VIRY.CZ

Zdravim, takmer kazdu stranku mi browser presmeruje na nejaky reklamny shit. Uz neviem co robit, skusil som:

[*] Zmazat cookies/cache v browseri
[*] Odinstalovat vsetky addony v browseri
[*] Zmenit DNS servery na sietovej karte
[*] Skontrolovat router + resetovat ho do povodnych nastaveni
[*] Pouzit inu siet
[*] MBAM, Ccleaner, AdwCleaner, Symantec, Ad-Aware

Vzdy ma to presmeruje na searchadsredirect.com, IPcku to ma 208.91.196.145, jedna sa o nejaky pasivny DNS server. Prikladam RSIT. Vdaka!

Logfile of random's system information tool 1.10 (written by random/random)
Run by mmel at 2016-03-05 19:54:36
Microsoft Windows 8.1 Enterprise N
System drive C: has 15 GB (12%) free of 122 GB
Total RAM: 8065 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:54:37 PM, on 3/5/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17037)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\KACE\KBOX\KBOXUserExtension.exe
C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mcomm.exe
C:\Users\mmel\AppData\Local\watchdog.exe
C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mlauncher.exe
C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
C:\Windows\CCM\SCNotification.exe
C:\Program Files\trend micro\mmel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache34.ics.muni.cz:5555
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
O4 - Startup: Virtual Router Manager.lnk = ?
O4 - Global Startup: vpngui.exe.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.*.akamai.net
O15 - Trusted Zone: *.*.americanexpress.com
O15 - Trusted Zone: *.*.boi-bol.com
O15 - Trusted Zone: *.*.chase.com
O15 - Trusted Zone: *.*.citibank.com
O15 - Trusted Zone: *.*.citidirect.com
O15 - Trusted Zone: *.*.coupahost.com
O15 - Trusted Zone: *.*.csob.cz
O15 - Trusted Zone: *.*.icims.com
O15 - Trusted Zone: *.*.jpmorgan.com
O15 - Trusted Zone: *.*.laiki.com
O15 - Trusted Zone: *.*.microsoft.com
O15 - Trusted Zone: *.*.netsuite.com
O15 - Trusted Zone: *.*.okta.com
O15 - Trusted Zone: *.*.salesforce.com
O15 - Trusted Zone: *.*.swedbank.com
O15 - Trusted Zone: *.crm
O15 - Trusted Zone: *.vlabs.holsystems.com
O15 - Trusted Zone: http://*.www.google-analytics.com (HKLM)
O15 - ESC Trusted Zone: http://*.www.google-analytics.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tul.swi.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tul.swi.net
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @oem67.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (dwmrcs) - SolarWinds - C:\Windows\dwrcs\dwrcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: KBOX SMMP Management Service (KBOXSMMP) - Dell Inc. - C:\Program Files (x86)\KACE\KBOX\KBOXSMMPService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\o2flash.exe (file missing)
O23 - Service: O2SDIOAssist - Unknown owner - C:\Windows\SysWOW64\srvany.exe
O23 - Service: PanGPS - Palo Alto Networks - C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin64\snac64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Synergy - Unknown owner - C:\Program Files (x86)\Synergy\synergyd.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VirtualRouterService (Virtual Router) - Chris Pietschmann (http://pietschsoft.com) - C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13109 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"dwm.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"c:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
C:\Windows\dwrcs\dwrcs.exe -service
dashost.exe {286e5fef-1725-4969-9f41df934e2846a8}
C:\Windows\system32\inetsrv\inetinfo.exe
"C:\Program Files (x86)\KACE\KBOX\KBOXSMMPService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
C:\Windows\system32\mqsvc.exe
"C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe"
C:\Windows\system32\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
"C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe"
C:\Windows\sysWOW64\SDIOAssist.exe
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\sms.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Synergy\synergyd.exe"
"C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe"
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:/Program Files (x86)/Synergy/synergyc.exe" -f --no-tray --debug INFO --name MMELOCIK-LT --ipc --stop-on-desk-switch --enable-drag-drop --profile-dir "C:\Users\mmel\AppData\Local" 10.140.66.156:80
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
6129
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\Explorer.EXE
ClassicStartMenu.exe -startup
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
taskeng.exe {0B52257F-5177-4304-A037-0484A6C6311D}
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe" /u /c /a /s "UserSession"
taskhostex.exe
"c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
"c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
C:\Windows\System32\mobsync.exe -Embedding
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\DellTPad\Apoint.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files\DellTPad\HidFind.exe"
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\KACE\KBOX\KBOXUserExtension.exe"
"C:\Program Files\Greenshot\Greenshot.exe"
"C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe"
"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe"
"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe" "/Trigger RunAtLogon"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Notepad++\notepad++.exe" "C:\AdwCleaner\AdwCleaner[C1].txt"
"C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mcomm.exe" "Debug=On&Digest=c3d8ae3c6d33965c676029ab8f044824&Dir=C:\Program Files (x86)\Citrix\GoToMeeting\3499\&LoaderPath=C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe&LogLevel=Terse&LogName=c:\users\marek~1.mel\appdata\local\temp\citrixlogs\gotomeeting\3499\2016-03-05_19.40.18.499\GoToMeeting.log&Path=g2mlauncher.exe&Plugin=G2MLauncher&PluginDebug=On&PluginStat=On&PluginStatDb=Off&Stat=On&StatDb=Off&Trigger=RunAtLogon&UniqueId=1e20"
"C:\Users\mmel\AppData\Local\watchdog.exe"
"C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mlauncher.exe" "StartID={F5CBAB62-C6B8-4AF7-90DB-F2006E0DD083}&Debug=On&Stat=On&StatDb=Off&Index=0"
C:\Windows\system32\wbem\wmiprvse.exe


"C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe" -Embedding
C:\Windows\CCM\CcmExec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Microsoft Policy Platform\policyHost.exe" /service
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\CCM\SCNotification.exe"
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 580 584 592 65536 588
"C:\Users\mmel\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2000478354-2025429265-682003330-62348.job - C:\Program Files (x86)\Citrix\GoToMeeting\4542\g2mupdate.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-2000478354-2025429265-682003330-62348.job - C:\Program Files (x86)\Citrix\GoToMeeting\4542\g2mupload.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\mmel\AppData\Roaming\Mozilla\Firefox\Profiles\5cp7twgk.default

prefs.js - "browser.search.useDBForOrder" - true

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.73.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.73.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
nppdf32.dll

C:\Users\mmel\AppData\Roaming\Mozilla\Firefox\Profiles\5cp7twgk.default\searchplugins\
fogbugz-fogbugzswdevlocal.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10 218776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20 803520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-10 551520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-10 212576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20 483520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20 683200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Vulnerability Protection - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\bin\IPS\IPSBHO.DLL [2015-10-23 392344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-10 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-10 172640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20 440512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20 803520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20 683200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2013-06-10 681880]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-06-10 172016]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-06-10 399856]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-06-10 442352]
"Classic Start Menu"=C:\Program Files\Classic Shell\ClassicStartMenu.exe [2014-04-20 161984]
"KBOXUserExtension"=C:\Program Files (x86)\KACE\KBOX\KBOXUserExtension.exe [2010-06-14 496128]
"Greenshot"=C:\Program Files\Greenshot\Greenshot.exe [2015-11-10 528384]
"GlobalProtect"=C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [2015-09-10 1802032]
"DameWare MRC Agent"=C:\Windows\dwrcs\DWRCST.exe [2012-11-02 425832]
""= []
"AdAwareTray"=C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [2016-01-28 9581280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Lync"=C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [2015-02-10 19105944]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-02-12 8641240]
"GoToMeeting"=C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe [2015-09-29 41536]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-02-10 50599552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29 594992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
vpngui.exe.lnk - c:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe

C:\Users\mmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Send to OneNote.lnk - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
Virtual Router Manager.lnk - C:\Users\mmel\AppData\Roaming\Microsoft\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-06-10 442880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSettings_{1965D917-E2FF-4B93-999C-901F0AB03984}.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SepMasterService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsv64.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-03-05 19:43:08 ----D---- C:\Program Files\trend micro
2016-03-05 19:43:07 ----D---- C:\rsit
2016-03-05 19:37:39 ----D---- C:\AdwCleaner
2016-03-05 18:55:24 ----D---- C:\Users\mmel\AppData\Roaming\Lavasoft
2016-03-05 16:45:43 ----D---- C:\Users\mmel\AppData\Roaming\LavasoftStatistics
2016-03-05 16:44:19 ----D---- C:\Program Files\Lavasoft
2016-03-05 16:43:23 ----D---- C:\Program Files\Common Files\Lavasoft
2016-03-05 16:42:47 ----D---- C:\ProgramData\Lavasoft
2016-03-05 16:34:20 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-03-05 16:34:06 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-05 16:34:06 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-03-05 16:34:06 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-03-05 16:34:06 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-03-04 07:30:24 ----D---- C:\Users\mmel\AppData\Roaming\Softplicity
2016-03-04 07:30:16 ----D---- C:\Program Files (x86)\CoolUtils
2016-02-29 09:03:12 ----D---- C:\ProgramData\Malwarebytes
2016-02-26 18:33:47 ----A---- C:\Windows\SYSWOW64\srvany.exe
2016-02-26 18:33:47 ----A---- C:\Windows\SYSWOW64\SDIOAssist.exe
2016-02-26 18:33:47 ----A---- C:\Windows\SYSWOW64\instsrv.exe
2016-02-26 18:33:37 ----D---- C:\Windows\devcon
2016-02-26 18:24:50 ----D---- C:\Windows\SYSWOW64\SDA
2016-02-12 08:02:00 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-02-11 13:48:33 ----D---- C:\Program Files\Bonjour
2016-02-11 13:48:33 ----D---- C:\Program Files (x86)\Bonjour
2016-02-11 13:40:59 ----D---- C:\Program Files (x86)\Synergy

======List of files/folders modified in the last 1 month======

2016-03-05 19:54:21 ----D---- C:\Windows\Prefetch
2016-03-05 19:50:36 ----D---- C:\Users\mmel\AppData\Roaming\Skype
2016-03-05 19:48:16 ----D---- C:\Windows\Temp
2016-03-05 19:45:53 ----D---- C:\Users\mmel\AppData\Roaming\ClassicShell
2016-03-05 19:43:54 ----D---- C:\Windows\System32
2016-03-05 19:43:54 ----D---- C:\Windows\Inf
2016-03-05 19:43:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-03-05 19:43:08 ----RD---- C:\Program Files
2016-03-05 19:41:58 ----A---- C:\Windows\SMSCFG.ini
2016-03-05 19:41:39 ----D---- C:\Windows\system32\inetsrv
2016-03-05 19:39:33 ----SHD---- C:\System Volume Information
2016-03-05 19:00:00 ----D---- C:\Windows\system32\sru
2016-03-05 17:09:20 ----D---- C:\Windows\ccmsetup
2016-03-05 16:58:34 ----D---- C:\Windows\Microsoft.NET
2016-03-05 16:57:36 ----D---- C:\Windows\system32\DriverStore
2016-03-05 16:45:42 ----SHD---- C:\Windows\Installer
2016-03-05 16:45:42 ----SHD---- C:\Config.Msi
2016-03-05 16:44:23 ----D---- C:\Windows\system32\drivers
2016-03-05 16:43:23 ----D---- C:\Program Files\Common Files
2016-03-05 16:42:47 ----HD---- C:\ProgramData
2016-03-05 16:34:06 ----RD---- C:\Program Files (x86)
2016-03-05 16:31:39 ----D---- C:\Windows\system32\NDF
2016-03-05 16:28:18 ----D---- C:\Windows\Tasks
2016-03-05 16:25:28 ----D---- C:\Windows
2016-03-05 16:10:38 ----D---- C:\Program Files\Java
2016-03-05 16:07:02 ----A---- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-03-05 16:06:01 ----RSD---- C:\Windows\assembly
2016-03-05 13:34:26 ----D---- C:\Windows\AppReadiness
2016-03-05 12:25:17 ----D---- C:\Windows\SoftwareDistribution
2016-03-04 21:49:09 ----D---- C:\Users\mmel\AppData\Roaming\vlc
2016-03-04 08:19:20 ----D---- C:\Windows\system32\FxsTmp
2016-03-03 13:31:56 ----D---- C:\Users\mmel\AppData\Roaming\Notepad++
2016-03-03 13:31:55 ----D---- C:\Program Files (x86)\Notepad++
2016-03-03 09:06:07 ----D---- C:\Windows\system32\config
2016-03-03 09:04:27 ----D---- C:\ProgramData\Skype
2016-02-27 13:44:33 ----D---- C:\Users\mmel\AppData\Roaming\Adobe
2016-02-26 18:33:47 ----D---- C:\Windows\SysWOW64
2016-02-26 18:33:35 ----D---- C:\Windows\system32\catroot
2016-02-26 18:24:51 ----D---- C:\Program Files (x86)\InstallShield Installation Information
2016-02-26 18:24:50 ----D---- C:\Program Files (x86)\O2Micro
2016-02-13 10:52:20 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-13 10:51:06 ----D---- C:\Windows\Minidump
2016-02-10 15:47:12 ----D---- C:\ProgramData\Oracle
2016-02-10 15:18:46 ----D---- C:\Program Files (x86)\Java
2016-02-10 15:18:06 ----D---- C:\Program Files (x86)\Common Files
2016-02-10 15:17:38 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-10 15:17:37 ----A---- C:\Windows\system32\javaws.exe
2016-02-10 15:17:37 ----A---- C:\Windows\system32\javaw.exe
2016-02-10 15:17:37 ----A---- C:\Windows\system32\java.exe
2016-02-10 15:16:57 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-02-10 08:53:14 ----HD---- C:\Program Files\WindowsApps

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdcfltn.sys [2012-07-14 22168]
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\Windows\system32\drivers\symefasi\0502000.004\symefasi.sys [2016-01-26 1626336]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Data\Definitions\BASHDefs\20160125.011\BHDrvx64.sys [2015-11-03 1665608]
R1 ccSettings_{1965D917-E2FF-4B93-999C-901F0AB03984};Symantec Endpoint Protection 12.1.6608.6300.105 Settings Manager; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\ccSetx64.sys [2015-10-23 162392]
R1 DwMirror;DwMirror; C:\Windows\system32\DRIVERS\DamewareMini.sys [2008-03-14 5632]
R1 dwvkbd;@oem64.inf,%dwvkbd64.SvcDesc%;DameWare Virtual Keyboard 64 bit Driver; C:\Windows\system32\DRIVERS\dwvkbd64.sys [2008-03-13 30720]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-11-18 498512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Data\Definitions\IPSDefs\20160304.011\IDSvia64.sys [2016-02-16 767224]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\SRTSP64.SYS [2015-10-23 890584]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\SRTSPX64.SYS [2015-10-23 37592]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\Ironx64.SYS [2015-10-23 270040]
R1 SYMNETS;Symantec Network Security WFP Driver; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\SYMNETS.SYS [2015-10-23 594136]
R1 SysPlant;SysPlant for NT; C:\Windows\system32\Drivers\SysPlant.sys [2016-01-26 168304]
R1 Teefer2;@oem40.inf,%Teefer2_Desc%;Symantec Endpoint Protection Firewall; C:\Windows\system32\DRIVERS\Teefer.sys [2015-10-23 112648]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2014-04-18 36600]
R3 ApfiltrService;@oem45.inf,%Filter.SvcDesc%;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\System32\drivers\Apfiltr.sys [2013-06-10 446840]
R3 b57nd60a;@netb57va.inf,%SvcDispName%;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys [2013-06-18 425984]
R3 bcbtums;@oem67.inf,%BCBTUMS.SvcDesc%;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2013-09-05 170712]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2013-08-22 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2013-08-22 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2014-03-18 81920]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\c:\Windows\system32\Drivers\CVPNDRVA.sys [2011-03-04 306536]
R3 DellRbtn;@oem9.inf,%DellRbtn%;Airplane Mode Switch; C:\Windows\System32\drivers\DellRbtn.sys [2013-02-12 10752]
R3 DNE;@oem70.inf,%DneMP_Desc%;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne64x.sys [2008-11-17 157968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-11-18 157520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-06-10 5358016]
R3 IntcDAud;@oem48.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-06-10 342528]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-10-05 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-03-05 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-10-05 64216]
R3 MEIx64;@oem68.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-18 62784]
R3 MQAC;@mqutil.dll,-6101; C:\Windows\system32\drivers\mqac.sys [2014-06-16 173568]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Data\Definitions\VirusDefs\20160304.020\ENG64.SYS [2015-10-27 138488]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Data\Definitions\VirusDefs\20160304.020\EX64.SYS [2015-10-27 2148080]
R3 NETwNe64;@netwew00.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\Windows\system32\DRIVERS\NETwew00.sys [2013-07-08 3344352]
R3 O2SDJRDR;O2SDJRDR; C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [2011-11-14 84712]
R3 PanGpd;@oem36.inf,%PanGpd.Service.DispName%;PanGP Virtual Miniport; C:\Windows\system32\DRIVERS\pangpd.sys [2015-09-10 36352]
R3 prepdrvr;SMS Process Event Driver; C:\Windows\system32\DRIVERS\prepdrv.sys [2013-09-11 26984]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2014-03-18 167424]
R3 ST_Accel;@oem8.inf,%ST_Accel.SVCDESC%;STMicroelectronics Accelerometer Service; C:\Windows\System32\drivers\ST_Accel.sys [2012-10-19 73368]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2016-01-26 178392]
S0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2013-06-10 647736]
S0 SymELAM;Symantec ELAM Driver; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\SymELAM.sys [2015-10-23 23568]
S3 Acceler;@oem29.inf,%Accelern.SVCDESC%;Accelerometer Service; C:\Windows\System32\drivers\accelern.sys [2013-06-10 27760]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2014-03-18 1200640]
S3 btwampfl;@oem67.inf,%btwampfl.ServiceName%;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2013-09-05 166104]
S3 CVirtA;Cisco Systems VPN Adapter for 64-bit Windows; C:\Windows\system32\DRIVERS\CVirtA64.sys [2010-02-08 14992]
S3 d554gps;@oem32.inf,%ServiceName%;Dell Wireless HSPA Mini-Card GPS Port; C:\Windows\System32\drivers\d554gps64.sys [2013-06-10 103184]
S3 dc3d;@oem40.inf,%dc3d.SvcDesc%;MS Hardware Device Detection Driver (USB); C:\Windows\System32\drivers\dc3d.sys [2011-05-18 47616]
S3 dcdbas;@oem25.inf,%dcdbas.SVCDESC%;System Management Driver; C:\Windows\System32\drivers\dcdbas64.sys [2013-06-10 39016]
S3 ecnssndis;@oem44.inf,%Ericsson.SvcDesc%; Mobile Broadband Driver; C:\Windows\System32\Drivers\wwuss64.sys [2013-06-10 26664]
S3 ecnssndisfltr;@oem44.inf,%Ericsson.FltSvcDesc%; Mobile Broadband Driver Filter; C:\Windows\System32\Drivers\wwussf64.sys [2013-06-10 29736]
S3 Mbm3CBus;@oem40.inf,%d557.Service.Desc%;Dell Wireless 5540 HSPA Mini-Card Device (WDM); C:\Windows\System32\drivers\Mbm3CBus.sys [2013-06-10 419400]
S3 Mbm3DevMt;@oem42.inf,%d557.Service.Name%;Dell Wireless HSPA Mini-Card Device Management Driver (WDM); C:\Windows\System32\drivers\Mbm3DevMt.sys [2013-06-10 430664]
S3 O2MDFW8x64;O2MDFW8x64; C:\Windows\System32\drivers\O2MDFw8x64.sys [2013-06-10 74368]
S3 O2MDRW8x64;O2MDRW8x64; C:\Windows\System32\drivers\O2MDRw8x64.sys [2013-06-10 91008]
S3 Point64;@oem76.inf,%point64.SvcDesc%;Microsoft Mouse and Keyboard Center Filter Driver; C:\Windows\System32\drivers\point64.sys [2014-03-19 50896]
S3 SyDvCtrl;SyDvCtrl; \??\C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin64\SyDvCtrl64.sys [2015-10-23 36952]
S3 Trufos;Trufos; C:\Windows\system32\DRIVERS\Trufos.sys [2015-12-09 452040]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2014-03-18 121088]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2013-08-22 37768]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 CcmExec;SMS Agent Host; C:\Windows\CCM\CcmExec.exe [2015-10-04 1773744]
R2 CVPND;Cisco Systems, Inc. VPN Service; c:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [2011-03-04 1529856]
R2 dwmrcs;DameWare Mini Remote Control; C:\Windows\dwrcs\dwrcs.exe [2012-11-02 869736]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2014-06-16 16896]
R2 KBOXSMMP;KBOX SMMP Management Service; C:\Program Files (x86)\KACE\KBOX\KBOXSMMPService.exe [2010-06-14 2237440]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 MSMQ;@mqutil.dll,-6102; C:\Windows\system32\mqsvc.exe [2014-06-16 25600]
R2 NovaPdfServer;novaPDF Server; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [2015-07-14 41760]
R2 O2FLASH;O2FLASH; C:\Windows\system32\o2flash.exe [2011-11-16 244328]
R2 O2SDIOAssist;O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [2003-04-18 8192]
R2 PanGPS;PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [2015-09-10 2672944]
R2 SepMasterService;Symantec Endpoint Protection; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe [2015-10-23 145008]
R2 Synergy;Synergy; C:\Program Files (x86)\Synergy\synergyd.exe [2015-11-19 253120]
R3 lpasvc;Microsoft Policy Platform Local Authority; C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-08-02 50280]
S2 BcmBtRSupport;@oem67.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\Windows\system32\BtwRSupportService.exe [2013-09-05 2252504]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S2 LavasoftAdAwareService11;Ad-Aware Service 11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [2016-01-28 712432]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10 269504]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-10 50784]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-06-10 279024]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 lppsvc;Microsoft Policy Platform Processor; C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-08-02 50280]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-02-12 146888]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 150648]
S3 smstsmgr;ConfigMgr Task Sequence Agent; C:\Windows\CCM\TSManager.exe [2015-04-14 316600]
S3 SNAC;Symantec Network Access Control; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin64\snac64.exe [2015-10-23 396344]
S4 CmRcService;Configuration Manager Remote Control; C:\Windows\CCM\RemCtrl\CmRcService.exe [2015-04-14 671928]

-----------------EOF-----------------

Zdravím!
Jak je na tom váš oper. systém s legalitou?

Zdravim, system ma normalne licenciu a je aktivovana.

Zajímavé. Verze Enterprise není k dostání na běžném trhu.

System mam od znameho, mal z firmy par licencii naviac, tak preco to nevyuzit.

No právě. Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

AdwCleaner som nedavno spustal, ale ani teraz nepomohlo. Taktiez som si vsimol, ze v privatnom prehliadani sa ziadne presmerovania nedeju. Logicky ma napadli cookies a cache na strankach, ale robia mi to takmer vsetky CZ/SK portaly (facebook, google, gmail apod. je v poriadku).


# AdwCleaner v5.037 - Logfile created 06/03/2016 at 12:12:31
# Updated 28/02/2016 by Xplode
# Database : 2016-03-06.1 [Server]
# Operating system : Windows 8.1 Enterprise N (x64)
# Username : mmel - MMELOCIK-LT
# Running from : C:\Users\mmel\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1241 bytes] - [05/03/2016 19:38:53]
C:\AdwCleaner\AdwCleaner[C2].txt - [847 bytes] - [06/03/2016 12:12:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [1059 bytes] - [05/03/2016 19:37:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [975 bytes] - [06/03/2016 12:11:19]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1064 bytes] ##########

Dejte nový log RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by mmel at 2016-03-06 14:32:24
Microsoft Windows 8.1 Enterprise N
System drive C: has 15 GB (12%) free of 122 GB
Total RAM: 8065 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:32:27 PM, on 3/6/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17037)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\KACE\KBOX\KBOXUserExtension.exe
C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe
C:\Users\mmel\AppData\Local\watchdog.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mcomm.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mlauncher.exe
C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\CCM\SCNotification.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\trend micro\mmel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache34.ics.muni.cz:5555
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
O4 - Startup: Virtual Router Manager.lnk = ?
O4 - Global Startup: vpngui.exe.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.*.akamai.net
O15 - Trusted Zone: *.*.americanexpress.com
O15 - Trusted Zone: *.*.boi-bol.com
O15 - Trusted Zone: *.*.chase.com
O15 - Trusted Zone: *.*.citibank.com
O15 - Trusted Zone: *.*.citidirect.com
O15 - Trusted Zone: *.*.coupahost.com
O15 - Trusted Zone: *.*.csob.cz
O15 - Trusted Zone: *.*.icims.com
O15 - Trusted Zone: *.*.jpmorgan.com
O15 - Trusted Zone: *.*.laiki.com
O15 - Trusted Zone: *.*.microsoft.com
O15 - Trusted Zone: *.*.netsuite.com
O15 - Trusted Zone: *.*.okta.com
O15 - Trusted Zone: *.*.salesforce.com
O15 - Trusted Zone: *.*.swedbank.com
O15 - Trusted Zone: *.crm
O15 - Trusted Zone: *.vlabs.holsystems.com
O15 - Trusted Zone: http://*.www.google-analytics.com (HKLM)
O15 - ESC Trusted Zone: http://*.www.google-analytics.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tul.solarwinds.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tul.solarwinds.net
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @oem67.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (dwmrcs) - SolarWinds - C:\Windows\dwrcs\dwrcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: KBOX SMMP Management Service (KBOXSMMP) - Dell Inc. - C:\Program Files (x86)\KACE\KBOX\KBOXSMMPService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\o2flash.exe (file missing)
O23 - Service: O2SDIOAssist - Unknown owner - C:\Windows\SysWOW64\srvany.exe
O23 - Service: PanGPS - Palo Alto Networks - C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin64\snac64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Synergy - Unknown owner - C:\Program Files (x86)\Synergy\synergyd.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VirtualRouterService (Virtual Router) - Chris Pietschmann (http://pietschsoft.com) - C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13294 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"c:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
C:\Windows\dwrcs\dwrcs.exe -service
dashost.exe {afcfec74-0085-4691-b5a561fe59b16fa9}
C:\Windows\system32\inetsrv\inetinfo.exe
"C:\Program Files (x86)\KACE\KBOX\KBOXSMMPService.exe"
"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
C:\Windows\system32\mqsvc.exe
"C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe"
C:\Windows\system32\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\sysWOW64\SDIOAssist.exe
"C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe"
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\sms.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Synergy\synergyd.exe"
"C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe"
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:/Program Files (x86)/Synergy/synergyc.exe" -f --no-tray --debug INFO --name MMELOCIK-LT --ipc --stop-on-desk-switch --enable-drag-drop --profile-dir "C:\Users\mmel\AppData\Local" 10.140.66.156:80
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
6129
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\Explorer.EXE
ClassicStartMenu.exe -startup
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
taskeng.exe {8331F20A-57C4-4357-B65E-480EF49D0D6A}
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe" /u /c /a /s "UserSession"
taskhostex.exe
"c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
"c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\System32\mobsync.exe -Embedding
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe"
"C:\Program Files\DellTPad\Apoint.exe"
"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files\DellTPad\HidFind.exe"
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\KACE\KBOX\KBOXUserExtension.exe"
"C:\Program Files\Greenshot\Greenshot.exe"
"C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe"
"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
"C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe" "/Trigger RunAtLogon"
"C:\Users\mmel\AppData\Local\watchdog.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mcomm.exe" "Debug=On&Digest=c3d8ae3c6d33965c676029ab8f044824&Dir=C:\Program Files (x86)\Citrix\GoToMeeting\3499\&LoaderPath=C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe&LogLevel=Terse&LogName=c:\users\marek~1.mel\appdata\local\temp\citrixlogs\gotomeeting\3499\2016-03-06_12.13.56.326\GoToMeeting.log&Path=g2mlauncher.exe&Plugin=G2MLauncher&PluginDebug=On&PluginStat=On&PluginStatDb=Off&Stat=On&StatDb=Off&Trigger=RunAtLogon&UniqueId=1e38"
"C:\Program Files (x86)\Notepad++\notepad++.exe" "C:\AdwCleaner\AdwCleaner[C2].txt"
"C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mlauncher.exe" "StartID={196880D5-1453-4222-90C4-85BBB0920920}&Debug=On&Stat=On&StatDb=Off&Index=0"
C:\Windows\system32\wbem\wmiprvse.exe


"C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe" -Embedding
C:\Windows\CCM\CcmExec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Safari\Safari.exe"
"C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe" -type webprocess -clientIdentifier 952
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\CCM\SCNotification.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\mmel\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2000478354-2025429265-682003330-62348.job - C:\Program Files (x86)\Citrix\GoToMeeting\4542\g2mupdate.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-2000478354-2025429265-682003330-62348.job - C:\Program Files (x86)\Citrix\GoToMeeting\4542\g2mupload.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\mmel\AppData\Roaming\Mozilla\Firefox\Profiles\5cp7twgk.default

prefs.js - "browser.search.useDBForOrder" - true

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.73.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.73.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
nppdf32.dll

C:\Users\mmel\AppData\Roaming\Mozilla\Firefox\Profiles\5cp7twgk.default\searchplugins\
fogbugz-fogbugzswdevlocal.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10 218776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20 803520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-10 551520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-10 212576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20 483520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20 683200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Vulnerability Protection - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\bin\IPS\IPSBHO.DLL [2015-10-23 392344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-10 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-10 172640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20 440512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20 803520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20 683200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2013-06-10 681880]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-06-10 172016]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-06-10 399856]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-06-10 442352]
"Classic Start Menu"=C:\Program Files\Classic Shell\ClassicStartMenu.exe [2014-04-20 161984]
"KBOXUserExtension"=C:\Program Files (x86)\KACE\KBOX\KBOXUserExtension.exe [2010-06-14 496128]
"Greenshot"=C:\Program Files\Greenshot\Greenshot.exe [2015-11-10 528384]
"GlobalProtect"=C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [2015-09-10 1802032]
"DameWare MRC Agent"=C:\Windows\dwrcs\DWRCST.exe [2012-11-02 425832]
""= []
"AdAwareTray"=C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [2016-01-28 9581280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Lync"=C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [2015-02-10 19105944]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-02-12 8641240]
"GoToMeeting"=C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe [2015-09-29 41536]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-02-10 50599552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29 594992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
vpngui.exe.lnk - c:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe

C:\Users\mmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Send to OneNote.lnk - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
Virtual Router Manager.lnk - C:\Users\mmel\AppData\Roaming\Microsoft\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-06-10 442880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSettings_{1965D917-E2FF-4B93-999C-901F0AB03984}.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SepMasterService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsv64.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-03-05 19:43:08 ----D---- C:\Program Files\trend micro
2016-03-05 19:43:07 ----D---- C:\rsit
2016-03-05 19:37:39 ----D---- C:\AdwCleaner
2016-03-05 18:55:24 ----D---- C:\Users\mmel\AppData\Roaming\Lavasoft
2016-03-05 16:45:43 ----D---- C:\Users\mmel\AppData\Roaming\LavasoftStatistics
2016-03-05 16:44:19 ----D---- C:\Program Files\Lavasoft
2016-03-05 16:43:23 ----D---- C:\Program Files\Common Files\Lavasoft
2016-03-05 16:42:47 ----D---- C:\ProgramData\Lavasoft
2016-03-05 16:34:20 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-03-05 16:34:06 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-05 16:34:06 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-03-05 16:34:06 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-03-05 16:34:06 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-03-04 07:30:24 ----D---- C:\Users\mmel\AppData\Roaming\Softplicity
2016-03-04 07:30:16 ----D---- C:\Program Files (x86)\CoolUtils
2016-02-29 09:03:12 ----D---- C:\ProgramData\Malwarebytes
2016-02-26 18:33:47 ----A---- C:\Windows\SYSWOW64\srvany.exe
2016-02-26 18:33:47 ----A---- C:\Windows\SYSWOW64\SDIOAssist.exe
2016-02-26 18:33:47 ----A---- C:\Windows\SYSWOW64\instsrv.exe
2016-02-26 18:33:37 ----D---- C:\Windows\devcon
2016-02-26 18:24:50 ----D---- C:\Windows\SYSWOW64\SDA
2016-02-12 08:02:00 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-02-11 13:48:33 ----D---- C:\Program Files\Bonjour
2016-02-11 13:48:33 ----D---- C:\Program Files (x86)\Bonjour
2016-02-11 13:40:59 ----D---- C:\Program Files (x86)\Synergy

======List of files/folders modified in the last 1 month======

2016-03-06 14:32:08 ----D---- C:\Users\mmel\AppData\Roaming\ClassicShell
2016-03-06 14:25:37 ----D---- C:\Users\mmel\AppData\Roaming\Skype
2016-03-06 14:18:24 ----D---- C:\Windows\Temp
2016-03-06 14:00:00 ----D---- C:\Windows\system32\sru
2016-03-06 12:17:23 ----D---- C:\Windows\System32
2016-03-06 12:17:23 ----D---- C:\Windows\Inf
2016-03-06 12:17:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-03-06 12:16:18 ----D---- C:\Windows\Prefetch
2016-03-06 12:15:27 ----A---- C:\Windows\SMSCFG.ini
2016-03-06 12:15:04 ----D---- C:\Windows\system32\inetsrv
2016-03-06 12:12:58 ----SHD---- C:\System Volume Information
2016-03-06 12:10:53 ----D---- C:\Users\mmel\AppData\Roaming\Apple Computer
2016-03-06 12:08:53 ----D---- C:\Windows\AppReadiness
2016-03-05 22:31:57 ----D---- C:\Windows\debug
2016-03-05 21:01:54 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-05 19:43:08 ----RD---- C:\Program Files
2016-03-05 17:09:20 ----D---- C:\Windows\ccmsetup
2016-03-05 16:58:34 ----D---- C:\Windows\Microsoft.NET
2016-03-05 16:57:36 ----D---- C:\Windows\system32\DriverStore
2016-03-05 16:45:42 ----SHD---- C:\Windows\Installer
2016-03-05 16:45:42 ----SHD---- C:\Config.Msi
2016-03-05 16:44:23 ----D---- C:\Windows\system32\drivers
2016-03-05 16:43:23 ----D---- C:\Program Files\Common Files
2016-03-05 16:42:47 ----HD---- C:\ProgramData
2016-03-05 16:34:06 ----RD---- C:\Program Files (x86)
2016-03-05 16:31:39 ----D---- C:\Windows\system32\NDF
2016-03-05 16:28:18 ----D---- C:\Windows\Tasks
2016-03-05 16:25:28 ----D---- C:\Windows
2016-03-05 16:10:38 ----D---- C:\Program Files\Java
2016-03-05 16:07:02 ----A---- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-03-05 16:06:01 ----RSD---- C:\Windows\assembly
2016-03-05 12:25:17 ----D---- C:\Windows\SoftwareDistribution
2016-03-04 21:49:09 ----D---- C:\Users\mmel\AppData\Roaming\vlc
2016-03-04 08:19:20 ----D---- C:\Windows\system32\FxsTmp
2016-03-03 13:31:56 ----D---- C:\Users\mmel\AppData\Roaming\Notepad++
2016-03-03 13:31:55 ----D---- C:\Program Files (x86)\Notepad++
2016-03-03 09:06:07 ----D---- C:\Windows\system32\config
2016-03-03 09:04:27 ----D---- C:\ProgramData\Skype
2016-02-27 13:44:33 ----D---- C:\Users\mmel\AppData\Roaming\Adobe
2016-02-26 18:33:47 ----D---- C:\Windows\SysWOW64
2016-02-26 18:33:35 ----D---- C:\Windows\system32\catroot
2016-02-26 18:24:51 ----D---- C:\Program Files (x86)\InstallShield Installation Information
2016-02-26 18:24:50 ----D---- C:\Program Files (x86)\O2Micro
2016-02-13 10:51:06 ----D---- C:\Windows\Minidump
2016-02-10 15:47:12 ----D---- C:\ProgramData\Oracle
2016-02-10 15:18:46 ----D---- C:\Program Files (x86)\Java
2016-02-10 15:18:06 ----D---- C:\Program Files (x86)\Common Files
2016-02-10 15:17:38 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-10 15:17:37 ----A---- C:\Windows\system32\javaws.exe
2016-02-10 15:17:37 ----A---- C:\Windows\system32\javaw.exe
2016-02-10 15:17:37 ----A---- C:\Windows\system32\java.exe
2016-02-10 15:16:57 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-02-10 08:53:14 ----HD---- C:\Program Files\WindowsApps

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdcfltn.sys [2012-07-14 22168]
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\Windows\system32\drivers\symefasi\0502000.004\symefasi.sys [2016-01-26 1626336]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Data\Definitions\BASHDefs\20160125.011\BHDrvx64.sys [2015-11-03 1665608]
R1 ccSettings_{1965D917-E2FF-4B93-999C-901F0AB03984};Symantec Endpoint Protection 12.1.6608.6300.105 Settings Manager; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\ccSetx64.sys [2015-10-23 162392]
R1 DwMirror;DwMirror; C:\Windows\system32\DRIVERS\DamewareMini.sys [2008-03-14 5632]
R1 dwvkbd;@oem64.inf,%dwvkbd64.SvcDesc%;DameWare Virtual Keyboard 64 bit Driver; C:\Windows\system32\DRIVERS\dwvkbd64.sys [2008-03-13 30720]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-11-18 498512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Data\Definitions\IPSDefs\20160304.011\IDSvia64.sys [2016-02-16 767224]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\SRTSP64.SYS [2015-10-23 890584]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\SRTSPX64.SYS [2015-10-23 37592]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\Ironx64.SYS [2015-10-23 270040]
R1 SYMNETS;Symantec Network Security WFP Driver; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\SYMNETS.SYS [2015-10-23 594136]
R1 SysPlant;SysPlant for NT; C:\Windows\system32\Drivers\SysPlant.sys [2016-01-26 168304]
R1 Teefer2;@oem40.inf,%Teefer2_Desc%;Symantec Endpoint Protection Firewall; C:\Windows\system32\DRIVERS\Teefer.sys [2015-10-23 112648]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2014-04-18 36600]
R3 ApfiltrService;@oem45.inf,%Filter.SvcDesc%;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\System32\drivers\Apfiltr.sys [2013-06-10 446840]
R3 b57nd60a;@netb57va.inf,%SvcDispName%;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys [2013-06-18 425984]
R3 bcbtums;@oem67.inf,%BCBTUMS.SvcDesc%;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2013-09-05 170712]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2013-08-22 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2013-08-22 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2014-03-18 81920]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\c:\Windows\system32\Drivers\CVPNDRVA.sys [2011-03-04 306536]
R3 DellRbtn;@oem9.inf,%DellRbtn%;Airplane Mode Switch; C:\Windows\System32\drivers\DellRbtn.sys [2013-02-12 10752]
R3 DNE;@oem70.inf,%DneMP_Desc%;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne64x.sys [2008-11-17 157968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-11-18 157520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-06-10 5358016]
R3 IntcDAud;@oem48.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-06-10 342528]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-10-05 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-03-06 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-10-05 64216]
R3 MEIx64;@oem68.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-18 62784]
R3 MQAC;@mqutil.dll,-6101; C:\Windows\system32\drivers\mqac.sys [2014-06-16 173568]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Data\Definitions\VirusDefs\20160305.004\ENG64.SYS [2015-10-27 138488]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Data\Definitions\VirusDefs\20160305.004\EX64.SYS [2015-10-27 2148080]
R3 NETwNe64;@netwew00.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\Windows\system32\DRIVERS\NETwew00.sys [2013-07-08 3344352]
R3 O2SDJRDR;O2SDJRDR; C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [2011-11-14 84712]
R3 PanGpd;@oem36.inf,%PanGpd.Service.DispName%;PanGP Virtual Miniport; C:\Windows\system32\DRIVERS\pangpd.sys [2015-09-10 36352]
R3 prepdrvr;SMS Process Event Driver; C:\Windows\system32\DRIVERS\prepdrv.sys [2013-09-11 26984]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2014-03-18 167424]
R3 ST_Accel;@oem8.inf,%ST_Accel.SVCDESC%;STMicroelectronics Accelerometer Service; C:\Windows\System32\drivers\ST_Accel.sys [2012-10-19 73368]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2016-01-26 178392]
S0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2013-06-10 647736]
S0 SymELAM;Symantec ELAM Driver; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\SymELAM.sys [2015-10-23 23568]
S3 Acceler;@oem29.inf,%Accelern.SVCDESC%;Accelerometer Service; C:\Windows\System32\drivers\accelern.sys [2013-06-10 27760]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2014-03-18 1200640]
S3 btwampfl;@oem67.inf,%btwampfl.ServiceName%;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2013-09-05 166104]
S3 CVirtA;Cisco Systems VPN Adapter for 64-bit Windows; C:\Windows\system32\DRIVERS\CVirtA64.sys [2010-02-08 14992]
S3 d554gps;@oem32.inf,%ServiceName%;Dell Wireless HSPA Mini-Card GPS Port; C:\Windows\System32\drivers\d554gps64.sys [2013-06-10 103184]
S3 dc3d;@oem40.inf,%dc3d.SvcDesc%;MS Hardware Device Detection Driver (USB); C:\Windows\System32\drivers\dc3d.sys [2011-05-18 47616]
S3 dcdbas;@oem25.inf,%dcdbas.SVCDESC%;System Management Driver; C:\Windows\System32\drivers\dcdbas64.sys [2013-06-10 39016]
S3 ecnssndis;@oem44.inf,%Ericsson.SvcDesc%; Mobile Broadband Driver; C:\Windows\System32\Drivers\wwuss64.sys [2013-06-10 26664]
S3 ecnssndisfltr;@oem44.inf,%Ericsson.FltSvcDesc%; Mobile Broadband Driver Filter; C:\Windows\System32\Drivers\wwussf64.sys [2013-06-10 29736]
S3 Mbm3CBus;@oem40.inf,%d557.Service.Desc%;Dell Wireless 5540 HSPA Mini-Card Device (WDM); C:\Windows\System32\drivers\Mbm3CBus.sys [2013-06-10 419400]
S3 Mbm3DevMt;@oem42.inf,%d557.Service.Name%;Dell Wireless HSPA Mini-Card Device Management Driver (WDM); C:\Windows\System32\drivers\Mbm3DevMt.sys [2013-06-10 430664]
S3 O2MDFW8x64;O2MDFW8x64; C:\Windows\System32\drivers\O2MDFw8x64.sys [2013-06-10 74368]
S3 O2MDRW8x64;O2MDRW8x64; C:\Windows\System32\drivers\O2MDRw8x64.sys [2013-06-10 91008]
S3 Point64;@oem76.inf,%point64.SvcDesc%;Microsoft Mouse and Keyboard Center Filter Driver; C:\Windows\System32\drivers\point64.sys [2014-03-19 50896]
S3 SyDvCtrl;SyDvCtrl; \??\C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin64\SyDvCtrl64.sys [2015-10-23 36952]
S3 Trufos;Trufos; C:\Windows\system32\DRIVERS\Trufos.sys [2015-12-09 452040]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2014-03-18 121088]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2013-08-22 37768]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 CcmExec;SMS Agent Host; C:\Windows\CCM\CcmExec.exe [2015-10-04 1773744]
R2 CVPND;Cisco Systems, Inc. VPN Service; c:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [2011-03-04 1529856]
R2 dwmrcs;DameWare Mini Remote Control; C:\Windows\dwrcs\dwrcs.exe [2012-11-02 869736]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2014-06-16 16896]
R2 KBOXSMMP;KBOX SMMP Management Service; C:\Program Files (x86)\KACE\KBOX\KBOXSMMPService.exe [2010-06-14 2237440]
R2 LavasoftAdAwareService11;Ad-Aware Service 11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [2016-01-28 712432]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 MSMQ;@mqutil.dll,-6102; C:\Windows\system32\mqsvc.exe [2014-06-16 25600]
R2 NovaPdfServer;novaPDF Server; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [2015-07-14 41760]
R2 O2FLASH;O2FLASH; C:\Windows\system32\o2flash.exe [2011-11-16 244328]
R2 O2SDIOAssist;O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [2003-04-18 8192]
R2 PanGPS;PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [2015-09-10 2672944]
R2 SepMasterService;Symantec Endpoint Protection; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe [2015-10-23 145008]
R2 Synergy;Synergy; C:\Program Files (x86)\Synergy\synergyd.exe [2015-11-19 253120]
S2 BcmBtRSupport;@oem67.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\Windows\system32\BtwRSupportService.exe [2013-09-05 2252504]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10 269504]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-10 50784]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-06-10 279024]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 lpasvc;Microsoft Policy Platform Local Authority; C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-08-02 50280]
S3 lppsvc;Microsoft Policy Platform Processor; C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-08-02 50280]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-02-11 146888]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 150648]
S3 smstsmgr;ConfigMgr Task Sequence Agent; C:\Windows\CCM\TSManager.exe [2015-04-14 316600]
S3 SNAC;Symantec Network Access Control; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin64\snac64.exe [2015-10-23 396344]
S4 CmRcService;Configuration Manager Remote Control; C:\Windows\CCM\RemCtrl\CmRcService.exe [2015-04-14 671928]

-----------------EOF-----------------

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2000478354-2025429265-682003330-62348.job
C:\Windows\tasks\G2MUploadTask-S-1-5-21-2000478354-2025429265-682003330-62348.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:services
Bonjour Service

:commands
[Puirty]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Zdravim,

ospravedlnujem sa, ze pisem do cudzieho vlakna ale mam presne rovnaky problem a tiez nezabera absolutne nic a toto je jedine vlakno, ktore som nasiel k teme. Pripajam RSIT, dakujem!! :

Logfile of random's system information tool 1.10 (written by random/random)
Run by Matej at 2016-03-07 09:39:50
Microsoft Windows 10 Home
System drive C: has 720 GB (77%) free of 932 GB
Total RAM: 7884 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:57 AM, on 3/7/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Microsoft Office\Root\Office16\UcMapi.exe
C:\Program Files (x86)\Microsoft Office\Root\Office16\lynchtmlconv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Matej.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: 1Password - {037C06D5-3893-49E8-9AC0-41F7524AFBF5} - C:\PROGRA~2\1PASSW~1\x86\AGILE1~1.DLL
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [Agile1pAgent] C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_98EEDD1BEBF13DD080EF57400FE760ED] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: 1Password - {35BA58F0-BE4F-4DB5-B6D7-4A593C4B7951} - C:\PROGRA~2\1PASSW~1\x86\AGILE1~1.DLL
O9 - Extra 'Tools' menuitem: 1Password - {35BA58F0-BE4F-4DB5-B6D7-4A593C4B7951} - C:\PROGRA~2\1PASSW~1\x86\AGILE1~1.DLL
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service: ASUS Flip Service - ASUS - C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Anti-Virus Service 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GManager - Unknown owner - C:\WINDOWS\system32\GManager.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe
O23 - Service: MlPatch - Unknown owner - C:\WINDOWS\system32\MlPatch.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15979 bytes

======Listing Processes======







winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-8a2bd1d9-2532-4f59-b45a-b047a5349133 -SystemEventPortName:HostProcess-3f6eafef-8bec-4514-af64-2620548b5feb -IoCancelEventPortName:HostProcess-8f3dd733-1b95-4585-9105-5d7576dcf700 -NonStateChangingEventPortName:HostProcess-0724c35e-a0c6-44a5-8af7-88b4a9a4fc8c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5bfb886a-39f9-423f-990d-ae64dade6313 -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\system32\igfxCUIService.exe
dashost.exe {68d28162-dce1-450b-ab50272e91487c65}
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe" -r
C:\WINDOWS\system32\GManager.exe
"C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe"
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE"
C:\WINDOWS\system32\MlPatch.exe
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
MSOIDSvcm.exe 2684
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe"
taskeng.exe {376C6BDF-DDA6-4005-9B61-0E2CA51AC3CE}
"C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
sihost.exe
C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe"
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
igfxEM.exe
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe" -hidden
igfxHK.exe
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
"C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe"
"C:\Program Files (x86)\1Password 4\Agile1pAgent.exe"
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe"
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Users\Matej\Desktop\HitmanPro_x64.exe"
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com"
"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE"
"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
"C:\Program Files (x86)\Microsoft Office\Root\Office16\UcMapi.exe" -Embedding
"C:\Program Files (x86)\Microsoft Office\Root\Office16\lynchtmlconv.exe" -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.113_none_7689896a26389b16\TiWorker.exe -Embedding

"C:\WINDOWS\system32\taskmgr.exe" /7
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="7504.0.805054304\1660087219" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,24,52 --gpu-vendor-id=0x8086 --gpu-device-id=0x0a16 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=20.19.15.4331 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.1.638521188\1621090246" --font-cache-shared-handle=2240 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.2.1019980689\1763642073" --font-cache-shared-handle=2940 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.3.957929732\268900489" --font-cache-shared-handle=2464 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.4.233150083\219621183" --font-cache-shared-handle=2940 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.5.309182805\1538264869" --font-cache-shared-handle=4044 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.6.1191659426\1602580386" --font-cache-shared-handle=4140 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.7.1702600621\1134540563" --font-cache-shared-handle=4316 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.8.1591525821\1438430155" --font-cache-shared-handle=4476 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.9.109844651\1631565664" --font-cache-shared-handle=4680 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.10.810112308\523932740" --font-cache-shared-handle=4780 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.11.1202205415\1828357202" --font-cache-shared-handle=4888 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.12.1075899686\190179537" --font-cache-shared-handle=4780 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.13.1245773608\214840916" --font-cache-shared-handle=5024 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.14.1099484376\1848471514" --font-cache-shared-handle=2676 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.15.605293515\1842473841" --font-cache-shared-handle=2712 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.16.1069065694\1270297134" --font-cache-shared-handle=5296 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.17.1782101388\609900544" --font-cache-shared-handle=5012 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.18.2117567971\1673932148" --font-cache-shared-handle=5496 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.19.1023157309\1841728746" --font-cache-shared-handle=5592 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.20.1342292316\620260478" --font-cache-shared-handle=5676 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.21.354194880\716597042" --font-cache-shared-handle=5628 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.22.1010158421\1591143252" --font-cache-shared-handle=5928 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.23.928330005\1169723668" --font-cache-shared-handle=6108 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.24.834039781\465438747" --font-cache-shared-handle=6104 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.25.16350757\884141279" --font-cache-shared-handle=6204 /prefetch:673131151
"C:\Users\Matej\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.26.1344837645\383759145" --font-cache-shared-handle=4392 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/*AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/Control/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A3_Stable_R8/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="7504.28.1345987447\256244653" --font-cache-shared-handle=13724 /prefetch:673131151

======Scheduled tasks folder======

C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Log není kompletní.