Kontrola logu

[veteran13]

Zdravim,

chtel bych poprosit o kontrolu logu, vcera jsem si stahl program SUPER (z nostalgie, kdysi jsem jej pouzival a libil se mi) no a už při instalaci mi Avast začal křičet.. Poté jsem projel počítat programem Malwarebytes, ten smazal nějaké věci a potom už počítač fungoval normálně. Po nějaké době mi vyskočila od Avastu hláška že program msiexec.exe chtěl stáhnout něco odsud:

http://d3fvqqrg4wynbi.cloudfront.net/Up ... 919D49D84D [L] Win32:Malware-gen (0)

tak se bojím že mi tam něco zůstalo, protože mi v Chromu po spuštění vyskočilo ještě několik oken s reklamou. Zkoušel jsem to projet ještě Avastem a ten nic nenašel, a ted ještě AdwCleanerem, co něco našel (Log v příloze).
Omlouvám se za dlouhý text
Díky za pomoc
Lukáš

Log z RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by veteran at 2017-04-02 20:16:04
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 127 GB (55%) free of 229 GB
Total RAM: 8136 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:08, on 2.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\EasyPHP-Devserver-16.1\eds-dashboard\eds-launcher.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EasyPHP-Devserver-16.1\eds-binaries\httpserver\apache2418vc11x86x170203122125\bin\eds-httpserver.exe
C:\Program Files (x86)\EasyPHP-Devserver-16.1\eds-binaries\httpserver\apache2418vc11x86x170203122125\bin\eds-httpserver.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
C:\Program Files\trend micro\veteran.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: PDF Architect 5 Helper - {AEA429F3-D2D4-4BD7-A03E-5357DA017733} - C:\Program Files (x86)\PDF Architect 5\creator-ie-helper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator-ie-plugin.dll
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [f.lux] "C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKCU\..\Run: [Kaspersky Software Updater] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe" ksu autorun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\veteran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\veteran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
O4 - Startup: EasyPHP Devserver 16.1.1.lnk = C:\Program Files (x86)\EasyPHP-Devserver-16.1\run-easyphp-devserver.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Služba Kaspersky Security Scan (kss) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: Služba KSU (ksu) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
O23 - Service: Autodesk Simulation Moldflow MITSI 2017 Job Manager (mitsijm2017) - Autodesk, Inc. - C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: PDF Architect 5 - pdfforge GmbH - C:\Program Files\PDF Architect 5\ws.exe
O23 - Service: PDF Architect 5 CrashHandler - pdfforge GmbH - C:\Program Files\PDF Architect 5\crash-handler-ws.exe
O23 - Service: PDF Architect 5 Creator - pdfforge GmbH - C:\Program Files\PDF Architect 5\creator-ws.exe
O23 - Service: PDF Architect 5 Manager - © pdfforge GmbH. - C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RepetierServer - Unknown owner - E:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 12147 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe"
"C:\Program Files\PDF Architect 5\creator-ws.exe"
"C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe"
"E:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
AvastUI.exe /nogui
"C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files\Rainmeter\Rainmeter.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\AdwCleaner\AdwCleaner[C0].txt
eds-dashboard/eds-launcher.exe
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -session-token:847ba3b8-de6c-40e0-8206-51450061a8ec -target-handle:156 -target-shutdown-event:152 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -method:collectupload
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"..\eds-binaries\httpserver\apache2418vc11x86x170203122125\bin\eds-httpserver.exe"
\??\C:\Windows\system32\conhost.exe "4662274584284398651222661970-299142046-14382831814946205411754261366-534054149
"C:\Program Files (x86)\EasyPHP-Devserver-16.1\eds-binaries\httpserver\apache2418vc11x86x170203122125\bin\eds-httpserver.exe" -d "C:/Program Files (x86)/EasyPHP-Devserver-16.1/eds-binaries/httpserver/apache2418vc11x86x170203122125"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="5808.5.1705871249\1400242158" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 5808 "\\.\pipe\gecko-crash-server-pipe.5808" tab
C:\Windows\system32\msiexec.exe /V
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=renderer --disable-gpu-compositing --disable-pinch --no-sandbox --lang=en-US --lang=en-US --log-file="C:\Users\veteran\AppData\Roaming\AVAST Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36 Avastium (17.3.2291)" --proxy-auto-detect --disable-webaudio --mute-audio --force-wave-audio --disable-gpu --disable-software-rasterizer --no-sandbox --disable-webgl --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --allow-file-access-from-files=1 --pack_loading_disabled=1 --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3720.0.1949935769\366763195" /prefetch:1
taskeng.exe {0ECE8BE9-8D70-4F40-94F3-E51D49689802}

"C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\AVAST Software\Avast\report\WebShield_zaloha.txt
taskeng.exe {216B88C0-19CD-4744-90FE-F7336F9EFC55}
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\veteran\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\veteran\AppData\Roaming\Mozilla\Firefox\Profiles\4z7411bc.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://127.0.0.1:8080/main_page.php"

"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF48
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF48


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


C:\Users\veteran\AppData\Roaming\Mozilla\Firefox\Profiles\4z7411bc.default\searchplugins\
googletranslate.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-06 213704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-31 895528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-03-06 659232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-06 3002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-06 150728]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-09 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-31 773920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEA429F3-D2D4-4BD7-A03E-5357DA017733}]
PDF Architect 5 Helper - C:\Program Files (x86)\PDF Architect 5\creator-ie-helper.dll [2017-02-10 43400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-03-06 445216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-06 2032432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-09 186944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{84F23192-A475-4038-B5C0-8584777F2DF4} - PDF Architect 5 Toolbar - C:\Program Files (x86)\PDF Architect 5\creator-ie-plugin.dll [2017-02-10 553352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-03-31 213824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"f.lux"=C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe [2016-12-06 1024240]
"Spotify Web Helper"=C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-03-25 1446000]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
"KSS"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-12-15 1556448]
"Kaspersky Software Updater"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [2016-11-26 1565000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\veteran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"=C:\Windows\system32\cmd.exe [2010-11-21 345088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Users\veteran\AppData\Local\Akamai\netsession_win.exe [2017-01-03 4490200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Desktop App]
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [2016-07-01 721856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount]
C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-02-02 4701888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\Eraser.exe [2016-08-28 1074600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2017-03-21 23819304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\veteran\AppData\Roaming\Spotify\Spotify.exe [2017-03-25 7089776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-03-25 1446000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\veteran\AppData\Roaming\uTorrent\uTorrent.exe [2017-03-17 2147520]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2017-03-21 28065728]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]

C:\Users\veteran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EasyPHP Devserver 16.1.1.lnk - C:\Program Files (x86)\EasyPHP-Devserver-16.1\run-easyphp-devserver.exe
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2017-04-02 20:16:04 ----D---- C:\rsit
2017-04-02 20:16:04 ----D---- C:\Program Files\trend micro
2017-04-02 19:54:41 ----D---- C:\FRST
2017-04-02 19:50:52 ----D---- C:\AdwCleaner
2017-04-02 19:32:20 ----D---- C:\ProgramData\Kaspersky Lab
2017-04-02 19:32:20 ----D---- C:\Program Files (x86)\Kaspersky Lab
2017-04-02 19:31:35 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2017-04-02 17:23:57 ----A---- C:\Windows\ntbtlog.txt
2017-04-02 12:19:49 ----A---- C:\Windows\wininit.ini
2017-03-31 23:25:53 ----A---- C:\Windows\system32\aswBoot.exe
2017-03-31 22:52:09 ----D---- C:\Users\veteran\AppData\Roaming\Profiles
2017-03-31 22:44:17 ----D---- C:\Users\veteran\AppData\Roaming\GetRightToGo
2017-03-31 22:42:07 ----D---- C:\ProgramData\DigitalWave.ApplicationUpdater_files
2017-03-31 22:19:47 ----D---- C:\Users\veteran\AppData\Roaming\Mp3tag
2017-03-31 14:49:58 ----D---- C:\Users\veteran\AppData\Roaming\DataRecommendations
2017-03-19 13:29:34 ----D---- C:\ProgramData\Repetier-Server
2017-03-19 13:21:59 ----D---- C:\Users\veteran\AppData\Roaming\PSpad
2017-03-19 11:45:01 ----D---- C:\Users\veteran\AppData\Roaming\Slic3r
2017-03-18 21:39:51 ----SD---- C:\Windows\SYSWOW64\Microsoft
2017-03-15 14:36:11 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-03-15 14:36:11 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-03-15 14:36:11 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\win32k.sys
2017-03-15 14:36:11 ----A---- C:\Windows\system32\schannel.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\rpcrt4.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-03-15 14:36:11 ----A---- C:\Windows\system32\ntdll.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\msxml3.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\lsasrv.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\kerberos.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\DWrite.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\advapi32.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\WcsPlugInService.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\usp10.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\mscms.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\icm32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\wow64win.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\wow64cpu.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\wow64.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\winsrv.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\wdigest.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\WcsPlugInService.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\usp10.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\TSpkg.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\sspisrv.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\sspicli.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\srcore.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\srclient.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\smss.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\secur32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\rstrui.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\rpchttp.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\quartz.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\ntvdm64.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\ncrypt.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\msv1_0.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\mscms.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\msaudite.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\lsass.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\KernelBase.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\kernel32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\inetcomm.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\icm32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\gdi32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\FntCache.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\srv.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\appid.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\csrsrv.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\cryptbase.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\credssp.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\conhost.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\certcli.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\bcrypt.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\auditpol.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\appidsvc.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\appidapi.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\adtschema.dll
2017-03-15 14:36:10 ----A---- C:\Windows\HelpPane.exe
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\user.exe
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\INETRES.dll
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-03-15 14:36:09 ----A---- C:\Windows\system32\msxml3r.dll
2017-03-15 14:36:09 ----A---- C:\Windows\system32\msobjs.dll
2017-03-15 14:36:09 ----A---- C:\Windows\system32\INETRES.dll
2017-03-15 14:36:09 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-03-15 14:36:09 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-03-15 14:36:09 ----A---- C:\Windows\system32\apisetschema.dll
2017-03-15 14:35:26 ----A---- C:\Windows\system32\generaltel.dll
2017-03-15 14:35:26 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-03-15 14:35:26 ----A---- C:\Windows\system32\appraiser.dll
2017-03-15 14:35:26 ----A---- C:\Windows\system32\aeinv.dll
2017-03-11 01:17:46 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2017-03-11 01:17:46 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2017-03-11 01:17:46 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2017-03-11 01:17:46 ----A---- C:\Windows\system32\DbxSvc.exe
2017-03-10 17:07:12 ----D---- C:\Users\veteran\AppData\Roaming\Subversion
2017-03-10 17:04:59 ----D---- C:\Users\veteran\AppData\Roaming\MathWorks
2017-03-09 13:20:24 ----D---- C:\Users\veteran\AppData\Roaming\Sun
2017-03-09 13:20:20 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2017-03-09 13:20:07 ----D---- C:\Program Files (x86)\Java
2017-03-09 13:17:57 ----D---- C:\Users\veteran\AppData\Roaming\Arduino15
2017-03-09 13:01:48 ----A---- C:\Windows\system32\drivers\CH341S64.SYS
2017-03-09 12:51:40 ----D---- C:\ProgramData\Oracle
2017-03-09 01:28:11 ----D---- C:\Users\veteran\AppData\Roaming\Spotify
2017-03-04 13:52:36 ----D---- C:\ProgramData\pdfforge
2017-03-04 13:52:26 ----D---- C:\Users\veteran\AppData\Roaming\PDF Architect 5
2017-03-04 13:51:51 ----D---- C:\Program Files\PDF Architect 5
2017-03-04 13:51:51 ----D---- C:\Program Files (x86)\PDF Architect 5
2017-03-04 13:51:28 ----D---- C:\ProgramData\PDF Architect 5
2017-03-04 13:51:27 ----A---- C:\Windows\system32\pdfcmon.dll
2017-03-04 13:51:21 ----D---- C:\Program Files\PDFCreator

======List of files/folders modified in the last 1 month======

2017-04-02 20:16:04 ----RD---- C:\Program Files
2017-04-02 20:13:33 ----D---- C:\Windows\Temp
2017-04-02 20:09:14 ----D---- C:\Windows\System32
2017-04-02 20:09:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-02 20:03:15 ----D---- C:\ProgramData\NVIDIA
2017-04-02 20:02:48 ----D---- C:\Windows\system32\config
2017-04-02 20:02:25 ----RD---- C:\Program Files (x86)
2017-04-02 20:02:25 ----D---- C:\Windows\system32\Tasks
2017-04-02 19:55:10 ----D---- C:\Windows
2017-04-02 19:32:31 ----SHD---- C:\Windows\Installer
2017-04-02 19:32:20 ----HD---- C:\ProgramData
2017-04-02 19:23:24 ----D---- C:\Program Files (x86)\Adobe
2017-04-02 19:23:05 ----D---- C:\Users\veteran\AppData\Roaming\Adobe
2017-04-02 19:23:05 ----D---- C:\ProgramData\Adobe
2017-04-02 17:36:27 ----D---- C:\Windows\inf
2017-04-02 12:24:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-04-02 12:24:31 ----SHD---- C:\System Volume Information
2017-04-02 12:21:33 ----D---- C:\Program Files (x86)\Common Files
2017-04-02 12:21:05 ----D---- C:\Windows\system32\drivers
2017-04-02 12:19:50 ----SD---- C:\ProgramData\Microsoft
2017-04-01 12:35:12 ----D---- C:\Program Files\Common Files\AV
2017-03-31 23:14:39 ----D---- C:\Windows\system32\NDF
2017-03-31 23:02:15 ----D---- C:\Users\veteran\AppData\Roaming\uTorrent
2017-03-31 22:47:42 ----D---- C:\Users\veteran\AppData\Roaming\vlc
2017-03-31 22:18:02 ----D---- C:\Windows\SysWOW64
2017-03-29 14:30:41 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-29 14:30:41 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-03-28 17:51:57 ----D---- C:\Windows\system32\wdi
2017-03-24 20:54:30 ----D---- C:\Program Files (x86)\Dropbox
2017-03-22 14:22:52 ----D---- C:\Program Files (x86)\Microsoft Office
2017-03-21 22:15:56 ----D---- C:\Windows\Microsoft.NET
2017-03-21 21:44:21 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2017-03-18 21:44:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-03-18 21:44:22 ----D---- C:\Windows\system32\Macromed
2017-03-18 21:44:19 ----D---- C:\Windows\SYSWOW64\Macromed
2017-03-16 00:55:38 ----D---- C:\Windows\rescache
2017-03-15 14:49:01 ----D---- C:\Windows\winsxs
2017-03-15 14:48:12 ----D---- C:\Windows\SYSWOW64\migration
2017-03-15 14:48:12 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-03-15 14:48:12 ----D---- C:\Windows\system32\migration
2017-03-15 14:48:12 ----D---- C:\Windows\system32\en-US
2017-03-15 14:48:12 ----D---- C:\Windows\system32\cs-CZ
2017-03-15 14:48:12 ----D---- C:\Windows\system32\Boot
2017-03-15 14:48:12 ----D---- C:\Windows\AppPatch
2017-03-15 14:38:18 ----D---- C:\Windows\system32\MRT
2017-03-15 14:37:04 ----AC---- C:\Windows\system32\MRT.exe
2017-03-15 14:36:26 ----D---- C:\Windows\system32\appraiser
2017-03-15 14:35:44 ----D---- C:\Windows\system32\catroot2
2017-03-10 17:03:24 ----RSD---- C:\Windows\assembly
2017-03-10 17:03:23 ----SD---- C:\Users\veteran\AppData\Roaming\Microsoft
2017-03-10 08:50:28 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2017-03-09 13:53:44 ----D---- C:\Windows\system32\DriverStore
2017-03-09 00:02:39 ----D---- C:\Games
2017-03-05 22:10:12 ----D---- C:\Autodesk
2017-03-04 13:46:44 ----D---- C:\Users\veteran\AppData\Roaming\Autodesk
2017-03-04 13:46:44 ----D---- C:\ProgramData\Autodesk

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-03-31 189768]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-03-31 334088]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-03-31 48528]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-03-31 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-03-31 339696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-03-31 307736]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-03-31 32600]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-03-31 101152]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-03-31 1005048]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-03-31 556784]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-03-31 127112]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-03-31 164064]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2017-02-03 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2017-02-03 47672]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2017-01-24 217528]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2016-08-23 1035272]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-03-31 38296]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 CH341SER_A64;CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [2015-01-26 59904]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB RS-232 Emulation Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdAppMgrSvc;Autodesk Desktop App Service; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [2016-07-01 1295376]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-03-31 261712]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2017-03-05 3736776]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2017-03-11 46408]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 mitsijm2017;Autodesk Simulation Moldflow MITSI 2017 Job Manager; C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe [2015-08-04 967456]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-01-20 464440]
R2 PDF Architect 5 Creator;PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator-ws.exe [2017-02-10 856976]
R2 PDF Architect 5 Manager;PDF Architect 5 Manager; C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [2017-02-01 985904]
R2 RepetierServer;RepetierServer; E:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe [2016-12-08 5970792]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-03-31 7398336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-03 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-31 153752]
S2 kss;Služba Kaspersky Security Scan; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-12-15 1556448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-18 271960]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-03 143144]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-02 1471168]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2017-02-03 1591264]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-31 153752]
S3 ksu;Služba KSU; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [2016-11-26 1565000]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-03-28 172488]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-03-05 207056]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2016-12-27 5132888]
S3 PDF Architect 5 CrashHandler;PDF Architect 5 CrashHandler; C:\Program Files\PDF Architect 5\crash-handler-ws.exe [2017-02-10 1048976]
S3 PDF Architect 5;PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2017-02-10 2706824]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-01-31 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-29 51384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]

-----------------EOF-----------------

Log z AdwCleaner:

# AdwCleaner v6.045 - Log vytvořen 02/04/2017 v 20:02:27
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-04-01.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : veteran - VETERAN-PC
# Spuštěno z : D:\Download\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Program Files (x86)\Stumogeqebut


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Conrystolisp


***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-871744448-797879700-811612399-1000\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\msServer
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1185 Bajty] - [02/04/2017 20:02:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [1578 Bajty] - [02/04/2017 19:57:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1331 Bajty] ##########

[veteran13]

Log FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by veteran (administrator) on VETERAN-PC (02-04-2017 19:54:47)
Running from C:\Users\veteran\Desktop
Loaded Profiles: veteran (Available Profiles: veteran)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Flux Software LLC) C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Aestan Software) C:\Program Files (x86)\EasyPHP-Devserver-16.1\eds-dashboard\eds-launcher.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apache Software Foundation) C:\Program Files (x86)\EasyPHP-Devserver-16.1\eds-binaries\httpserver\apache2418vc11x86x170203122125\bin\eds-httpserver.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Apache Software Foundation) C:\Program Files (x86)\EasyPHP-Devserver-16.1\eds-binaries\httpserver\apache2418vc11x86x170203122125\bin\eds-httpserver.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 5\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
() E:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2017\Bin\Inventor.exe
(Autodesk) C:\Program Files\Common Files\Autodesk Shared\CLM\V3\MSVC14\cliccore\acwebbrowser.exe
(Autodesk) C:\Program Files\Common Files\Autodesk Shared\CLM\V3\MSVC14\cliccore\acwebbrowser.exe
(Autodesk) C:\Program Files\Common Files\Autodesk Shared\CLM\V3\MSVC14\cliccore\acwebbrowser.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Node.js) C:\Program Files\Autodesk\Desktop Connect\forever\node.exe
(Node.js) C:\Program Files\Autodesk\Desktop Connect\forever\node.exe
(Autodesk) C:\Program Files\Autodesk\Inventor 2017\Bin\Bin32\AcWebBrowser.exe
(Autodesk) C:\Program Files\Autodesk\Inventor 2017\Bin\Bin32\AcWebBrowser.exe
(Autodesk) C:\Program Files\Autodesk\Inventor 2017\Bin\Bin32\AcWebBrowser.exe
(Autodesk) C:\Program Files\Common Files\Autodesk Shared\CLM\V3\MSVC14\cliccore\acwebbrowser.exe
(Autodesk) C:\Program Files\Common Files\Autodesk Shared\CLM\V3\MSVC14\cliccore\acwebbrowser.exe
(Autodesk) C:\Program Files\Common Files\Autodesk Shared\CLM\V3\MSVC14\cliccore\acwebbrowser.exe
(Spotify Ltd) C:\Users\veteran\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\veteran\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\veteran\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\veteran\AppData\Roaming\Spotify\Spotify.exe
() D:\Download\adwcleaner_6.045.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(forum.viry.cz) C:\Users\veteran\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-03-31] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-871744448-797879700-811612399-1000\...\Run: [f.lux] => C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-871744448-797879700-811612399-1000\...\Run: [Spotify Web Helper] => C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-25] (Spotify Ltd)
HKU\S-1-5-21-871744448-797879700-811612399-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-871744448-797879700-811612399-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-871744448-797879700-811612399-1000\...\Run: [Kaspersky Software Updater] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-21-871744448-797879700-811612399-1000\...\RunOnce: [Uninstall C:\Users\veteran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\veteran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-871744448-797879700-811612399-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-31] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-31] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
Startup: C:\Users\veteran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EasyPHP Devserver 16.1.1.lnk [2017-02-04]
ShortcutTarget: EasyPHP Devserver 16.1.1.lnk -> C:\Program Files (x86)\EasyPHP-Devserver-16.1\run-easyphp-devserver.exe ()
Startup: C:\Users\veteran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-02-03]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{D68B2ED6-B282-47B2-B414-FE56AB6C24E7}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-871744448-797879700-811612399-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-31] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-03-06] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-09] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-31] (AVAST Software)
BHO-x32: PDF Architect 5 Helper -> {AEA429F3-D2D4-4BD7-A03E-5357DA017733} -> C:\Program Files (x86)\PDF Architect 5\creator-ie-helper.dll [2017-02-10] (pdfforge GmbH)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-03-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-09] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator-ie-plugin.dll [2017-02-10] (pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 4z7411bc.default
FF ProfilePath: C:\Users\veteran\AppData\Roaming\Mozilla\Firefox\Profiles\4z7411bc.default [2017-04-02]
FF Homepage: Mozilla\Firefox\Profiles\4z7411bc.default -> hxxp://127.0.0.1:8080/main_page.php
FF Extension: (Ghostery) - C:\Users\veteran\AppData\Roaming\Mozilla\Firefox\Profiles\4z7411bc.default\Extensions\firefox@ghostery.com.xpi [2017-02-12]
FF Extension: (Adblock Plus) - C:\Users\veteran\AppData\Roaming\Mozilla\Firefox\Profiles\4z7411bc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Site Deployment Checker) - C:\Users\veteran\AppData\Roaming\Mozilla\Firefox\Profiles\4z7411bc.default\features\{842cce0c-5570-4b29-94a1-6dc6b4db0655}\deployment-checker@mozilla.org.xpi [2017-03-26]
FF SearchPlugin: C:\Users\veteran\AppData\Roaming\Mozilla\Firefox\Profiles\4z7411bc.default\searchplugins\googletranslate.xml [2015-05-05]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-28] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-31]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-31]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-31] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Default [2017-04-02]
CHR Extension: (Avast Online Security) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-31]
CHR Profile: C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-02]
CHR Extension: (Prezentace Google) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-01]
CHR Extension: (Dokumenty Google) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-01]
CHR Extension: (Disk Google) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-01]
CHR Extension: (YouTube) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-01]
CHR Extension: (Avast SafePrice) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-01]
CHR Extension: (Tabulky Google) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-02]
CHR Extension: (Avast Online Security) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-01]
CHR Extension: (Gmail) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\veteran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-01]
CHR HKU\S-1-5-21-871744448-797879700-811612399-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-03-31] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-03-31] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736776 2017-03-05] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-03] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-11] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-02] (Disc Soft Ltd)
S2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
S3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
R2 mitsijm2017; C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe [967456 2015-08-04] (Autodesk, Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
S3 PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2706824 2017-02-10] (pdfforge GmbH)
S3 PDF Architect 5 CrashHandler; C:\Program Files\PDF Architect 5\crash-handler-ws.exe [1048976 2017-02-10] (pdfforge GmbH)
R2 PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator-ws.exe [856976 2017-02-10] (pdfforge GmbH)
R2 PDF Architect 5 Manager; C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985904 2017-02-01] (© pdfforge GmbH.)
R2 RepetierServer; E:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe [5970792 2016-12-08] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-03-31] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-31] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-03-31] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-31] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-03-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-03-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-03-31] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-03-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-03-31] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-03-31] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-03-31] (AVAST Software)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [59904 2015-01-26] (www.winchiphead.com)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-02-03] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-02-03] (Disc Soft Ltd)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-02 19:54 - 2017-04-02 19:54 - 00029696 _____ C:\Users\veteran\AppData\Local\MSGBOX.EXE
2017-04-02 19:54 - 2017-04-02 19:54 - 00027619 _____ C:\Users\veteran\Desktop\FRST.txt
2017-04-02 19:54 - 2017-04-02 19:54 - 00015327 _____ C:\Users\veteran\Desktop\LM.bat
2017-04-02 19:54 - 2017-04-02 19:54 - 00000000 ____D C:\FRST
2017-04-02 19:54 - 2017-04-02 19:53 - 00112640 _____ (forum.viry.cz) C:\Users\veteran\Desktop\FRSTLauncher.exe
2017-04-02 19:54 - 2017-04-02 19:52 - 02424832 _____ (Farbar) C:\Users\veteran\Desktop\FRST64.exe
2017-04-02 19:50 - 2017-04-02 19:50 - 00000000 ____D C:\AdwCleaner
2017-04-02 19:32 - 2017-04-02 19:32 - 00001237 _____ C:\Users\Public\Desktop\Kaspersky Software Updater.lnk
2017-04-02 19:32 - 2017-04-02 19:32 - 00001055 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2017-04-02 19:32 - 2017-04-02 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater
2017-04-02 19:32 - 2017-04-02 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2017-04-02 19:32 - 2017-04-02 19:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-04-02 19:32 - 2017-04-02 19:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-04-02 19:31 - 2017-04-02 19:31 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-04-02 17:23 - 2017-04-02 17:29 - 00154280 _____ C:\Windows\ntbtlog.txt
2017-04-02 12:19 - 2017-04-02 12:19 - 00000085 _____ C:\Windows\wininit.ini
2017-04-02 11:44 - 2017-04-02 11:44 - 00000000 ____D C:\Users\veteran\Documents\ProcAlyzer Dumps
2017-04-01 12:35 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-04-01 12:22 - 2017-04-01 12:22 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-03-31 23:25 - 2017-03-31 23:25 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-31 22:52 - 2017-03-31 23:20 - 00000000 ____D C:\Program Files (x86)\Stumogeqebut
2017-03-31 22:52 - 2017-03-31 22:52 - 00005084 _____ C:\Windows\System32\Tasks\Conrystolisp
2017-03-31 22:52 - 2017-03-31 22:52 - 00000000 ____D C:\Users\veteran\AppData\Local\Terisevik
2017-03-31 22:44 - 2017-04-01 11:38 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2017-03-31 22:44 - 2017-03-31 22:44 - 00000000 ____D C:\Users\veteran\AppData\Roaming\GetRightToGo
2017-03-31 22:42 - 2017-03-31 22:42 - 00000000 ____D C:\ProgramData\DigitalWave.ApplicationUpdater_files
2017-03-31 22:19 - 2017-03-31 22:35 - 00000000 ____D C:\Users\veteran\AppData\Roaming\Mp3tag
2017-03-31 22:18 - 2017-03-31 22:17 - 01081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2017-03-31 22:16 - 2017-03-31 22:16 - 00003098 _____ C:\Windows\System32\Tasks\{017EF233-61E5-40D2-BC57-9FC91FE9CA7C}
2017-03-31 22:16 - 2017-03-31 22:16 - 00000000 ____D C:\Users\veteran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2017-03-31 22:16 - 2017-03-31 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2017-03-31 22:14 - 2017-03-31 22:14 - 00000698 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2017-03-31 22:14 - 2017-03-31 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2017-03-31 14:49 - 2017-03-31 14:49 - 00000000 ____D C:\Users\veteran\AppData\Roaming\DataRecommendations
2017-03-31 14:49 - 2017-03-31 14:49 - 00000000 ____D C:\Users\veteran\AppData\Local\Microsoft_Corporation
2017-03-31 13:29 - 2017-03-31 13:29 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-03-31 13:29 - 2017-03-31 13:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-03-26 22:40 - 2017-03-26 22:38 - 06496287 _____ C:\Users\veteran\Desktop\Prezentace_1.pptx
2017-03-24 20:54 - 2017-03-24 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-19 13:29 - 2017-03-19 13:29 - 00000000 ____D C:\ProgramData\Repetier-Server
2017-03-19 13:29 - 2017-03-19 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repetier-Server
2017-03-19 13:28 - 2017-03-19 13:30 - 00000000 ____D C:\Users\veteran\AppData\Local\RepetierHost
2017-03-19 13:28 - 2017-03-19 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repetier-Host
2017-03-19 13:21 - 2017-03-19 13:23 - 00000000 ____D C:\Users\veteran\AppData\Roaming\PSpad
2017-03-19 13:14 - 2017-04-02 12:20 - 00000000 ____D C:\Users\veteran\AppData\Local\CrashDumps
2017-03-19 11:45 - 2017-03-19 11:45 - 00000000 ____D C:\Users\veteran\AppData\Roaming\Slic3r
2017-03-18 21:44 - 2017-03-18 21:44 - 00004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-18 10:23 - 2017-03-18 10:23 - 00027150 _____ C:\Users\veteran\Desktop\blabla.dxf
2017-03-15 14:36 - 2017-02-11 17:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 14:36 - 2017-02-11 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 14:36 - 2017-02-11 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 14:36 - 2017-02-10 18:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 14:36 - 2017-02-10 18:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 14:36 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 14:36 - 2017-02-10 18:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 14:36 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 14:36 - 2017-02-09 18:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 14:36 - 2017-02-09 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 14:36 - 2017-02-09 18:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 14:36 - 2017-02-09 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 14:36 - 2017-02-09 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 14:36 - 2017-02-09 18:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 14:36 - 2017-02-09 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 14:36 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 14:36 - 2017-02-09 18:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 18:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 14:36 - 2017-02-09 18:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 14:36 - 2017-02-09 18:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 14:36 - 2017-02-09 18:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 14:36 - 2017-02-09 18:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 14:36 - 2017-02-09 17:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 14:36 - 2017-02-09 17:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 14:36 - 2017-02-09 17:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 14:36 - 2017-02-09 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 14:36 - 2017-02-09 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 14:36 - 2017-02-09 17:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 14:36 - 2017-02-09 17:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 14:36 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 14:36 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 14:36 - 2017-02-09 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 14:36 - 2017-02-09 17:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 14:36 - 2017-02-09 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 14:36 - 2017-02-09 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 14:36 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 14:36 - 2017-02-09 17:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 17:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 17:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 17:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 14:36 - 2017-02-09 16:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 14:36 - 2017-02-09 16:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 14:36 - 2017-02-06 18:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 14:36 - 2017-01-13 20:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 14:36 - 2017-01-13 20:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 14:36 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 14:36 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 14:36 - 2017-01-11 20:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 14:36 - 2017-01-11 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 14:36 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 14:36 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 14:36 - 2017-01-06 20:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 14:36 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 14:35 - 2017-02-23 01:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 14:35 - 2017-02-23 01:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 14:35 - 2017-02-18 16:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 14:35 - 2017-02-18 16:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-12 22:23 - 2017-03-12 22:28 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-12 22:23 - 2017-03-12 22:23 - 00000000 ____D C:\Users\veteran\AppData\LocalLow\Adobe
2017-03-12 22:22 - 2017-03-12 22:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-03-12 22:22 - 2017-03-12 22:22 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-03-12 22:19 - 2017-03-12 22:19 - 00000000 ____D C:\Users\veteran\AppData\Local\Anark_Corporation
2017-03-12 22:18 - 2017-03-12 22:18 - 00000000 ____D C:\Users\veteran\AppData\Local\Anark
2017-03-11 21:03 - 2017-03-11 21:34 - 00000000 ____D C:\Users\veteran\Desktop\OldVersions
2017-03-11 21:02 - 2017-03-11 21:43 - 00016381 ____H C:\Users\veteran\Desktop\lockfile.lck
2017-03-11 21:02 - 2017-03-11 21:34 - 07278592 _____ C:\Users\veteran\Desktop\Part492.ipt
2017-03-11 01:17 - 2017-03-11 01:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-03-10 17:07 - 2017-03-10 17:07 - 00000000 ____D C:\Users\veteran\Documents\MATLAB
2017-03-10 17:07 - 2017-03-10 17:07 - 00000000 ____D C:\Users\veteran\AppData\Roaming\Subversion
2017-03-10 17:07 - 2017-03-10 17:07 - 00000000 ____D C:\Users\veteran\AppData\Local\MathWorks
2017-03-10 17:04 - 2017-03-10 17:04 - 00000000 ____D C:\Users\veteran\AppData\Roaming\MathWorks
2017-03-09 13:41 - 2017-03-09 13:41 - 00000706 _____ C:\Users\Public\Desktop\Arduino.lnk
2017-03-09 13:41 - 2017-03-09 13:41 - 00000706 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2017-03-09 13:20 - 2017-03-09 13:20 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-03-09 13:20 - 2017-03-09 13:20 - 00000000 ____D C:\Users\veteran\AppData\Roaming\Sun
2017-03-09 13:20 - 2017-03-09 13:20 - 00000000 ____D C:\Users\veteran\AppData\LocalLow\Sun
2017-03-09 13:20 - 2017-03-09 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-09 13:20 - 2017-03-09 13:20 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-09 13:17 - 2017-03-09 13:17 - 00000000 ____D C:\Users\veteran\AppData\Roaming\Arduino15
2017-03-09 13:11 - 2017-03-09 13:11 - 00000000 ____D C:\Users\veteran\.jssc
2017-03-09 13:01 - 2015-01-26 01:00 - 00059904 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341S64.SYS
2017-03-09 12:51 - 2017-03-19 13:46 - 00000000 ____D C:\Users\veteran\AppData\Local\Arduino15
2017-03-09 12:51 - 2017-03-09 13:20 - 00000000 ____D C:\ProgramData\Oracle
2017-03-09 12:51 - 2017-03-09 13:07 - 00000000 ____D C:\Users\veteran\Documents\Arduino
2017-03-09 01:28 - 2017-04-02 19:03 - 00000000 ____D C:\Users\veteran\AppData\Roaming\Spotify
2017-03-09 01:28 - 2017-04-01 12:43 - 00000000 ____D C:\Users\veteran\AppData\Local\Spotify
2017-03-09 01:28 - 2017-03-09 01:28 - 00277200 _____ (Spotify Ltd) C:\Users\veteran\Downloads\SpotifySetup.exe
2017-03-09 01:28 - 2017-03-09 01:28 - 00001817 _____ C:\Users\veteran\Desktop\Spotify.lnk
2017-03-09 01:28 - 2017-03-09 01:28 - 00001803 _____ C:\Users\veteran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-03-08 23:26 - 2017-03-08 23:26 - 00000000 _____ C:\Users\veteran\.node_repl_history
2017-03-08 18:08 - 2017-03-08 18:08 - 00015860 _____ C:\Users\veteran\Downloads\3338_0_3D.zip
2017-03-08 17:04 - 2017-03-08 17:04 - 00543224 _____ C:\Users\veteran\Downloads\59712900-9-32d018006.zip
2017-03-08 17:03 - 2017-03-08 17:03 - 00586913 _____ C:\Users\veteran\Downloads\59712879-9-32d022006.zip
2017-03-07 21:56 - 2017-03-07 21:56 - 00175004 _____ C:\Users\veteran\Downloads\MGN12H(1).STP
2017-03-07 21:56 - 2017-03-07 21:56 - 00148838 _____ C:\Users\veteran\Downloads\MGNR12.STP
2017-03-05 23:15 - 2017-03-10 13:55 - 13555200 _____ C:\Users\veteran\Downloads\Krčma-Martin-ENG.pdf
2017-03-05 23:15 - 2017-03-05 23:15 - 00626630 _____ C:\Users\veteran\Downloads\Zivotopis_Srnensky.pdf
2017-03-05 23:10 - 2017-03-05 23:11 - 00028553 _____ C:\Users\veteran\Desktop\Standard.pdf
2017-03-05 21:16 - 2017-03-05 21:16 - 00000000 ____D C:\Users\veteran\Downloads\OldVersions
2017-03-05 18:16 - 2017-03-05 18:16 - 00084992 _____ C:\Users\veteran\Downloads\iLogicStockSizeSample.ipt
2017-03-05 14:26 - 2017-03-05 14:26 - 00468798 _____ C:\Users\veteran\Downloads\PP-2016.zip
2017-03-04 13:52 - 2017-03-10 13:56 - 00000000 ____D C:\Users\veteran\AppData\Roaming\PDF Architect 5
2017-03-04 13:52 - 2017-03-04 13:52 - 00000800 _____ C:\Users\Public\Desktop\PDF Architect 5.lnk
2017-03-04 13:52 - 2017-03-04 13:52 - 00000000 ____D C:\Users\veteran\AppData\Local\PDFCreator
2017-03-04 13:52 - 2017-03-04 13:52 - 00000000 ____D C:\ProgramData\pdfforge
2017-03-04 13:51 - 2017-03-10 13:56 - 00000000 ____D C:\ProgramData\PDF Architect 5
2017-03-04 13:51 - 2017-03-04 13:54 - 00000000 ____D C:\Program Files\PDFCreator
2017-03-04 13:51 - 2017-03-04 13:52 - 00000000 ____D C:\Program Files\PDF Architect 5
2017-03-04 13:51 - 2017-03-04 13:52 - 00000000 ____D C:\Program Files (x86)\PDF Architect 5
2017-03-04 13:51 - 2017-03-04 13:51 - 00115200 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2017-03-04 13:51 - 2017-03-04 13:51 - 00000836 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2017-03-04 13:51 - 2017-03-04 13:51 - 00000000 ____D C:\Users\veteran\Documents\PDF Architect
2017-03-04 13:51 - 2017-03-04 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2017-03-04 13:51 - 2017-03-04 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 5
2017-03-04 13:50 - 2017-03-04 13:50 - 29000704 _____ (pdfforge GmbH ) C:\Users\veteran\Downloads\PDFCreator-2_5_1-Setup.exe
2017-03-04 13:30 - 2017-03-04 13:30 - 00002224 _____ C:\Users\veteran\Downloads\PDFSave.rar
2017-03-04 10:36 - 2017-03-04 10:36 - 00439209 _____ C:\Users\veteran\Downloads\E3D-v6_Fan_Duct.zip
2017-03-03 23:03 - 2017-03-03 23:14 - 00000000 ____D C:\Users\veteran\Downloads\Avengers Age of Ultron (2015) [1080p]
2017-03-03 23:02 - 2017-03-03 23:05 - 00000000 ____D C:\Users\veteran\Downloads\The Avengers (2012) [1080p]
2017-03-03 18:13 - 2017-03-03 18:19 - 00000000 ____D C:\Users\veteran\Downloads\Dont Breathe 2016 1080p BluRay x264 DTS-JYK

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-02 19:23 - 2017-02-04 18:19 - 00000000 ____D C:\Users\veteran\AppData\Local\Adobe
2017-04-02 19:23 - 2017-02-04 18:15 - 00000000 ____D C:\ProgramData\Adobe
2017-04-02 19:23 - 2017-02-04 18:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-02 19:23 - 2017-02-04 18:14 - 00000000 ____D C:\Users\veteran\AppData\Roaming\Adobe
2017-04-02 18:57 - 2017-02-03 09:52 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-02 17:59 - 2017-02-04 14:05 - 00000000 ____D C:\Users\Public\Documents\.forever
2017-04-02 17:38 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-02 17:38 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-02 17:36 - 2011-04-12 10:34 - 00668542 _____ C:\Windows\system32\perfh005.dat
2017-04-02 17:36 - 2011-04-12 10:34 - 00141202 _____ C:\Windows\system32\perfc005.dat
2017-04-02 17:36 - 2009-07-14 07:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-02 17:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-02 17:30 - 2017-02-03 09:52 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-02 17:30 - 2017-01-31 23:18 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-02 17:30 - 2017-01-31 21:45 - 00000000 ____D C:\Users\veteran\AppData\LocalLow\Mozilla
2017-04-02 17:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-02 12:24 - 2017-01-31 21:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-01 12:35 - 2017-01-31 22:38 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-31 23:26 - 2017-01-31 22:39 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1485895192
2017-03-31 23:25 - 2017-02-16 12:46 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-03-31 23:25 - 2017-02-16 12:46 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-03-31 23:25 - 2017-02-16 12:46 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-03-31 23:25 - 2017-02-16 12:46 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-03-31 23:25 - 2017-02-16 12:46 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-31 23:25 - 2017-01-31 22:39 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-31 23:25 - 2017-01-31 22:38 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-31 23:25 - 2017-01-31 22:38 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-03-31 23:25 - 2017-01-31 22:38 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-03-31 23:25 - 2017-01-31 22:38 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-31 23:25 - 2017-01-31 22:38 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-31 23:25 - 2017-01-31 22:38 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-31 23:25 - 2017-01-31 22:38 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-31 23:25 - 2017-01-31 22:38 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-31 23:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-31 23:02 - 2017-02-03 22:42 - 00000000 ____D C:\Users\veteran\AppData\Roaming\uTorrent
2017-03-31 22:47 - 2017-02-05 00:37 - 00000000 ____D C:\Users\veteran\AppData\Roaming\vlc
2017-03-31 15:31 - 2017-02-21 23:43 - 00000000 ___RD C:\Users\veteran\Disk Google
2017-03-31 13:29 - 2017-02-21 23:42 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-03-31 13:29 - 2017-02-21 23:42 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-03-31 13:29 - 2017-02-21 23:42 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-03-31 13:29 - 2017-02-21 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-30 15:54 - 2017-01-31 21:26 - 00000000 ____D C:\Users\veteran
2017-03-30 15:18 - 2017-01-31 22:39 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-30 15:18 - 2017-01-31 22:39 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-29 14:30 - 2017-01-31 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-29 14:30 - 2017-01-31 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-24 20:54 - 2017-02-03 09:52 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-22 14:22 - 2017-01-31 21:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-21 21:44 - 2017-01-31 21:49 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-18 21:44 - 2017-02-24 17:40 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-18 21:44 - 2017-02-24 17:40 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-18 21:44 - 2017-02-24 17:40 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-18 21:44 - 2017-02-04 18:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-16 00:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 14:48 - 2009-07-14 06:45 - 05094576 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 14:38 - 2017-01-31 22:09 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 14:37 - 2017-01-31 22:09 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-15 14:36 - 2017-02-03 10:16 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-12 22:10 - 2017-02-03 15:34 - 00000701 _____ C:\Users\veteran\Desktop\World of Warships.lnk
2017-03-10 08:50 - 2017-02-03 15:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-09 00:02 - 2017-02-03 15:34 - 00000000 ____D C:\Games
2017-03-08 17:28 - 2017-02-04 14:05 - 00000000 ____D C:\Users\veteran\Documents\Inventor
2017-03-08 15:21 - 2017-02-03 09:52 - 00000000 ____D C:\Users\veteran\AppData\Local\Dropbox
2017-03-05 22:10 - 2017-02-03 23:00 - 00000000 ____D C:\Autodesk
2017-03-05 21:16 - 2017-02-27 19:32 - 00168448 _____ C:\Users\veteran\Downloads\MGN12H.ipt
2017-03-04 13:46 - 2017-02-03 23:01 - 00000000 ____D C:\Users\veteran\AppData\Roaming\Autodesk
2017-03-04 13:46 - 2017-02-03 23:01 - 00000000 ____D C:\ProgramData\Autodesk

==================== Files in the root of some directories =======

2017-02-04 18:29 - 2017-02-26 12:05 - 0001480 _____ () C:\Users\veteran\AppData\Local\Adobe Uložit pro web 12.0 Prefs
2017-04-02 19:54 - 2017-04-02 19:54 - 0029696 _____ () C:\Users\veteran\AppData\Local\MSGBOX.EXE
2017-01-31 22:43 - 2017-02-25 17:45 - 0007616 _____ () C:\Users\veteran\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 20:13

==================== End of FRST.txt ============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[veteran13]

Už jsem to zkoušel, ještě před tvrobou těch dvou logů.. zde je výsledek:

Log z AdwCleaner:

# AdwCleaner v6.045 - Log vytvořen 02/04/2017 v 20:02:27
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-04-01.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : veteran - VETERAN-PC
# Spuštěno z : D:\Download\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Program Files (x86)\Stumogeqebut


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Conrystolisp


***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-871744448-797879700-811612399-1000\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\msServer
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1185 Bajty] - [02/04/2017 20:02:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [1578 Bajty] - [02/04/2017 19:57:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1331 Bajty] ##########

[Rudy]

Dejte nový log RSIT.

[veteran13]

Tady to je:

Logfile of random's system information tool 1.10 (written by random/random)
Run by veteran at 2017-04-03 16:45:53
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 128 GB (56%) free of 229 GB
Total RAM: 8136 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:45:55, on 3.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\EasyPHP-Devserver-16.1\eds-dashboard\eds-launcher.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\EasyPHP-Devserver-16.1\eds-binaries\httpserver\apache2418vc11x86x170203122125\bin\eds-httpserver.exe
C:\Program Files (x86)\EasyPHP-Devserver-16.1\eds-binaries\httpserver\apache2418vc11x86x170203122125\bin\eds-httpserver.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\veteran.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: PDF Architect 5 Helper - {AEA429F3-D2D4-4BD7-A03E-5357DA017733} - C:\Program Files (x86)\PDF Architect 5\creator-ie-helper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator-ie-plugin.dll
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [f.lux] "C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\veteran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\veteran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
O4 - Startup: EasyPHP Devserver 16.1.1.lnk = C:\Program Files (x86)\EasyPHP-Devserver-16.1\run-easyphp-devserver.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Služba Kaspersky Security Scan (kss) - Unknown owner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Autodesk Simulation Moldflow MITSI 2017 Job Manager (mitsijm2017) - Autodesk, Inc. - C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: PDF Architect 5 - pdfforge GmbH - C:\Program Files\PDF Architect 5\ws.exe
O23 - Service: PDF Architect 5 CrashHandler - pdfforge GmbH - C:\Program Files\PDF Architect 5\crash-handler-ws.exe
O23 - Service: PDF Architect 5 Creator - pdfforge GmbH - C:\Program Files\PDF Architect 5\creator-ws.exe
O23 - Service: PDF Architect 5 Manager - © pdfforge GmbH. - C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RepetierServer - Unknown owner - E:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11953 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
taskeng.exe {DFE90A77-0B36-4AB2-81C1-A3E680BED57E}
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
AvastUI.exe /nogui
"C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe"
"C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
eds-dashboard/eds-launcher.exe
"C:\Program Files\Rainmeter\Rainmeter.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"..\eds-binaries\httpserver\apache2418vc11x86x170203122125\bin\eds-httpserver.exe"
\??\C:\Windows\system32\conhost.exe "21034909396015492841010217973-529539296-2091742411-7564012771346256987-1720716068
C:\Windows\system32\DbxSvc.exe
"C:\Program Files (x86)\EasyPHP-Devserver-16.1\eds-binaries\httpserver\apache2418vc11x86x170203122125\bin\eds-httpserver.exe" -d "C:/Program Files (x86)/EasyPHP-Devserver-16.1/eds-binaries/httpserver/apache2418vc11x86x170203122125"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe"
C:\Windows\system32\msiexec.exe /V
"C:\Program Files\PDF Architect 5\creator-ws.exe"
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -session-token:e78b4131-2439-4027-a239-4652c85b3eb4 -target-handle:156 -target-shutdown-event:152 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -method:collectupload
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe"
"E:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4576.0.1466528975\288956776" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\veteran\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\veteran\AppData\Roaming\Mozilla\Firefox\Profiles\4z7411bc.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://127.0.0.1:8080/main_page.php"

"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF48
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF48


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


C:\Users\veteran\AppData\Roaming\Mozilla\Firefox\Profiles\4z7411bc.default\searchplugins\
googletranslate.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-06 213704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-31 895528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-03-06 659232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-06 3002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-06 150728]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-09 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-31 773920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEA429F3-D2D4-4BD7-A03E-5357DA017733}]
PDF Architect 5 Helper - C:\Program Files (x86)\PDF Architect 5\creator-ie-helper.dll [2017-02-10 43400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-03-06 445216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-06 2032432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-09 186944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{84F23192-A475-4038-B5C0-8584777F2DF4} - PDF Architect 5 Toolbar - C:\Program Files (x86)\PDF Architect 5\creator-ie-plugin.dll [2017-02-10 553352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-03-31 213824]
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2017-01-20 2780112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"f.lux"=C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe [2016-12-06 1024240]
"Spotify Web Helper"=C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-03-25 1446000]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
"KSS"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe autorun []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\veteran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"=C:\Windows\system32\cmd.exe [2010-11-21 345088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Users\veteran\AppData\Local\Akamai\netsession_win.exe [2017-01-03 4490200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Desktop App]
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [2016-07-01 721856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount]
C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-02-02 4701888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\Eraser.exe [2016-08-28 1074600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2017-03-21 23819304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\veteran\AppData\Roaming\Spotify\Spotify.exe [2017-03-25 7089776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-03-25 1446000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\veteran\AppData\Roaming\uTorrent\uTorrent.exe [2017-03-17 2147520]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2017-03-21 28065728]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]

C:\Users\veteran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EasyPHP Devserver 16.1.1.lnk - C:\Program Files (x86)\EasyPHP-Devserver-16.1\run-easyphp-devserver.exe
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2017-04-02 21:01:08 ----A---- C:\Windows\system32\drivers\MBAMChameleon.sys
2017-04-02 21:01:06 ----A---- C:\Windows\system32\drivers\mwac.sys
2017-04-02 21:01:06 ----A---- C:\Windows\system32\drivers\farflt.sys
2017-04-02 21:01:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2017-04-02 21:00:59 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2017-04-02 21:00:55 ----A---- C:\Windows\system32\drivers\mbae64.sys
2017-04-02 21:00:52 ----D---- C:\ProgramData\Malwarebytes
2017-04-02 21:00:52 ----D---- C:\Program Files\Malwarebytes
2017-04-02 20:43:17 ----SHD---- C:\Config.Msi
2017-04-02 20:16:04 ----D---- C:\rsit
2017-04-02 20:16:04 ----D---- C:\Program Files\trend micro
2017-04-02 19:54:41 ----D---- C:\FRST
2017-04-02 19:50:52 ----D---- C:\AdwCleaner
2017-04-02 19:32:20 ----D---- C:\ProgramData\Kaspersky Lab
2017-04-02 19:31:35 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2017-04-02 17:23:57 ----A---- C:\Windows\ntbtlog.txt
2017-04-02 12:19:49 ----A---- C:\Windows\wininit.ini
2017-03-31 23:25:53 ----A---- C:\Windows\system32\aswBoot.exe
2017-03-31 22:52:09 ----D---- C:\Users\veteran\AppData\Roaming\Profiles
2017-03-31 22:44:17 ----D---- C:\Users\veteran\AppData\Roaming\GetRightToGo
2017-03-31 22:42:07 ----D---- C:\ProgramData\DigitalWave.ApplicationUpdater_files
2017-03-31 22:19:47 ----D---- C:\Users\veteran\AppData\Roaming\Mp3tag
2017-03-31 14:49:58 ----D---- C:\Users\veteran\AppData\Roaming\DataRecommendations
2017-03-19 13:29:34 ----D---- C:\ProgramData\Repetier-Server
2017-03-19 13:21:59 ----D---- C:\Users\veteran\AppData\Roaming\PSpad
2017-03-19 11:45:01 ----D---- C:\Users\veteran\AppData\Roaming\Slic3r
2017-03-18 21:39:51 ----SD---- C:\Windows\SYSWOW64\Microsoft
2017-03-15 14:36:11 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-03-15 14:36:11 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-03-15 14:36:11 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\win32k.sys
2017-03-15 14:36:11 ----A---- C:\Windows\system32\schannel.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\rpcrt4.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-03-15 14:36:11 ----A---- C:\Windows\system32\ntdll.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\msxml3.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\lsasrv.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\kerberos.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\DWrite.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\advapi32.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\WcsPlugInService.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\usp10.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\mscms.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\icm32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\wow64win.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\wow64cpu.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\wow64.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\winsrv.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\wdigest.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\WcsPlugInService.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\usp10.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\TSpkg.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\sspisrv.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\sspicli.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\srcore.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\srclient.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\smss.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\secur32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\rstrui.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\rpchttp.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\quartz.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\ntvdm64.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\ncrypt.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\msv1_0.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\mscms.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\msaudite.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\lsass.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\KernelBase.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\kernel32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\inetcomm.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\icm32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\gdi32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\FntCache.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\srv.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\appid.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\csrsrv.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\cryptbase.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\credssp.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\conhost.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\certcli.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\bcrypt.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\auditpol.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\appidsvc.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\appidapi.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\adtschema.dll
2017-03-15 14:36:10 ----A---- C:\Windows\HelpPane.exe
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\user.exe
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\INETRES.dll
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-03-15 14:36:09 ----A---- C:\Windows\system32\msxml3r.dll
2017-03-15 14:36:09 ----A---- C:\Windows\system32\msobjs.dll
2017-03-15 14:36:09 ----A---- C:\Windows\system32\INETRES.dll
2017-03-15 14:36:09 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-03-15 14:36:09 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-03-15 14:36:09 ----A---- C:\Windows\system32\apisetschema.dll
2017-03-15 14:35:26 ----A---- C:\Windows\system32\generaltel.dll
2017-03-15 14:35:26 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-03-15 14:35:26 ----A---- C:\Windows\system32\appraiser.dll
2017-03-15 14:35:26 ----A---- C:\Windows\system32\aeinv.dll
2017-03-11 01:17:46 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2017-03-11 01:17:46 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2017-03-11 01:17:46 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2017-03-11 01:17:46 ----A---- C:\Windows\system32\DbxSvc.exe
2017-03-10 17:07:12 ----D---- C:\Users\veteran\AppData\Roaming\Subversion
2017-03-10 17:04:59 ----D---- C:\Users\veteran\AppData\Roaming\MathWorks
2017-03-09 13:20:24 ----D---- C:\Users\veteran\AppData\Roaming\Sun
2017-03-09 13:20:20 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2017-03-09 13:20:07 ----D---- C:\Program Files (x86)\Java
2017-03-09 13:17:57 ----D---- C:\Users\veteran\AppData\Roaming\Arduino15
2017-03-09 13:01:48 ----A---- C:\Windows\system32\drivers\CH341S64.SYS
2017-03-09 12:51:40 ----D---- C:\ProgramData\Oracle
2017-03-09 01:28:11 ----D---- C:\Users\veteran\AppData\Roaming\Spotify
2017-03-04 13:52:36 ----D---- C:\ProgramData\pdfforge
2017-03-04 13:52:26 ----D---- C:\Users\veteran\AppData\Roaming\PDF Architect 5
2017-03-04 13:51:51 ----D---- C:\Program Files\PDF Architect 5
2017-03-04 13:51:51 ----D---- C:\Program Files (x86)\PDF Architect 5
2017-03-04 13:51:28 ----D---- C:\ProgramData\PDF Architect 5
2017-03-04 13:51:27 ----A---- C:\Windows\system32\pdfcmon.dll
2017-03-04 13:51:21 ----D---- C:\Program Files\PDFCreator

======List of files/folders modified in the last 1 month======

2017-04-03 16:45:23 ----D---- C:\Windows\system32\config
2017-04-03 16:45:05 ----D---- C:\Windows\Temp
2017-04-03 16:42:41 ----D---- C:\Windows\system32\drivers
2017-04-03 16:42:07 ----D---- C:\ProgramData\NVIDIA
2017-04-02 21:00:52 ----RD---- C:\Program Files
2017-04-02 21:00:52 ----HD---- C:\ProgramData
2017-04-02 20:45:27 ----SHD---- C:\System Volume Information
2017-04-02 20:44:56 ----RD---- C:\Program Files (x86)
2017-04-02 20:43:20 ----SHD---- C:\Windows\Installer
2017-04-02 20:09:14 ----D---- C:\Windows\System32
2017-04-02 20:09:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-02 20:02:25 ----D---- C:\Windows\system32\Tasks
2017-04-02 19:55:10 ----D---- C:\Windows
2017-04-02 19:23:24 ----D---- C:\Program Files (x86)\Adobe
2017-04-02 19:23:05 ----D---- C:\Users\veteran\AppData\Roaming\Adobe
2017-04-02 19:23:05 ----D---- C:\ProgramData\Adobe
2017-04-02 17:36:27 ----D---- C:\Windows\inf
2017-04-02 12:24:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-04-02 12:21:33 ----D---- C:\Program Files (x86)\Common Files
2017-04-02 12:19:50 ----SD---- C:\ProgramData\Microsoft
2017-04-01 12:35:12 ----D---- C:\Program Files\Common Files\AV
2017-03-31 23:14:39 ----D---- C:\Windows\system32\NDF
2017-03-31 23:02:15 ----D---- C:\Users\veteran\AppData\Roaming\uTorrent
2017-03-31 22:47:42 ----D---- C:\Users\veteran\AppData\Roaming\vlc
2017-03-31 22:18:02 ----D---- C:\Windows\SysWOW64
2017-03-29 14:30:41 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-29 14:30:41 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-03-28 17:51:57 ----D---- C:\Windows\system32\wdi
2017-03-24 20:54:30 ----D---- C:\Program Files (x86)\Dropbox
2017-03-22 14:22:52 ----D---- C:\Program Files (x86)\Microsoft Office
2017-03-21 22:15:56 ----D---- C:\Windows\Microsoft.NET
2017-03-21 21:44:21 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2017-03-18 21:44:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-03-18 21:44:22 ----D---- C:\Windows\system32\Macromed
2017-03-18 21:44:19 ----D---- C:\Windows\SYSWOW64\Macromed
2017-03-16 00:55:38 ----D---- C:\Windows\rescache
2017-03-15 14:49:01 ----D---- C:\Windows\winsxs
2017-03-15 14:48:12 ----D---- C:\Windows\SYSWOW64\migration
2017-03-15 14:48:12 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-03-15 14:48:12 ----D---- C:\Windows\system32\migration
2017-03-15 14:48:12 ----D---- C:\Windows\system32\en-US
2017-03-15 14:48:12 ----D---- C:\Windows\system32\cs-CZ
2017-03-15 14:48:12 ----D---- C:\Windows\system32\Boot
2017-03-15 14:48:12 ----D---- C:\Windows\AppPatch
2017-03-15 14:38:18 ----D---- C:\Windows\system32\MRT
2017-03-15 14:37:04 ----AC---- C:\Windows\system32\MRT.exe
2017-03-15 14:36:26 ----D---- C:\Windows\system32\appraiser
2017-03-15 14:35:44 ----D---- C:\Windows\system32\catroot2
2017-03-10 17:03:24 ----RSD---- C:\Windows\assembly
2017-03-10 17:03:23 ----SD---- C:\Users\veteran\AppData\Roaming\Microsoft
2017-03-10 08:50:28 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2017-03-09 13:53:44 ----D---- C:\Windows\system32\DriverStore
2017-03-09 00:02:39 ----D---- C:\Games
2017-03-05 22:10:12 ----D---- C:\Autodesk
2017-03-04 13:46:44 ----D---- C:\Users\veteran\AppData\Roaming\Autodesk
2017-03-04 13:46:44 ----D---- C:\ProgramData\Autodesk

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-03-31 189768]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-03-31 334088]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-03-31 48528]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-03-31 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-03-31 339696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-03-31 307736]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-03-31 32600]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-03-31 101152]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-03-31 1005048]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-03-31 556784]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\Windows\system32\drivers\mbae64.sys [2017-03-24 77440]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-03-31 127112]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-03-31 164064]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [2017-04-02 186304]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2017-02-03 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2017-02-03 47672]
R3 MBAMFarflt;MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [2017-04-03 111544]
R3 MBAMProtection;MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [2017-04-03 43968]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2017-04-03 251832]
R3 MBAMWebProtection;MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [2017-04-03 82720]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2017-01-24 217528]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2016-08-23 1035272]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-03-31 38296]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 CH341SER_A64;CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [2015-01-26 59904]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB RS-232 Emulation Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdAppMgrSvc;Autodesk Desktop App Service; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [2016-07-01 1295376]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-03-31 261712]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2017-03-05 3736776]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2017-03-11 46408]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-01-20 4355024]
R2 mitsijm2017;Autodesk Simulation Moldflow MITSI 2017 Job Manager; C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe [2015-08-04 967456]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-01-20 464440]
R2 PDF Architect 5 Creator;PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator-ws.exe [2017-02-10 856976]
R2 PDF Architect 5 Manager;PDF Architect 5 Manager; C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [2017-02-01 985904]
R2 RepetierServer;RepetierServer; E:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe [2016-12-08 5970792]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-03-31 7398336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-03 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-31 153752]
S2 kss;Služba Kaspersky Security Scan; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-18 271960]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-03 143144]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-02 1471168]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2017-02-03 1591264]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-31 153752]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-03-28 172488]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-03-05 207056]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2016-12-27 5132888]
S3 PDF Architect 5 CrashHandler;PDF Architect 5 CrashHandler; C:\Program Files\PDF Architect 5\crash-handler-ws.exe [2017-02-10 1048976]
S3 PDF Architect 5;PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2017-02-10 2706824]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-01-31 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-29 51384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]

-----------------EOF-----------------

[Rudy]

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.

[veteran13]

Logfile of random's system information tool 1.10 (written by random/random)
Run by veteran at 2017-04-03 18:01:27
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 128 GB (56%) free of 229 GB
Total RAM: 8136 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:01:29, on 3.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\EasyPHP-Devserver-16.1\eds-dashboard\eds-launcher.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\veteran.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: PDF Architect 5 Helper - {AEA429F3-D2D4-4BD7-A03E-5357DA017733} - C:\Program Files (x86)\PDF Architect 5\creator-ie-helper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator-ie-plugin.dll
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [f.lux] "C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\veteran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\veteran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
O4 - Startup: EasyPHP Devserver 16.1.1.lnk = C:\Program Files (x86)\EasyPHP-Devserver-16.1\run-easyphp-devserver.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Služba Kaspersky Security Scan (kss) - Unknown owner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Autodesk Simulation Moldflow MITSI 2017 Job Manager (mitsijm2017) - Autodesk, Inc. - C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: PDF Architect 5 - pdfforge GmbH - C:\Program Files\PDF Architect 5\ws.exe
O23 - Service: PDF Architect 5 CrashHandler - pdfforge GmbH - C:\Program Files\PDF Architect 5\crash-handler-ws.exe
O23 - Service: PDF Architect 5 Creator - pdfforge GmbH - C:\Program Files\PDF Architect 5\creator-ws.exe
O23 - Service: PDF Architect 5 Manager - © pdfforge GmbH. - C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RepetierServer - Unknown owner - E:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11473 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {A4D09EA2-8B3F-424F-BCBB-68D7C6DAAA82}
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe"
C:\Windows\system32\msiexec.exe /V
"C:\Program Files\PDF Architect 5\creator-ws.exe"
"C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe"
"E:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Windows\notepad.exe" D:\_OTM\MovedFiles\04032017_175552.log
AvastUI.exe /nogui
"C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files\Rainmeter\Rainmeter.exe"
eds-dashboard/eds-launcher.exe
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -session-token:80f6f362-4ede-4a1e-8ff7-eb64b85271b4 -target-handle:156 -target-shutdown-event:152 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -method:collectupload
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4352.5.1035878906\1784397944" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4352 "\\.\pipe\gecko-crash-server-pipe.4352" tab
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\sppsvc.exe
taskhost.exe $(Arg0)
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\veteran\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\veteran\AppData\Roaming\Mozilla\Firefox\Profiles\4z7411bc.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://127.0.0.1:8080/main_page.php"

"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF48
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF48


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


C:\Users\veteran\AppData\Roaming\Mozilla\Firefox\Profiles\4z7411bc.default\searchplugins\
googletranslate.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-06 213704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-31 895528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-03-06 659232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-06 3002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-06 150728]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-09 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-31 773920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEA429F3-D2D4-4BD7-A03E-5357DA017733}]
PDF Architect 5 Helper - C:\Program Files (x86)\PDF Architect 5\creator-ie-helper.dll [2017-02-10 43400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-03-06 445216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-06 2032432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-09 186944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{84F23192-A475-4038-B5C0-8584777F2DF4} - PDF Architect 5 Toolbar - C:\Program Files (x86)\PDF Architect 5\creator-ie-plugin.dll [2017-02-10 553352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-03-31 213824]
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2017-01-20 2780112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"f.lux"=C:\Users\veteran\AppData\Local\FluxSoftware\Flux\flux.exe [2016-12-06 1024240]
"Spotify Web Helper"=C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-03-25 1446000]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
"KSS"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe autorun []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\veteran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"=C:\Windows\system32\cmd.exe [2010-11-21 345088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Users\veteran\AppData\Local\Akamai\netsession_win.exe [2017-01-03 4490200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Desktop App]
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [2016-07-01 721856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount]
C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-02-02 4701888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\Eraser.exe [2016-08-28 1074600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2017-03-21 23819304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\veteran\AppData\Roaming\Spotify\Spotify.exe [2017-03-25 7089776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\veteran\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-03-25 1446000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\veteran\AppData\Roaming\uTorrent\uTorrent.exe [2017-03-17 2147520]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2017-03-21 28065728]

C:\Users\veteran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EasyPHP Devserver 16.1.1.lnk - C:\Program Files (x86)\EasyPHP-Devserver-16.1\run-easyphp-devserver.exe
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2017-04-02 21:01:08 ----A---- C:\Windows\system32\drivers\MBAMChameleon.sys
2017-04-02 21:01:06 ----A---- C:\Windows\system32\drivers\mwac.sys
2017-04-02 21:01:06 ----A---- C:\Windows\system32\drivers\farflt.sys
2017-04-02 21:01:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2017-04-02 21:00:59 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2017-04-02 21:00:55 ----A---- C:\Windows\system32\drivers\mbae64.sys
2017-04-02 21:00:52 ----D---- C:\ProgramData\Malwarebytes
2017-04-02 21:00:52 ----D---- C:\Program Files\Malwarebytes
2017-04-02 20:43:17 ----SHD---- C:\Config.Msi
2017-04-02 20:16:04 ----D---- C:\rsit
2017-04-02 20:16:04 ----D---- C:\Program Files\trend micro
2017-04-02 19:54:41 ----D---- C:\FRST
2017-04-02 19:50:52 ----D---- C:\AdwCleaner
2017-04-02 19:32:20 ----D---- C:\ProgramData\Kaspersky Lab
2017-04-02 19:31:35 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2017-04-02 17:23:57 ----A---- C:\Windows\ntbtlog.txt
2017-04-02 12:19:49 ----A---- C:\Windows\wininit.ini
2017-03-31 23:25:53 ----A---- C:\Windows\system32\aswBoot.exe
2017-03-31 22:52:09 ----D---- C:\Users\veteran\AppData\Roaming\Profiles
2017-03-31 22:44:17 ----D---- C:\Users\veteran\AppData\Roaming\GetRightToGo
2017-03-31 22:42:07 ----D---- C:\ProgramData\DigitalWave.ApplicationUpdater_files
2017-03-31 22:19:47 ----D---- C:\Users\veteran\AppData\Roaming\Mp3tag
2017-03-31 14:49:58 ----D---- C:\Users\veteran\AppData\Roaming\DataRecommendations
2017-03-19 13:29:34 ----D---- C:\ProgramData\Repetier-Server
2017-03-19 13:21:59 ----D---- C:\Users\veteran\AppData\Roaming\PSpad
2017-03-19 11:45:01 ----D---- C:\Users\veteran\AppData\Roaming\Slic3r
2017-03-18 21:39:51 ----SD---- C:\Windows\SYSWOW64\Microsoft
2017-03-15 14:36:11 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-03-15 14:36:11 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-03-15 14:36:11 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\win32k.sys
2017-03-15 14:36:11 ----A---- C:\Windows\system32\schannel.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\rpcrt4.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-03-15 14:36:11 ----A---- C:\Windows\system32\ntdll.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\msxml3.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\lsasrv.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\kerberos.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\DWrite.dll
2017-03-15 14:36:11 ----A---- C:\Windows\system32\advapi32.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 14:36:10 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\WcsPlugInService.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\usp10.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\mscms.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\icm32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\wow64win.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\wow64cpu.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\wow64.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\winsrv.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\wdigest.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\WcsPlugInService.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\usp10.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\TSpkg.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\sspisrv.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\sspicli.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\srcore.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\srclient.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\smss.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\secur32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\rstrui.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\rpchttp.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\quartz.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\ntvdm64.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\ncrypt.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\msv1_0.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\mscms.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\msaudite.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\lsass.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\KernelBase.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\kernel32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\inetcomm.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\icm32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\gdi32.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\FntCache.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\srv.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\drivers\appid.sys
2017-03-15 14:36:10 ----A---- C:\Windows\system32\csrsrv.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\cryptbase.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\credssp.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\conhost.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\certcli.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\bcrypt.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\auditpol.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\appidsvc.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 14:36:10 ----A---- C:\Windows\system32\appidapi.dll
2017-03-15 14:36:10 ----A---- C:\Windows\system32\adtschema.dll
2017-03-15 14:36:10 ----A---- C:\Windows\HelpPane.exe
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 14:36:09 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\user.exe
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\INETRES.dll
2017-03-15 14:36:09 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-03-15 14:36:09 ----A---- C:\Windows\system32\msxml3r.dll
2017-03-15 14:36:09 ----A---- C:\Windows\system32\msobjs.dll
2017-03-15 14:36:09 ----A---- C:\Windows\system32\INETRES.dll
2017-03-15 14:36:09 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-03-15 14:36:09 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-03-15 14:36:09 ----A---- C:\Windows\system32\apisetschema.dll
2017-03-15 14:35:26 ----A---- C:\Windows\system32\generaltel.dll
2017-03-15 14:35:26 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-03-15 14:35:26 ----A---- C:\Windows\system32\appraiser.dll
2017-03-15 14:35:26 ----A---- C:\Windows\system32\aeinv.dll
2017-03-11 01:17:46 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2017-03-11 01:17:46 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2017-03-11 01:17:46 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2017-03-11 01:17:46 ----A---- C:\Windows\system32\DbxSvc.exe
2017-03-10 17:07:12 ----D---- C:\Users\veteran\AppData\Roaming\Subversion
2017-03-10 17:04:59 ----D---- C:\Users\veteran\AppData\Roaming\MathWorks
2017-03-09 13:20:24 ----D---- C:\Users\veteran\AppData\Roaming\Sun
2017-03-09 13:20:20 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2017-03-09 13:20:07 ----D---- C:\Program Files (x86)\Java
2017-03-09 13:17:57 ----D---- C:\Users\veteran\AppData\Roaming\Arduino15
2017-03-09 13:01:48 ----A---- C:\Windows\system32\drivers\CH341S64.SYS
2017-03-09 12:51:40 ----D---- C:\ProgramData\Oracle
2017-03-09 01:28:11 ----D---- C:\Users\veteran\AppData\Roaming\Spotify
2017-03-04 13:52:36 ----D---- C:\ProgramData\pdfforge
2017-03-04 13:52:26 ----D---- C:\Users\veteran\AppData\Roaming\PDF Architect 5
2017-03-04 13:51:51 ----D---- C:\Program Files\PDF Architect 5
2017-03-04 13:51:51 ----D---- C:\Program Files (x86)\PDF Architect 5
2017-03-04 13:51:28 ----D---- C:\ProgramData\PDF Architect 5
2017-03-04 13:51:27 ----A---- C:\Windows\system32\pdfcmon.dll
2017-03-04 13:51:21 ----D---- C:\Program Files\PDFCreator

======List of files/folders modified in the last 1 month======

2017-04-03 18:00:55 ----D---- C:\Windows\system32\config
2017-04-03 18:00:29 ----D---- C:\Windows\Temp
2017-04-03 17:58:11 ----D---- C:\Windows\system32\drivers
2017-04-03 17:57:50 ----D---- C:\ProgramData\NVIDIA
2017-04-03 16:48:22 ----D---- C:\Windows\System32
2017-04-03 16:48:22 ----D---- C:\Windows\inf
2017-04-03 16:48:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-02 21:00:52 ----RD---- C:\Program Files
2017-04-02 21:00:52 ----HD---- C:\ProgramData
2017-04-02 20:45:27 ----SHD---- C:\System Volume Information
2017-04-02 20:44:56 ----RD---- C:\Program Files (x86)
2017-04-02 20:43:20 ----SHD---- C:\Windows\Installer
2017-04-02 20:02:25 ----D---- C:\Windows\system32\Tasks
2017-04-02 19:55:10 ----D---- C:\Windows
2017-04-02 19:23:24 ----D---- C:\Program Files (x86)\Adobe
2017-04-02 19:23:05 ----D---- C:\Users\veteran\AppData\Roaming\Adobe
2017-04-02 19:23:05 ----D---- C:\ProgramData\Adobe
2017-04-02 12:24:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-04-02 12:21:33 ----D---- C:\Program Files (x86)\Common Files
2017-04-02 12:19:50 ----SD---- C:\ProgramData\Microsoft
2017-04-01 12:35:12 ----D---- C:\Program Files\Common Files\AV
2017-03-31 23:14:39 ----D---- C:\Windows\system32\NDF
2017-03-31 23:02:15 ----D---- C:\Users\veteran\AppData\Roaming\uTorrent
2017-03-31 22:47:42 ----D---- C:\Users\veteran\AppData\Roaming\vlc
2017-03-31 22:18:02 ----D---- C:\Windows\SysWOW64
2017-03-29 14:30:41 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-29 14:30:41 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-03-28 17:51:57 ----D---- C:\Windows\system32\wdi
2017-03-24 20:54:30 ----D---- C:\Program Files (x86)\Dropbox
2017-03-22 14:22:52 ----D---- C:\Program Files (x86)\Microsoft Office
2017-03-21 22:15:56 ----D---- C:\Windows\Microsoft.NET
2017-03-21 21:44:21 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2017-03-18 21:44:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-03-18 21:44:22 ----D---- C:\Windows\system32\Macromed
2017-03-18 21:44:19 ----D---- C:\Windows\SYSWOW64\Macromed
2017-03-16 00:55:38 ----D---- C:\Windows\rescache
2017-03-15 14:49:01 ----D---- C:\Windows\winsxs
2017-03-15 14:48:12 ----D---- C:\Windows\SYSWOW64\migration
2017-03-15 14:48:12 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-03-15 14:48:12 ----D---- C:\Windows\system32\migration
2017-03-15 14:48:12 ----D---- C:\Windows\system32\en-US
2017-03-15 14:48:12 ----D---- C:\Windows\system32\cs-CZ
2017-03-15 14:48:12 ----D---- C:\Windows\system32\Boot
2017-03-15 14:48:12 ----D---- C:\Windows\AppPatch
2017-03-15 14:38:18 ----D---- C:\Windows\system32\MRT
2017-03-15 14:37:04 ----AC---- C:\Windows\system32\MRT.exe
2017-03-15 14:36:26 ----D---- C:\Windows\system32\appraiser
2017-03-15 14:35:44 ----D---- C:\Windows\system32\catroot2
2017-03-10 17:03:24 ----RSD---- C:\Windows\assembly
2017-03-10 17:03:23 ----SD---- C:\Users\veteran\AppData\Roaming\Microsoft
2017-03-10 08:50:28 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2017-03-09 13:53:44 ----D---- C:\Windows\system32\DriverStore
2017-03-09 00:02:39 ----D---- C:\Games
2017-03-05 22:10:12 ----D---- C:\Autodesk
2017-03-04 13:46:44 ----D---- C:\Users\veteran\AppData\Roaming\Autodesk
2017-03-04 13:46:44 ----D---- C:\ProgramData\Autodesk

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-03-31 189768]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-03-31 334088]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-03-31 48528]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-03-31 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-03-31 339696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-03-31 307736]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-03-31 32600]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-03-31 101152]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-03-31 1005048]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-03-31 556784]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-03-31 127112]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-03-31 164064]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2017-02-03 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2017-02-03 47672]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2017-01-24 217528]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2016-08-23 1035272]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-03-31 38296]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 CH341SER_A64;CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [2015-01-26 59904]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB RS-232 Emulation Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdAppMgrSvc;Autodesk Desktop App Service; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [2016-07-01 1295376]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-03-31 261712]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2017-03-05 3736776]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2017-03-11 46408]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 mitsijm2017;Autodesk Simulation Moldflow MITSI 2017 Job Manager; C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe [2015-08-04 967456]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-01-20 464440]
R2 PDF Architect 5 Creator;PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator-ws.exe [2017-02-10 856976]
R2 PDF Architect 5 Manager;PDF Architect 5 Manager; C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [2017-02-01 985904]
R2 RepetierServer;RepetierServer; E:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe [2016-12-08 5970792]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-03-31 7398336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-03 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-31 153752]
S2 kss;Služba Kaspersky Security Scan; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r []
S2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-01-20 4355024]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-18 271960]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-03 143144]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-02 1471168]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2017-02-03 1591264]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-31 153752]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-03-28 172488]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-03-05 207056]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2016-12-27 5132888]
S3 PDF Architect 5 CrashHandler;PDF Architect 5 CrashHandler; C:\Program Files\PDF Architect 5\crash-handler-ws.exe [2017-02-10 1048976]
S3 PDF Architect 5;PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2017-02-10 2706824]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-01-31 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-29 51384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]

-----------------EOF-----------------

[Rudy]

Smazáno. Log by již měl být OK.

[veteran13]

Výborně, díky moc za pomoc

[Rudy]

Rádo se stalo!