Zdravím mam problém s virem

[Danielqwertiz]

Adware helpers (12 infekcí)
Adware.RelevantKnowledge (18 infekcí)
Tohle mi našel Spy Hunter 4

Tady je Log z HiJackThis v 2.0.4

Logfile of random's system information tool 1.16 (written by random/random)
Run by Qwertiz at 2017-05-02 16:51:12
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1425 GB (75%) free of 1908 GB
Total RAM: 8092 MB (69% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:51:21, on 2.5.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Users\Qwertiz\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Qwertiz_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12454
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Qwertiz\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Qwertiz\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Plus Android Service (BstHdPlusAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Overwolf Updater Windows SCM (OverwolfUpdater) - Overwolf LTD - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter4 Service (SpyHunter 4 Service) - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11022 bytes

====== Enumerating Processes ======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
"C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
C:\Program Files\AVAST Software\Avast\AvastUI.exe
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files (x86)\BlueStacks\HD-Agent.exe"
C:\Users\Qwertiz\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
"C:\Users\Qwertiz\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
\??\C:\Windows\system32\conhost.exe "-332392612265055522-107872151969327906760204483402475114202651959067852540
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" -Embedding
"C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe" --log_to_file --from_stub --startup
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe
"C:\PROGRA~2\RAPTRI~1\Raptr\raptr_ep64.exe" 2832
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-cachedir=C:\Users\Qwertiz\AppData\Local\Steam\htmlcache" "-steampid=3364" "-buildid=1493162727" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --disable-spell-checking --disable-out-of-process-pac --disable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe atlogon
"C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Qwertiz\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Qwertiz\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=57.0.2987.133 --initial-client-data=0xa4,0xa8,0xac,0xa0,0xb0,0x5dc17dc8,0x5dc17dbc,0x5dc17dd4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=6128 --on-initialized-event-handle=336 --parent-handle=344 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1172 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,18,19,20,23,26,41,74 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x1002 --gpu-device-id=0x6811 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=21.19.384.0 --gpu-driver-date=12-4-2016 --service-request-channel-token=C7A39EE5C965D94F2668DBFC6E1C169D --mojo-platform-channel-handle=1168 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172 --primordial-pipe-token=99550C8F0C2F72ECE2E1B4DA01CC6F35 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=99550C8F0C2F72ECE2E1B4DA01CC6F35 --renderer-client-id=6 --mojo-platform-channel-handle=1956 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172 --primordial-pipe-token=CC109A9D643CF0F14B22F6BEACA60866 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=CC109A9D643CF0F14B22F6BEACA60866 --renderer-client-id=4 --mojo-platform-channel-handle=2328 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172 --primordial-pipe-token=492608AD1151186781465D5C838C11FB --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=492608AD1151186781465D5C838C11FB --renderer-client-id=5 --mojo-platform-channel-handle=2428 /prefetch:1
C:\Windows\system32\taskeng.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
"C:\Users\Qwertiz\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

====== Scheduled tasks folder ======

C:\Windows\tasks\Norton Security Scan for Qwertiz.job - C:\PROGRA~2\NORTON~2\Engine\430~1.43\Nss.exe /scan-quick /scheduled
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Norton Security Scan for Qwertiz - C:\PROGRA~2\NORTON~2\Engine\430~1.43\Nss.exe /scan-quick /scheduled
C:\Windows\system32\tasks\Overwolf Updater Task - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1463330135 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\SpyHunter4Startup - "C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s
C:\Windows\system32\tasks\StartCN - "C:\Program Files\AMD\CNext\CNext\cncmd.exe" startwithdelay
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-607597815-2464076980-2992995755-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader - %windir%\system32\WSqmCons.exe -u
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task

=========Google Chrome=========

C:\Users\Qwertiz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension ajopnjidmegmdimjlfnijceegpefgped 1 BetterTTV 7.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.60
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension eofcbnmajmjmplflapaojjnihcjkigck 2 Avast SafePrice 12.0.93
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.10.0
Extension gomekmidlodglbbmalcneegieacbdmki 2 Avast Online Security 11.1.0.955
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lifbcibllhkdhoafpjfnlhfpfgnpldfl 2 Skype 8.0.0.9098
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.2
Extension opnbmdkdflhjiclaoiiifmheknpccalb 1 Notifications for Instagram 7.7.2
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5717.116.0.4
Homepage:
default_search_provider.search_url:
C:\Users\Qwertiz\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]
"Path"=


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05 895528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05 773920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-03-09 462712]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2016-09-09 176440]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 190536]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-04-05 213824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-10-19 8551848]
"cz.seznam.software.autoupdate"=C:\Users\Qwertiz\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-17 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Qwertiz\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"GalaxyClient"= []
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2017-04-26 3019552]
"EEDSpeedLauncher"=C:\Windows\system32\eed_ec.dll [2014-12-22 3141120]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2016-09-09 67384]
"BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe [2017-03-03 225816]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-17 1062472]
"Raptr"=C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [2016-09-29 58584]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GamePark klient 2.lnk - C:\Program Files\GamePark2\gpcl.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2017-05-02 16:51:13 ----D---- C:\Program Files\trend micro
2017-05-02 16:51:12 ----D---- C:\rsit
2017-05-02 16:50:48 ----D---- C:\ProgramData\SWCUTemp
2017-04-11 23:32:50 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-04-11 23:32:50 ----A---- C:\Windows\system32\mshtml.dll
2017-04-11 23:32:49 ----A---- C:\Windows\system32\ieframe.dll
2017-04-11 23:32:48 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-04-11 23:32:48 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-04-11 23:32:48 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-04-11 23:32:48 ----A---- C:\Windows\system32\wuaueng.dll
2017-04-11 23:32:48 ----A---- C:\Windows\system32\wininet.dll
2017-04-11 23:32:48 ----A---- C:\Windows\system32\iertutil.dll
2017-04-11 23:32:47 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-04-11 23:32:47 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-04-11 23:32:47 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-04-11 23:32:47 ----A---- C:\Windows\system32\wucltux.dll
2017-04-11 23:32:47 ----A---- C:\Windows\system32\wuapi.dll
2017-04-11 23:32:47 ----A---- C:\Windows\system32\win32spl.dll
2017-04-11 23:32:47 ----A---- C:\Windows\system32\win32k.sys
2017-04-11 23:32:47 ----A---- C:\Windows\system32\urlmon.dll
2017-04-11 23:32:47 ----A---- C:\Windows\system32\ucrtbase.dll
2017-04-11 23:32:47 ----A---- C:\Windows\system32\samsrv.dll
2017-04-11 23:32:47 ----A---- C:\Windows\system32\quartz.dll
2017-04-11 23:32:47 ----A---- C:\Windows\system32\ole32.dll
2017-04-11 23:32:46 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-04-11 23:32:46 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-04-11 23:32:46 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-04-11 23:32:46 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-04-11 23:32:46 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-04-11 23:32:46 ----A---- C:\Windows\system32\msfeeds.dll
2017-04-11 23:32:46 ----A---- C:\Windows\system32\gdi32.dll
2017-04-11 23:32:46 ----A---- C:\Windows\system32\cdosys.dll
2017-04-11 23:32:46 ----A---- C:\Windows\system32\atmfd.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\jscript.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\iedkcs32.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-04-11 23:32:45 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-11 23:32:45 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-11 23:32:44 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-04-11 23:32:44 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-04-11 23:32:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-04-11 23:32:44 ----A---- C:\Windows\system32\ntdll.dll
2017-04-11 23:32:44 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-04-11 23:32:44 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-04-11 23:32:43 ----A---- C:\Windows\system32\jscript9.dll
2017-04-11 23:32:43 ----A---- C:\Windows\system32\asycfilt.dll
2017-04-11 23:32:41 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-04-11 23:32:41 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-04-11 23:32:41 ----A---- C:\Windows\system32\samlib.dll
2017-04-11 23:32:40 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-04-11 23:32:40 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-04-11 23:32:40 ----A---- C:\Windows\system32\webcheck.dll
2017-04-11 23:32:40 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-04-11 23:32:39 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-04-11 23:32:39 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-04-11 23:32:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-04-11 23:32:39 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-04-11 23:32:39 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-04-11 23:32:39 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-04-11 23:32:39 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-04-11 23:32:39 ----A---- C:\Windows\system32\wuwebv.dll
2017-04-11 23:32:39 ----A---- C:\Windows\system32\wups2.dll
2017-04-11 23:32:39 ----A---- C:\Windows\system32\wups.dll
2017-04-11 23:32:39 ----A---- C:\Windows\system32\vbscript.dll
2017-04-11 23:32:39 ----A---- C:\Windows\system32\srcore.dll
2017-04-11 23:32:39 ----A---- C:\Windows\system32\rpcrt4.dll
2017-04-11 23:32:39 ----A---- C:\Windows\system32\rdpudd.dll
2017-04-11 23:32:39 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-04-11 23:32:39 ----A---- C:\Windows\system32\ie4uinit.exe
2017-04-11 23:32:39 ----A---- C:\Windows\system32\certcli.dll
2017-04-11 23:32:38 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-04-11 23:32:38 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-04-11 23:32:38 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-04-11 23:32:38 ----A---- C:\Windows\system32\wudriver.dll
2017-04-11 23:32:38 ----A---- C:\Windows\system32\wuauclt.exe
2017-04-11 23:32:38 ----A---- C:\Windows\system32\srclient.dll
2017-04-11 23:32:38 ----A---- C:\Windows\system32\smss.exe
2017-04-11 23:32:38 ----A---- C:\Windows\system32\mshtmled.dll
2017-04-11 23:32:38 ----A---- C:\Windows\system32\lsasrv.dll
2017-04-11 23:32:38 ----A---- C:\Windows\system32\kerberos.dll
2017-04-11 23:32:38 ----A---- C:\Windows\system32\ieui.dll
2017-04-11 23:32:38 ----A---- C:\Windows\system32\ieapfltr.dll
2017-04-11 23:32:38 ----A---- C:\Windows\system32\dxtrans.dll
2017-04-11 23:32:38 ----A---- C:\Windows\system32\dxtmsft.dll
2017-04-11 23:32:38 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-04-11 23:32:38 ----A---- C:\Windows\system32\advapi32.dll
2017-04-11 23:32:37 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-04-11 23:32:37 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-04-11 23:32:37 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-04-11 23:32:37 ----A---- C:\Windows\system32\schannel.dll
2017-04-11 23:32:37 ----A---- C:\Windows\system32\rstrui.exe
2017-04-11 23:32:37 ----A---- C:\Windows\system32\occache.dll
2017-04-11 23:32:37 ----A---- C:\Windows\system32\msv1_0.dll
2017-04-11 23:32:37 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-11 23:32:37 ----A---- C:\Windows\system32\msrating.dll
2017-04-11 23:32:37 ----A---- C:\Windows\system32\kernel32.dll
2017-04-11 23:32:37 ----A---- C:\Windows\system32\jsproxy.dll
2017-04-11 23:32:37 ----A---- C:\Windows\system32\jscript9diag.dll
2017-04-11 23:32:37 ----A---- C:\Windows\system32\ieUnatt.exe
2017-04-11 23:32:37 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-04-11 23:32:37 ----A---- C:\Windows\system32\conhost.exe
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-04-11 23:32:36 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\wuapp.exe
2017-04-11 23:32:36 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\wow64win.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\wow64.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\winsrv.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\wdigest.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\TSpkg.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\sspicli.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\rpchttp.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\ncrypt.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\KernelBase.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\inseng.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\iesetup.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\iernonce.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-04-11 23:32:36 ----A---- C:\Windows\system32\csrsrv.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\cdd.dll
2017-04-11 23:32:36 ----A---- C:\Windows\system32\bcrypt.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 23:32:35 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-04-11 23:32:35 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\wow64cpu.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\sspisrv.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\secur32.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\rdpcorets.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\ntvdm64.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\lsass.exe
2017-04-11 23:32:35 ----A---- C:\Windows\system32\lpk.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-04-11 23:32:35 ----A---- C:\Windows\system32\fontsub.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\drivers\appid.sys
2017-04-11 23:32:35 ----A---- C:\Windows\system32\dciman32.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\cryptbase.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\credssp.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\auditpol.exe
2017-04-11 23:32:35 ----A---- C:\Windows\system32\atmlib.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\appidsvc.dll
2017-04-11 23:32:35 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-04-11 23:32:35 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-04-11 23:32:35 ----A---- C:\Windows\system32\appidapi.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 23:32:34 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-11 23:32:34 ----A---- C:\Windows\SYSWOW64\user.exe
2017-04-11 23:32:34 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-04-11 23:32:34 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-04-11 23:32:34 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-04-11 23:32:34 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-04-11 23:32:34 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-04-11 23:32:34 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-04-11 23:32:34 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-04-11 23:32:34 ----A---- C:\Windows\system32\tzres.dll
2017-04-11 23:32:34 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-11 23:32:34 ----A---- C:\Windows\system32\msobjs.dll
2017-04-11 23:32:34 ----A---- C:\Windows\system32\msaudite.dll
2017-04-11 23:32:34 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-04-11 23:32:34 ----A---- C:\Windows\system32\apisetschema.dll
2017-04-11 23:32:34 ----A---- C:\Windows\system32\adtschema.dll
2017-04-05 21:09:26 ----A---- C:\Windows\system32\aswBoot.exe
2017-04-04 23:55:43 ----D---- C:\Users\Qwertiz\AppData\Roaming\Mozilla
2017-04-04 23:50:28 ----D---- C:\ProgramData\BlueStacksSetup
2017-04-04 23:48:01 ----AD---- C:\ProgramData\BlueStacks
2017-04-04 23:48:01 ----AD---- C:\Program Files (x86)\BlueStacks

====== List of files/folders modified in the last 1 month ======

2017-05-02 16:51:13 ----RD---- C:\Program Files
2017-05-02 16:50:48 ----HD---- C:\ProgramData
2017-05-02 16:50:47 ----D---- C:\Windows\Temp
2017-05-02 16:47:29 ----D---- C:\Program Files (x86)\Steam
2017-05-02 16:46:29 ----D---- C:\Users\Qwertiz\AppData\Roaming\Seznam.cz
2017-05-02 16:44:09 ----D---- C:\Users\Qwertiz\AppData\Roaming\TS3Client
2017-05-02 16:42:33 ----D---- C:\Users\Qwertiz\AppData\Roaming\Raptr
2017-05-02 16:39:38 ----D---- C:\Windows\System32
2017-05-02 16:39:38 ----D---- C:\Windows\inf
2017-05-02 16:39:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-05-02 16:33:45 ----D---- C:\Windows\system32\config
2017-05-01 19:07:18 ----D---- C:\Windows\system32\drivers
2017-05-01 11:55:10 ----D---- C:\Windows\Prefetch
2017-04-29 19:10:11 ----SHD---- C:\Windows\Installer
2017-04-29 19:10:10 ----SHD---- C:\Config.Msi
2017-04-29 19:05:09 ----RD---- C:\Program Files (x86)
2017-04-25 13:24:07 ----SHD---- C:\System Volume Information
2017-04-24 10:29:22 ----D---- C:\Program Files (x86)\Overwolf
2017-04-17 20:17:33 ----D---- C:\Users\Qwertiz\AppData\Roaming\discord
2017-04-17 15:22:52 ----D---- C:\Windows\rescache
2017-04-13 12:46:56 ----D---- C:\Windows\Microsoft.NET
2017-04-13 12:43:18 ----RSD---- C:\Windows\assembly
2017-04-12 22:47:52 ----D---- C:\Windows\winsxs
2017-04-12 22:44:40 ----D---- C:\Program Files\Internet Explorer
2017-04-12 22:44:39 ----D---- C:\Windows\SYSWOW64\en-US
2017-04-12 22:44:39 ----D---- C:\Windows\SysWOW64
2017-04-12 22:44:35 ----D---- C:\Windows\system32\en-US
2017-04-12 22:44:31 ----D---- C:\Windows\AppPatch
2017-04-12 22:44:31 ----D---- C:\Program Files (x86)\Internet Explorer
2017-04-12 22:44:29 ----D---- C:\Windows\system32\Boot
2017-04-12 01:33:00 ----D---- C:\Windows\system32\MRT
2017-04-12 01:30:49 ----D---- C:\Windows\debug
2017-04-12 01:30:29 ----AC---- C:\Windows\system32\MRT.exe
2017-04-12 01:29:00 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-04-11 23:06:34 ----D---- C:\Windows\system32\catroot2
2017-04-06 14:39:32 ----D---- C:\Windows\system32\Tasks
2017-04-03 20:37:12 ----D---- C:\Users\Qwertiz\AppData\Roaming\Skype

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2012-04-11 82560]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2012-04-11 42624]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-04-05 189768]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-04-05 334088]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-04-05 48528]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-04-05 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-04-05 339696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-04-05 307736]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-04-05 32600]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-04-05 101152]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-04-05 1005048]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-04-29 556784]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2017-02-09 497312]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-12 59616]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-04-29 128648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-04-05 164064]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2013-04-10 11576]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-12-04 28720520]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-12-04 521608]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-03-30 96256]
R3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2017-03-29 15920]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-12-27 805088]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2012-08-29 58536]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 26440]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 16200]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-04-05 38296]
S3 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2017-03-03 152672]
S3 BstkDrv;BlueStacks Plus Hypervisor; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [2017-03-03 270904]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2017-03-29 22704]
S3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2016-09-29 36496]
S3 LGJoyXlCore;Logitech Translation Layer Driver (LGS); C:\Windows\system32\drivers\LGJoyXlCore.sys [2016-09-29 67736]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2016-09-29 26008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2015-11-05 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-30 23200]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-27 36936]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-12-04 290184]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-08-04 344064]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-08-05 83768]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-04-05 261712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2017-03-03 406040]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 FoxitReaderService;Foxit Reader Service; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2017-02-24 1659592]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-12-30 76152]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2017-01-29 214520]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-04-05 7398336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2016-09-09 651576]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-04-26 1590048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-20 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-20 125064]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-19 144200]
S2 RelevantKnowledge;RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [2013-08-17 186136]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-02-27 317400]
S2 SpyHunter 4 Service;SpyHunter4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [2017-03-29 859816]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2017-01-13 1465352]
S3 BstHdAndroidSvc;BlueStacks Android Service ; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2017-03-03 428056]
S3 BstHdPlusAndroidSvc;BlueStacks Plus Android Service ; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [2017-03-03 452632]
S3 GalaxyCommunication;GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2015-11-25 6952504]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-19 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-25 114688]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 OverwolfUpdater;Overwolf Updater Windows SCM; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-04-18 1325896]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-11-22 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-20 51320]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]

-----------------EOF-----------------

díky za pomoc

[JaRon]

Ahoj,
Nechaj PC vycistit s Mbam

[JoTostao]

Poslouchej, kámo, pokud máte problémy s pohlavní orgány, pak radím ti obrátit vaši pozornost tady na tento web , tak jak je to tady u mě vždy funguje koupit dobrý lék, který pomáhá mému penisu orgán stoupat, stojí to za to a vám

[Rudy]

Omluva za vstup.

2JoTostao: Pokud jste si nevšiml, že jste na IT bezpečnostním fóru, pak vás upozorňuji, že nevhodné a off topic komentáře budeme nekompromisně mazat a vy sám se vystavujete nebezpečí banování!