOWS\system32\CNMXLMC1.DLL
2017-02-09 17:03 - 2017-02-09 17:03 - 00002094 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2017-02-09 17:03 - 2017-02-09 17:03 - 00000000 ____D C:\Users\Margotka\AppData\LocalLow\Canon Easy-WebPrint EX2
2017-02-09 17:03 - 2017-02-09 17:03 - 00000000 ____D C:\Users\Margotka\AppData\LocalLow\Canon Easy-WebPrint EX
2017-02-09 17:02 - 2017-02-09 17:02 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2017-02-09 16:59 - 2017-02-09 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-02-09 16:59 - 2017-02-09 17:03 - 00000000 ____D C:\Program Files\Canon
2017-02-09 16:59 - 2017-02-09 16:59 - 00002431 _____ C:\Users\Public\Desktop\Canon iP2800 series Elektronická příručka.lnk
2017-02-09 16:59 - 2017-02-09 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2800 series Manual
2017-02-09 16:58 - 2017-02-09 16:58 - 00000000 ___HD C:\Program Files\CanonBJ
2017-02-09 16:56 - 2017-02-09 17:03 - 00000000 ____D C:\Program Files (x86)\Canon
2017-02-09 16:53 - 2017-02-09 16:53 - 00000000 ___HD C:\ProgramData\CanonBJ
2017-02-09 16:52 - 2013-09-12 05:00 - 00391168 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMC1.DLL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 20:28 - 2016-12-13 20:26 - 00000000 ____D C:\Users\Margotka\AppData\Roaming\Skype
2017-03-09 19:35 - 2016-12-14 04:37 - 00000000 ____D C:\Users\Margotka
2017-03-09 19:31 - 2016-12-13 18:59 - 02278560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-09 19:31 - 2016-07-16 23:25 - 00878648 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-09 19:31 - 2016-07-16 23:25 - 00219590 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-09 19:26 - 2016-12-14 04:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 19:25 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-03-09 18:50 - 2016-12-13 19:31 - 00001375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-09 16:34 - 2016-12-14 04:29 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 04:17 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-09 04:17 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-09 04:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-08 18:48 - 2016-12-13 19:29 - 00000000 ____D C:\Users\Margotka\AppData\Local\Google
2017-03-08 14:49 - 2016-12-13 18:57 - 00000000 ____D C:\Users\Margotka\AppData\Local\Packages
2017-03-03 11:35 - 2017-01-02 10:40 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-28 09:31 - 2016-12-13 20:08 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-26 12:35 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-24 08:25 - 2016-12-13 18:57 - 00000000 ____D C:\Users\Margotka\AppData\Roaming\Adobe
2017-02-23 20:02 - 2016-12-13 20:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 20:02 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-23 19:59 - 2016-12-13 20:04 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 17:06 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-23 15:53 - 2017-02-04 20:03 - 00000541 _____ C:\WINDOWS\SIERRA.INI
2017-02-23 15:50 - 2017-02-04 20:04 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line
2017-02-22 18:08 - 2016-12-14 05:02 - 00003296 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-22 18:08 - 2016-12-13 19:00 - 00002396 _____ C:\Users\Margotka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-22 18:08 - 2016-12-13 19:00 - 00000000 ___RD C:\Users\Margotka\OneDrive
2017-02-21 18:17 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2017-02-19 12:26 - 2016-12-13 18:57 - 00000000 ____D C:\Users\Margotka\AppData\Local\VirtualStore
2017-02-10 04:08 - 2016-12-13 20:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-10 04:08 - 2016-12-13 20:26 - 00000000 ____D C:\ProgramData\Skype
2017-02-10 03:33 - 2017-01-04 15:19 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-02-10 03:33 - 2017-01-04 15:19 - 00217528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-02-10 03:33 - 2017-01-04 10:07 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-08 19:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2017-03-09 20:19 - 2017-03-09 20:21 - 0029696 _____ () C:\Users\Margotka\AppData\Local\MSGBOX.EXE

Files to move or delete:
====================
C:\Users\Margotka\chrome_cleanup_tool.exe


Some files in TEMP:
====================
2017-02-09 16:56 - 2013-08-27 02:55 - 1042512 ____N (CANON INC.) C:\Users\Margotka\AppData\Local\Temp\MSETUP4.EXE
2017-02-21 18:18 - 2015-08-25 15:19 - 1174968 _____ (NVIDIA Corporation) C:\Users\Margotka\AppData\Local\Temp\nvSCPAPI.dll
2017-02-21 18:18 - 2015-08-25 15:19 - 1370144 _____ (NVIDIA Corporation) C:\Users\Margotka\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-21 18:30 - 2015-08-25 15:18 - 0785528 _____ (NVIDIA Corporation) C:\Users\Margotka\AppData\Local\Temp\nvStInst.exe
2017-02-19 13:23 - 2017-02-19 13:23 - 0534528 _____ () C:\Users\Margotka\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-03 11:40

==================== End of FRST.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1975653691-2592054781-435822119-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
Edge HomeButtonPage: HKU\S-1-5-21-1975653691-2592054781-435822119-1001 -> hxxp://www.startpageing123.com/?type=hp ... 6686866868
C:\Users\Margotka\chrome_cleanup_tool.exe
C:\Users\Margotka\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[margot]

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Margotka (09-03-2017 21:17:35) Run:1
Running from C:\Users\Margotka\Desktop
Loaded Profiles: Margotka (Available Profiles: Margotka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1975653691-2592054781-435822119-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
Edge HomeButtonPage: HKU\S-1-5-21-1975653691-2592054781-435822119-1001 -> hxxp://www.startpageing123.com/?type=hp ... 6686866868
C:\Users\Margotka\chrome_cleanup_tool.exe
C:\Users\Margotka\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1975653691-2592054781-435822119-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1975653691-2592054781-435822119-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => value removed successfully
C:\Users\Margotka\chrome_cleanup_tool.exe => moved successfully

"C:\Users\Margotka\AppData\Local\Temp" folder move:

Could not move "C:\Users\Margotka\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 308208 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32925144 B
Java, Flash, Steam htmlcache => 714 B
Windows/system/drivers => 288703208 B
Edge => 28604443 B
Chrome => 892262681 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7072 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 11822720 B
LocalService => 0 B
NetworkService => 1198 B
Margotka => 1167651398 B

RecycleBin => 663739346 B
EmptyTemp: => 2.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-03-2017 21:22:32)

C:\Users\Margotka\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:22:35 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[margot]

Chrome vypada v pohode. Ale kdyz zkusim spustit Microsoft Edge (ne ze by byl pouzivan, jen zkouska), otvira se opet ta stranka, ktera vyskakovala v Chromu a Adw cleaner hlasi 1 hrozbu:

# AdwCleaner v6.044 - Log vytvořen 10/03/2017 v 04:35:15
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-09.3 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Margotka - DESKTOP-K5DSTCE
# Spuštěno z : C:\Users\Margotka\Desktop\adwcleaner_6.044.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Složky ] *****

Nebyly nalezeny žádné škodlivé složky.


***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.


***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.


***** [ Registry ] *****

Nebyly nalezeny žádné škodlivé položky registru.


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6751 Bajty] - [09/03/2017 18:50:47]
C:\AdwCleaner\AdwCleaner[C2].txt - [1395 Bajty] - [09/03/2017 19:25:19]
C:\AdwCleaner\AdwCleaner[C3].txt - [1735 Bajty] - [10/03/2017 04:23:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [8499 Bajty] - [09/03/2017 04:24:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [8853 Bajty] - [09/03/2017 18:50:08]
C:\AdwCleaner\AdwCleaner[S2].txt - [1694 Bajty] - [09/03/2017 19:24:44]
C:\AdwCleaner\AdwCleaner[S3].txt - [1840 Bajty] - [09/03/2017 19:30:39]
C:\AdwCleaner\AdwCleaner[S4].txt - [1974 Bajty] - [10/03/2017 04:20:37]
C:\AdwCleaner\AdwCleaner[S5].txt - [1907 Bajty] - [10/03/2017 04:35:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1980 Bajty] ##########

[Rudy]

Ještě zkuste tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[margot]

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Margotka on 10.03.2017 at 18:02:52,28.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Margotka\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10.03.2017 18:04:53 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Seznam.cz deleted successfully
C:\Program Files\AMD deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Seznam.cz not found
C:\PROGRA~2\psconvert deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\tasks\WinZip Update Notifier deleted
C:\windows\SysNative\tasks\WinZipBackGroundToolsTask deleted
C:\Users\Margotka\AppData\Local\MSGBOX.EXE deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================


Seznam Lištička - Email - Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Lištička - Slovník - Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
Seznam Lištička - Rychlá volba - Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
Chrome Media Router - Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Margotka\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Margotka\AppData\Local\Microsoft\Windows\INetCache\IE\5MRFLHMJ will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=18 folders=16 14777955 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Margotka\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Margotka\AppData\Local\Microsoft\Windows\INetCache\IE\5MRFLHMJ" not found

==== EOF on 10.03.2017 at 18:27:20,58 ======================



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Home x64
Ran by Margotka (Administrator) on 10.03.2017 at 18:31:37,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 7

Successfully deleted: C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Folder)
Successfully deleted: C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage-journal (File)
Successfully deleted: C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage (File)
Successfully deleted: C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage-journal (File)
Successfully deleted: C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage (File)
Successfully deleted: C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage-journal (File)
Successfully deleted: C:\Users\Margotka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.03.2017 at 18:39:27,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~