VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Virus COM Surrogate?

https://forum.viry.cz:443/viewtopic.php?t=149425

Stránka 1 z 2

Virus COM Surrogate?

Napsal: 07 črc 2016 18:10
od jiri.s
Zdravím, když jsem chtěl z jednoho .docx souboru vymazat skrze Vlastnosti osobní údaje, dostal jsem zpět okno, které tvrdilo, že je soubor spuštěn v COM Surrogate a nechť ten program vypnu. Když jsem se mrkl do procesů, skutečně tam takový proces byl jako COM Surrogate. Ovšem situace se celá opakovala. Zajímavé je, že když dám ve Správci úloh záložku podrobnosti, vidím tam dva procesy dllhost.exe s tímto názvem a po malé chviličce se skryjí... RSIT byl spuštěn s minimalizovaným správcem úloh.

Logfile of random's system information tool 1.10 (written by random/random)
Run by W7 at 2016-07-07 18:53:43
Microsoft Windows 10 Home
System drive C: has 63 GB (55%) free of 114 GB
Total RAM: 4087 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:53:55, on 7.7.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0420)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Users\W7\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\trend micro\W7.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [OneDrive] "C:\Users\W7\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\W7\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [RGSC] D:\Program Files\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Odeslat do OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BugreportW - Unknown owner - C:\Program Files (x86)\yesbnd\mbat.exe (file missing)
O23 - Service: Protect Service(ceQeekg_protect) (ceQeekg_protect) - Unknown owner - C:\ProgramData\ceQeekg\protect\protect.exe (file missing)
O23 - Service: Update Service(ceQeekg_update) (ceQeekg_update) - Unknown owner - C:\Program Files (x86)\ceQeekg\ceQeekg\bin\ceQeekg_server.exe (file missing)
O23 - Service: cktSvc - Unknown owner - C:\Program Files (x86)\Uncheckit\cktSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: qkseeService - Unknown owner - C:\Program Files (x86)\qksee\qkseeSvc.exe (file missing)
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Reimage® - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group, LLC - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: WFini WdMan Service (WdMan) - Unknown owner - C:\ProgramData\LwinpL\WFini.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: WinZiper service (winzipersvc) - Unknown owner - C:\Program Files (x86)\WinZipper\winzipersvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: yahoochrome technology limit (yahoochrometechnology) - Unknown owner - C:\ProgramData\yahoochrome\desktop25.exe (file missing)

--
End of file - 12301 bytes

======Listing Processes======







winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-40d1ccf9-f091-4e36-9c43-c2676f2d0037 -SystemEventPortName:HostProcess-d07f2216-77ed-4798-a470-205b7469d954 -IoCancelEventPortName:HostProcess-c41a328a-fccd-4036-a2ff-c35a5f86bcd4 -NonStateChangingEventPortName:HostProcess-37b8719d-9011-4a40-a80e-3bbb4308990c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:cca644e2-0ee0-4fc1-8c02-988dcc9e1ce3 -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
atieclxx
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-adc30364-a74d-49d3-8747-a2ed13da619d -SystemEventPortName:HostProcess-f84e340b-8576-4c8f-a8ed-fb9d46227f53 -IoCancelEventPortName:HostProcess-115216aa-e0ec-4ab5-924b-3c8d796383cd -NonStateChangingEventPortName:HostProcess-1cb74d39-f3d6-4f00-9c66-05e989ee7cc3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:aa3f4fc8-83c6-473f-b545-2b3242c5bbd4 -DeviceGroupId:WpdFsGroup
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\PROGRAM FILES\REIMAGE\REIMAGE PROTECTOR\ReiSystem.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\wbem\wmiprvse.exe
dashost.exe {1b9d7009-6118-46e6-b14d5df4426479c9}
sihost.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan
C:\WINDOWS\Explorer.EXE
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding

C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Users\W7\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /ELEVATED
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"fontdrvhost.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE" -Embedding
"C:\WINDOWS\System32\Taskmgr.exe" /2
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\W7\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=51.0.2704.103 --handshake-handle=0x168
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableMediaRouter/Disabled/ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Unused_2/OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/SafeBrowsingIncidentReportingService/Default/SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --type=gpu-process --channel="7024.0.387936019\355222957" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,10,13,25,54 --gpu-vendor-id=0x1002 --gpu-device-id=0x68b8 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=15.201.1151.1008 --mojo-platform-channel-handle=1224 --ignored=" --type=renderer " /prefetch:2
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=99FE7C44D369907B9A9766EF82E03F41 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.2.1645752774\1119776417" --mojo-platform-channel-handle=2480 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=1B8801D236C86623816D590A44EDDE77 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.14.1770306967\1530869823" --mojo-platform-channel-handle=2148 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=8DC5B6BF57CD681EDE0F399E455560D7 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.30.173835721\137330018" --mojo-platform-channel-handle=8488 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=19F9E4E45B1C216C5660BFF2181E263F --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.32.768872523\1030611171" --mojo-platform-channel-handle=3760 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=ADA64967EE978A8B9F103C64EFEFFAC0 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.34.998998718\1290936442" --mojo-platform-channel-handle=8396 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=573939850C7EFAF5B8FFF0D00DCEEF4F --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.36.1003238701\1263232155" --mojo-platform-channel-handle=6664 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=5BDE1A0D839CF11F898C375DA335FE25 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.37.1644621815\1198455536" --mojo-platform-channel-handle=8316 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=047DCD50D261A3AFCB4192ED406A4872 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.38.1159656069\1371322850" --mojo-platform-channel-handle=4116 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=2864E1ACD68883A8F1B9BE85A9593333 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.39.771322001\549091844" --mojo-platform-channel-handle=7112 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=4432F56C6A0D7B4BEFA7D4E967BF6C0D --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.43.1759314347\1598623462" --mojo-platform-channel-handle=8888 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=837261B765D8C196FDE56D4086FF2168 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.44.1125776584\1372937324" --mojo-platform-channel-handle=7828 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=E462A65431219F775E0A57A6E0EF4D98 --lang=cs --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.45.686947118\279880269" --mojo-platform-channel-handle=5432 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=0A80B63512AA65478757EE62ABA5D67D --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.46.245567696\223036162" --mojo-platform-channel-handle=5400 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=F2944F79FEC053247F771140D1D3EDA6 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.47.590105322\1155073423" --mojo-platform-channel-handle=9196 /prefetch:1
"C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=523591F59D3075801C401DCA33AABF46 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7024.49.1996135904\786338389" --mojo-platform-channel-handle=10320 /prefetch:1
"D:\Downloady\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\r805vntx.default

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.192 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.192 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-06-05 231112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~2.DLL [2016-04-09 2015976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-05 2095920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-06-05 170704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-09 461888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL [2016-04-09 1257704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-05 1538352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-09 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-07 13885696]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2016-04-09 5321448]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2016-04-09 5560040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\W7\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-20 554184]
"Steam"=D:\Program Files\Steam\steam.exe [2016-06-15 2917456]
"Akamai NetSession Interface"=C:\Users\W7\AppData\Local\Akamai\netsession_win.exe []
"RGSC"=D:\Program Files\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-11-04 767176]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-06-27 7408312]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-05-20 595992]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2016-06-08 5565960]

C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odeslat do OneNote.lnk - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2016-07-07 18:53:43 ----D---- C:\rsit
2016-07-07 18:53:43 ----D---- C:\Program Files\trend micro
2016-07-05 22:37:22 ----D---- C:\Users\W7\AppData\Roaming\Spyware Terminator
2016-07-05 22:37:22 ----D---- C:\ProgramData\Spyware Terminator
2016-07-05 22:37:19 ----AD---- C:\Program Files (x86)\Spyware Terminator
2016-07-05 22:11:37 ----D---- C:\ProgramData\Reimage Protector
2016-07-05 22:11:26 ----D---- C:\Program Files\Reimage
2016-07-05 22:11:10 ----D---- C:\rei
2016-07-05 22:10:21 ----A---- C:\WINDOWS\Reimage.ini
2016-07-04 22:21:11 ----D---- C:\Users\W7\AppData\Roaming\.mono
2016-07-04 22:21:11 ----D---- C:\ProgramData\.mono
2016-06-30 19:47:59 ----D---- C:\Program Files (x86)\ConPad
2016-06-30 19:47:06 ----D---- C:\Users\W7\AppData\Roaming\Scalabium
2016-06-21 16:57:31 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2016-06-21 15:07:09 ----AD---- C:\Program Files\Common Files\DESIGNER
2016-06-19 10:57:46 ----D---- C:\Program Files (x86)\Industry Giant 2
2016-06-18 07:36:39 ----AD---- C:\Program Files (x86)\LogMeIn Hamachi
2016-06-18 07:35:16 ----SD---- C:\WINDOWS\SYSWOW64\Microsoft
2016-06-17 14:19:23 ----A---- C:\WINDOWS\system32\vbscript.dll
2016-06-17 14:19:23 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-06-17 14:19:23 ----A---- C:\WINDOWS\system32\atmlib.dll
2016-06-17 14:19:22 ----A---- C:\WINDOWS\system32\NMAA.dll
2016-06-17 14:19:22 ----A---- C:\WINDOWS\system32\mos.dll
2016-06-17 14:19:22 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2016-06-17 14:19:21 ----A---- C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-17 14:19:21 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-06-17 14:19:21 ----A---- C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-17 14:19:19 ----A---- C:\WINDOWS\system32\MapsStore.dll
2016-06-17 14:19:19 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2016-06-17 14:19:19 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2016-06-17 14:19:18 ----A---- C:\WINDOWS\system32\tdlrecover.exe
2016-06-17 14:19:18 ----A---- C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-17 14:19:18 ----A---- C:\WINDOWS\system32\MosStorage.dll
2016-06-17 14:19:18 ----A---- C:\WINDOWS\system32\moshostcore.dll
2016-06-17 14:19:18 ----A---- C:\WINDOWS\system32\moshost.dll
2016-06-17 14:19:18 ----A---- C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-17 14:19:18 ----A---- C:\WINDOWS\system32\MapsCSP.dll
2016-06-17 14:19:18 ----A---- C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-17 14:19:18 ----A---- C:\WINDOWS\system32\gdi32.dll
2016-06-17 14:19:18 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-17 14:19:18 ----A---- C:\WINDOWS\system32\BingMaps.dll
2016-06-17 14:19:18 ----A---- C:\WINDOWS\system32\appraiser.dll
2016-06-17 14:19:17 ----A---- C:\WINDOWS\system32\WWAHost.exe
2016-06-17 14:19:17 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-17 14:19:17 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-06-17 14:19:17 ----A---- C:\WINDOWS\system32\fontsub.dll
2016-06-17 14:19:17 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2016-06-17 14:19:17 ----A---- C:\WINDOWS\system32\atmfd.dll
2016-06-17 14:19:16 ----A---- C:\WINDOWS\system32\twinui.dll
2016-06-17 14:19:16 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-17 14:19:15 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-06-17 14:19:15 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-06-17 14:19:14 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-06-17 14:19:14 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2016-06-17 14:19:14 ----A---- C:\WINDOWS\system32\MBMediaManager.dll
2016-06-17 14:19:13 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-06-17 14:19:13 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-17 14:19:13 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-17 14:19:13 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-17 14:19:12 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2016-06-17 14:19:12 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-06-17 14:19:12 ----A---- C:\WINDOWS\system32\LocationFramework.dll
2016-06-17 14:19:12 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-06-17 14:19:11 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2016-06-17 14:19:11 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-06-17 14:19:11 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-06-17 14:19:11 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2016-06-17 14:19:11 ----A---- C:\WINDOWS\system32\winhttp.dll
2016-06-17 14:19:11 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-17 14:19:11 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-06-17 14:19:11 ----A---- C:\WINDOWS\system32\gpsvc.dll
2016-06-17 14:19:10 ----A---- C:\WINDOWS\SYSWOW64\LocationFramework.dll
2016-06-17 14:19:10 ----A---- C:\WINDOWS\SYSWOW64\ActiveSyncProvider.dll
2016-06-17 14:19:10 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-17 14:19:10 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-06-17 14:19:10 ----A---- C:\WINDOWS\system32\tileobjserver.dll
2016-06-17 14:19:10 ----A---- C:\WINDOWS\system32\SRHInproc.dll
2016-06-17 14:19:10 ----A---- C:\WINDOWS\system32\ole32.dll
2016-06-17 14:19:10 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-06-17 14:19:10 ----A---- C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-17 14:19:10 ----A---- C:\WINDOWS\system32\msfeeds.dll
2016-06-17 14:19:10 ----A---- C:\WINDOWS\system32\invagent.dll
2016-06-17 14:19:10 ----A---- C:\WINDOWS\system32\drivers\dumpsdport.sys
2016-06-17 14:19:10 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2016-06-17 14:19:10 ----A---- C:\WINDOWS\system32\AppContracts.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\SYSWOW64\tdlrecover.exe
2016-06-17 14:19:09 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\SYSWOW64\gdi32.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\SYSWOW64\AppContracts.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\system32\wuaueng.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\system32\wscsvc.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\system32\SharedStartModel.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\system32\iphlpsvc.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\system32\dxgi.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\system32\AppxPackaging.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-17 14:19:09 ----A---- C:\WINDOWS\explorer.exe
2016-06-17 14:19:08 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2016-06-17 14:19:08 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\SYSWOW64\StructuredQuery.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\SYSWOW64\setupapi.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\SYSWOW64\NetSetupEngine.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2016-06-17 14:19:08 ----A---- C:\WINDOWS\SYSWOW64\dxgi.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\system32\ws2_32.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\system32\tetheringservice.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\system32\StructuredQuery.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\system32\SRH.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\system32\setupapi.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\system32\rastls.dll
2016-06-17 14:19:08 ----A---- C:\WINDOWS\system32\LockAppHost.exe
2016-06-17 14:19:08 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2016-06-17 14:19:07 ----A---- C:\WINDOWS\SYSWOW64\ws2_32.dll
2016-06-17 14:19:07 ----A---- C:\WINDOWS\SYSWOW64\SRHInproc.dll
2016-06-17 14:19:07 ----A---- C:\WINDOWS\SYSWOW64\MessagingDataModel2.dll
2016-06-17 14:19:07 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2016-06-17 14:19:07 ----A---- C:\WINDOWS\SYSWOW64\LockAppHost.exe
2016-06-17 14:19:07 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\usocore.dll
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\shell32.dll
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\RDXService.dll
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\omadmclient.exe
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\MosHostClient.dll
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\mdmmigrator.dll
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\drivers\netbt.sys
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\BrokerLib.dll
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\bisrv.dll
2016-06-17 14:19:07 ----A---- C:\WINDOWS\system32\acmigration.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\SYSWOW64\ncryptsslp.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\SYSWOW64\mswsock.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\SYSWOW64\AppxPackaging.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\system32\wininet.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\system32\vpnike.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\system32\polstore.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\system32\mswsock.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\system32\hal.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\system32\drivers\tpm.sys
2016-06-17 14:19:06 ----A---- C:\WINDOWS\system32\drivers\srv.sys
2016-06-17 14:19:06 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2016-06-17 14:19:06 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2016-06-17 14:19:06 ----A---- C:\WINDOWS\system32\dmenrollengine.dll
2016-06-17 14:19:06 ----A---- C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\VEEventDispatcher.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\SyncController.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\StoreAgent.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\SRH.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\rastls.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\polstore.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\newdev.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\NetSetupApi.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\MosStorage.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\MosHostClient.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\dhcpcore6.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\wuauclt.exe
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\SyncController.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\newdev.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\NetSetupApi.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\ncryptsslp.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\internetmail.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\gpapi.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\GnssAdapter.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\drivers\ufx01000.sys
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\drivers\srvnet.sys
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\drivers\partmgr.sys
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\drivers\Ndu.sys
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\dmcertinst.exe
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\dhcpcore6.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\dhcpcore.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\devinv.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\cdd.dll
2016-06-17 14:19:05 ----A---- C:\WINDOWS\system32\aeinv.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.Management.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\SYSWOW64\mdmregistration.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\SYSWOW64\MapsBtSvc.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2016-06-17 14:19:04 ----A---- C:\WINDOWS\SYSWOW64\FwRemoteSvr.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\SYSWOW64\fontsub.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\SYSWOW64\dhcpcsvc6.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\SYSWOW64\dhcpcsvc.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\SYSWOW64\dhcpcore.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\SYSWOW64\atmlib.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\MusNotification.exe
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\mdmregistration.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\httpprxp.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\httpprxm.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\enrollmentapi.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\drivers\hidclass.sys
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\browserbroker.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\AppCapture.dll
2016-06-17 14:19:04 ----A---- C:\WINDOWS\system32\adhsvc.dll

======List of files/folders modified in the last 1 month======

2016-07-07 18:53:47 ----D---- C:\WINDOWS\Prefetch
2016-07-07 18:53:43 ----RD---- C:\Program Files
2016-07-07 18:34:49 ----D---- C:\WINDOWS\Temp
2016-07-07 18:24:33 ----D---- C:\WINDOWS\System32
2016-07-07 18:24:33 ----D---- C:\WINDOWS\INF
2016-07-07 18:24:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-07 18:24:06 ----D---- C:\WINDOWS\AppReadiness
2016-07-07 18:10:40 ----D---- C:\WINDOWS\system32\sru
2016-07-07 16:56:55 ----D---- C:\WINDOWS\system32\config
2016-07-07 16:51:25 ----D---- C:\WINDOWS\system32\DriverStore
2016-07-07 16:50:27 ----D---- C:\WINDOWS\Microsoft.NET
2016-07-07 13:01:06 ----D---- C:\Users\W7\AppData\Roaming\Skype
2016-07-07 13:00:32 ----SHDC---- C:\WINDOWS\Installer
2016-07-07 13:00:28 ----RD---- C:\Program Files (x86)\Skype
2016-07-07 12:59:23 ----D---- C:\ProgramData\Skype
2016-07-07 12:49:52 ----D---- C:\WINDOWS\system32\WDI
2016-07-07 12:35:12 ----D---- C:\WINDOWS\Minidump
2016-07-07 12:35:09 ----D---- C:\WINDOWS\system32\drivers
2016-07-07 12:35:09 ----D---- C:\Windows
2016-07-07 12:35:09 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-07 12:35:09 ----AD---- C:\Program Files\Microsoft Silverlight
2016-07-07 12:35:09 ----AD---- C:\Program Files (x86)\Microsoft Silverlight
2016-07-06 22:13:44 ----HD---- C:\Program Files\WindowsApps
2016-07-05 22:37:22 ----HD---- C:\ProgramData
2016-07-05 22:37:19 ----RD---- C:\Program Files (x86)
2016-07-05 22:12:28 ----D---- C:\WINDOWS\system32\Tasks
2016-07-05 22:05:49 ----D---- C:\WINDOWS\SYSWOW64\_tWm
2016-07-05 22:05:49 ----D---- C:\ProgramData\fwinpf
2016-07-01 20:22:34 ----D---- C:\Users\W7\AppData\Roaming\Audacity
2016-07-01 18:07:18 ----D---- C:\Users\W7\AppData\Roaming\Open Rails
2016-06-30 19:48:01 ----D---- C:\WINDOWS\SysWOW64
2016-06-21 15:07:22 ----AD---- C:\ProgramData\regid.1991-06.com.microsoft
2016-06-21 15:07:09 ----D---- C:\Program Files\Common Files
2016-06-21 15:07:09 ----AD---- C:\Program Files\Common Files\microsoft shared
2016-06-21 15:06:26 ----AD---- C:\Program Files\Microsoft Office
2016-06-20 20:48:08 ----D---- C:\WINDOWS\rescache
2016-06-19 12:09:26 ----D---- C:\WINDOWS\WinSxS
2016-06-19 12:08:08 ----D---- C:\WINDOWS\system32\catroot2
2016-06-19 10:57:53 ----SD---- C:\Users\W7\AppData\Roaming\Microsoft
2016-06-17 23:02:37 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-06-17 23:02:36 ----SD---- C:\WINDOWS\system32\DiagSvcs
2016-06-17 23:02:36 ----D---- C:\WINDOWS\system32\wbem
2016-06-17 23:02:36 ----D---- C:\WINDOWS\system32\SystemResetPlatform
2016-06-17 23:02:36 ----D---- C:\WINDOWS\system32\migration
2016-06-17 23:02:36 ----D---- C:\WINDOWS\system32\cs-CZ
2016-06-17 23:02:36 ----D---- C:\WINDOWS\bcastdvr
2016-06-17 23:02:36 ----D---- C:\WINDOWS\AppPatch
2016-06-17 23:02:36 ----D---- C:\Program Files\Internet Explorer
2016-06-17 23:02:36 ----D---- C:\Program Files (x86)\Internet Explorer
2016-06-17 20:56:52 ----D---- C:\Users\W7\AppData\Roaming\uTorrent
2016-06-17 18:26:30 ----D---- C:\WINDOWS\CbsTemp
2016-06-17 18:25:35 ----D---- C:\WINDOWS\system32\MRT
2016-06-17 18:21:46 ----A---- C:\WINDOWS\system32\MRT.exe
2016-06-14 20:33:01 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2016-06-09 16:24:59 ----D---- C:\ProgramData\Oracle
2016-06-09 16:14:25 ----D---- C:\Program Files (x86)\Java
2016-06-09 16:13:47 ----D---- C:\Program Files (x86)\Common Files
2016-06-09 16:13:14 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll

Re: Virus COM Surrogate?

Napsal: 07 črc 2016 18:11
od jiri.s
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2016-05-10 74544]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2016-05-10 287528]
R0 mv91xx;mv91xx; C:\WINDOWS\System32\drivers\mv91xx.sys [2010-03-17 302632]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2016-05-10 37144]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2016-05-10 103064]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2016-05-10 1070904]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2016-05-10 465792]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-04-23 87552]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2016-05-10 37656]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2016-05-10 107792]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2016-05-10 166432]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-10-30 47616]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\WINDOWS\system32\DRIVERS\stflt.sys [2011-08-24 51496]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2015-10-30 78848]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-12-18 21648880]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-12-18 674288]
R3 AtiHDAudioService;@oem1.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWT6.sys [2015-05-28 102912]
R3 Hamachi;@oem4.inf,%Hamachi.Service.DispName%;LogMeIn Hamachi Virtual Miniport); C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [2015-11-12 45680]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-06-24 4504320]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-30 589824]
R3 SensorsSimulatorDriver;@oem25.inf,%WudfSensorsSimulatorDriverDisplayName%;UMDF Reflector service for SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2015-10-30 216064]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2015-12-20 117248]
S3 dg_ssudbus;@oem31.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-04-25 129152]
S3 dtlitescsibus;@oem14.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2016-04-16 30264]
S3 dtliteusbbus;@oem16.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2016-04-16 47672]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-10-30 26624]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\WINDOWS\System32\drivers\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\WINDOWS\System32\drivers\nusb3xhc.sys [2011-02-10 181760]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2015-10-30 930656]
S3 ssudmdm;@oem30.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-04-25 221824]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2016-04-23 63488]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-04-22 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2015-12-18 255472]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-05-10 243296]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-06-05 2855152]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2016-06-08 2552840]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2016-06-07 419248]
R2 OneSyncSvc_4ce01;Hostitel synchronizace_4ce01; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 ReimageRealTimeProtector;Reimage Real Time Protector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-05-27 7806848]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-08-25 389896]
R2 ST2012_Svc;Spyware Terminator 2015 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2016-04-09 3269864]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 PimIndexMaintenanceSvc_4ce01;Data kontaktů_4ce01; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 BugreportW;BugreportW; C:\Program Files (x86)\yesbnd\mbat.exe {154DFF63-3402-4815-941A-AAD63AE8B428} []
S2 ceQeekg_protect;Protect Service(ceQeekg_protect); C:\ProgramData\ceQeekg\protect\protect.exe []
S2 ceQeekg_update;Update Service(ceQeekg_update); C:\Program Files (x86)\ceQeekg\ceQeekg\bin\ceQeekg_server.exe []
S2 cktSvc;cktSvc; C:\Program Files (x86)\Uncheckit\cktSvc.exe {92E162D7-70FD-48F7-A779-91154F8FD518} []
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-06 154440]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_167784e;Hostitel synchronizace_167784e; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_16b26c0;Hostitel synchronizace_16b26c0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_182794b7;Hostitel synchronizace_182794b7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_1dcc02e;Hostitel synchronizace_1dcc02e; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_1f62b10;Hostitel synchronizace_1f62b10; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_239b6924;Hostitel synchronizace_239b6924; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_452e64c;Hostitel synchronizace_452e64c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_60747;Hostitel synchronizace_60747; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_68e3833;Hostitel synchronizace_68e3833; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_85074;Hostitel synchronizace_85074; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 qkseeService;qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-05-23 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16 270016]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-06 154440]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_167784e;Služba zasílání zpráv_167784e; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_16b26c0;Služba zasílání zpráv_16b26c0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_182794b7;Služba zasílání zpráv_182794b7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_1dcc02e;Služba zasílání zpráv_1dcc02e; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_1f62b10;Služba zasílání zpráv_1f62b10; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_239b6924;Služba zasílání zpráv_239b6924; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_452e64c;Služba zasílání zpráv_452e64c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_4ce01;Služba zasílání zpráv_4ce01; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_60747;Služba zasílání zpráv_60747; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_68e3833;Služba zasílání zpráv_68e3833; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_85074;Služba zasílání zpráv_85074; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-06-21 146888]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-06-05 252112]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_167784e;Data kontaktů_167784e; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_16b26c0;Data kontaktů_16b26c0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_182794b7;Data kontaktů_182794b7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_1dcc02e;Data kontaktů_1dcc02e; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_1f62b10;Data kontaktů_1f62b10; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_239b6924;Data kontaktů_239b6924; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_452e64c;Data kontaktů_452e64c; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_60747;Data kontaktů_60747; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_68e3833;Data kontaktů_68e3833; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_85074;Data kontaktů_85074; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-06-15 1518672]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2015-10-30 290304]
S3 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S4 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]

-----------------EOF-----------------
P.S. Nechápu, proč je zde limitující počet znaků, díky němuž jsem to musel rozdělit nadvakrát...

Re: Virus COM Surrogate?

Napsal: 07 črc 2016 19:01
od Rudy
Zdravím!
100000 zanků na jeden post je zde proto, aby chod fóra nebyl výrazně zpomalován. Nic se nestane, když svůj post rozdělíte na více dílů. Dejte vyhledat soubor dllhost.exe a pokud je umístěn jinde, než v system32, je to virus. Pak můžete spustit tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Virus COM Surrogate?

Napsal: 07 črc 2016 19:10
od jiri.s
Díky za rychlou odpověď. dllhost zde mám celkem 4x: 1x v system32, 1x v syswow64, to je asi v pořádku, a pak podivně 2x ve složce winsxs v podivně dlouze nazvaných adresářích - první z názvů těch adresářů začíná na wow64 a druhý na amd64...

Re: Virus COM Surrogate?

Napsal: 07 črc 2016 19:43
od Rudy
OK. Co ten ADWCleaner?

Re: Virus COM Surrogate?

Napsal: 07 črc 2016 19:52
od jiri.s
Našel toho poměrně dost (některé názvy rozpoznávám jako spyware, který mi dříve vymazal Avast):
# AdwCleaner v5.201 - Log vytvořen 07/07/2016 v 20:19:35
# Aktualizováno 30/06/2016 by ToolsLib
# Databáze : 2016-07-06.1 [Server]
# Operační system : Windows 10 Home (X64)
# Uživatelské jméno : W7 - W7-PC
# Spuštěno z : D:\Downloady\adwcleaner_5.201.exe
# Nastavení : Čištění
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

[-] Služba Smazáno : ReimageRealTimeProtector
[-] Služba Smazáno : sp_rsdrv2
[-] Služba Smazáno : winzipersvc
[-] Služba Smazáno : WdMan
[-] Služba Smazáno : qkseeService
[-] Služba Smazáno : BugreportW
[-] Služba Smazáno : yahoochrometechnology

***** [ Složky ] *****

[-] Složka Smazáno : C:\rei
[-] Složka Smazáno : C:\ProgramData\Reimage Protector
[-] Složka Smazáno : C:\ProgramData\Uncheckit
[-] Složka Smazáno : C:\ProgramData\fwinpf
[-] Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
[-] Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
[-] Složka Smazáno : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit
[-] Složka Smazáno : C:\Users\W7\AppData\LocalLow\Tbccint
[#] Složka Smazáno : C:\Users\W7\AppData\LocalLow\tbccint
[-] Složka Smazáno : C:\Users\W7\AppData\Roaming\qksee
[-] Složka Smazáno : C:\Users\W7\AppData\Roaming\WinZiper
[-] Složka Smazáno : C:\Users\W7\AppData\Roaming\Uncheckit
[-] Složka Smazáno : C:\Program Files\Reimage
[-] Složka Smazáno : C:\Users\Public\Documents\dmp
[-] Složka Smazáno : C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F

***** [ Soubory ] *****

[-] Soubor Smazáno : C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[-] Soubor Smazáno : C:\WINDOWS\Reimage.ini
[-] Soubor Smazáno : C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] Soubor Smazáno : C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] Soubor Smazáno : C:\WINDOWS\SysNative\log\iSafeKrnlCall.log

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupci ] *****


***** [ Naplánované úlohy ] *****

[-] Úloha Smazáno : Reimage Reminder
[-] Úloha Smazáno : ReimageUpdater
[-] Úloha Smazáno : Browser Updater Task(Core)
[-] Úloha Smazáno : UncheckitTaskMN
[-] Úloha Smazáno : UncheckitUpdateTaskC
[-] Úloha Smazáno : UncheckitUpdateTaskDB
[-] Úloha Smazáno : Reimage Reminder
[-] Úloha Smazáno : ReimageUpdater

***** [ Registry ] *****

[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
[-] Klíč Smazáno : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.001
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.z
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Klíč Smazáno : HKCU\Software\Conduit
[-] Klíč Smazáno : HKCU\Software\distromatic
[-] Klíč Smazáno : HKCU\Software\Reimage
[-] Klíč Smazáno : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Klíč Smazáno : HKLM\SOFTWARE\Conduit
[-] Klíč Smazáno : HKLM\SOFTWARE\hdcode
[-] Klíč Smazáno : HKLM\SOFTWARE\yessearchesSoftware
[-] Klíč Smazáno : HKLM\SOFTWARE\qkseeSvc
[-] Klíč Smazáno : HKLM\SOFTWARE\qksee
[-] Klíč Smazáno : HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč Smazáno : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Klíč Smazáno : HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Klíč Smazáno : HKLM\SOFTWARE\Uncheckit
[-] Klíč Smazáno : HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee
[-] Klíč Smazáno : [x64] HKLM\SOFTWARE\Reimage
[-] Klíč Smazáno : [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč Smazáno : [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
[-] Klíč Smazáno : HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč Smazáno : HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[-] Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[-] Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService

***** [ Prohlížeče ] *****


*************************

:: "Tracing" klíče smazány
:: Nastavení Winsock vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7919 bytů] - [07/07/2016 20:19:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [8122 bytů] - [07/07/2016 20:16:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8065 bytů] ##########

Re: Virus COM Surrogate?

Napsal: 07 črc 2016 20:46
od jiri.s
Tak jsem se ještě zaměřil na ty dva procesy - oba směřují do system32, dllhost.exe v této složce jsem nechal prověřit virustotalem a nic pozitivního. Nicméně opravdu nerozumím tomu, proč to vypisuje otevření v COM Surrogate - nedá se to nikde nijak zastavit.

Re: Virus COM Surrogate?

Napsal: 07 črc 2016 20:53
od Rudy
Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Re: Virus COM Surrogate?

Napsal: 07 črc 2016 21:16
od jiri.s
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by W7 (administrator) on W7-PC (07-07-2016 22:11:03)
Running from C:\Users\W7\Desktop
Loaded Profiles: W7 (Available Profiles: W7)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.22051.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.21441.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [5321448 2016-04-09] (Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [5560040 2016-04-09] (Crawler Group, LLC)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-06-08] (LogMeIn Inc.)
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\Run: [Steam] => D:\Program Files\Steam\steam.exe [2851408 2016-07-07] (Valve Corporation)
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\W7\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\Run: [RGSC] => D:\Program Files\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\Policies\Explorer: []
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-10] (AVAST Software)
Startup: C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2015-12-18]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{13cdb846-e679-46de-a3e6-9b3b8668a822}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://go.microsoft.com/fwlink/p/?linkid=786333
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-06-05] (Microsoft Corporation)
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2016-04-09] (Crawler Group, LLC)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-05] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-06-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-09] (Oracle Corporation)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll [2016-04-09] (Crawler Group, LLC)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-09] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\r805vntx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-05] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-06-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3921140049-4044092652-1554341566-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\W7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Extension: AdBlocker Ultimate - C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\r805vntx.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-04-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-10]

Chrome:
=======
CHR Profile: C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-06]
CHR Extension: (YouTube) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-06]
CHR Extension: (AdBlock) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-06]
CHR Extension: (Gmail) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-05-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-10] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2855152 2016-06-05] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-06-07] (LogMeIn, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-08-25] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3269864 2016-04-09] (Crawler Group, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 ceQeekg_protect; "C:\ProgramData\ceQeekg\protect\protect.exe" [X]
S2 ceQeekg_update; "C:\Program Files (x86)\ceQeekg\ceQeekg\bin\ceQeekg_server.exe" [X]
S2 cktSvc; "C:\Program Files (x86)\Uncheckit\cktSvc.exe" {92E162D7-70FD-48F7-A779-91154F8FD518} [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-10] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-04-16] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-04-16] (Disc Soft Ltd)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-07 22:11 - 2016-07-07 22:11 - 00016717 _____ C:\Users\W7\Desktop\FRST.txt
2016-07-07 22:10 - 2016-07-07 22:11 - 00000000 ____D C:\FRST
2016-07-07 22:09 - 2016-07-07 22:10 - 02390016 _____ (Farbar) C:\Users\W7\Desktop\FRST64.exe
2016-07-07 20:15 - 2016-07-07 20:19 - 00000000 ____D C:\AdwCleaner
2016-07-07 18:53 - 2016-07-07 18:54 - 00000000 ____D C:\rsit
2016-07-07 18:53 - 2016-07-07 18:53 - 00000000 ____D C:\Program Files\trend micro
2016-07-07 12:35 - 2016-07-07 12:35 - 00213028 _____ C:\WINDOWS\Minidump\070716-14203-01.dmp
2016-07-05 22:37 - 2016-07-07 11:32 - 00000000 ____D C:\ProgramData\Spyware Terminator
2016-07-05 22:37 - 2016-07-06 22:20 - 00000000 ____D C:\Users\W7\AppData\LocalLow\Spyware Terminator
2016-07-05 22:37 - 2016-07-05 22:37 - 00001111 _____ C:\Users\Public\Desktop\Spyware Terminator 2015.lnk
2016-07-05 22:37 - 2016-07-05 22:37 - 00000000 ____D C:\Users\W7\AppData\Roaming\Spyware Terminator
2016-07-05 22:37 - 2016-07-05 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2016-07-05 22:37 - 2016-07-05 22:37 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2016-07-04 22:21 - 2016-07-04 22:21 - 00000000 ____D C:\Users\W7\AppData\Roaming\.mono
2016-07-04 22:21 - 2016-07-04 22:21 - 00000000 ____D C:\Users\W7\AppData\Local\Colossal Order
2016-07-04 22:21 - 2016-07-04 22:21 - 00000000 ____D C:\ProgramData\.mono
2016-07-04 21:19 - 2016-07-04 21:19 - 00000216 _____ C:\Users\W7\Desktop\Cities Skylines.url
2016-06-30 19:48 - 2016-06-30 19:48 - 00001932 _____ C:\Users\W7\Desktop\ConPad.lnk
2016-06-30 19:48 - 2016-06-30 19:48 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ConPad
2016-06-30 19:47 - 2016-06-30 19:48 - 00000000 ____D C:\Program Files (x86)\ConPad
2016-06-30 19:47 - 2016-06-30 19:47 - 00000000 ____D C:\Users\W7\AppData\Roaming\Scalabium
2016-06-30 19:46 - 2016-06-23 19:01 - 00098446 _____ C:\Users\W7\Desktop\LOGZVUK.DAT
2016-06-27 21:04 - 2016-03-16 19:05 - 01280116 _____ C:\Users\W7\Desktop\vystareholesovice.wav
2016-06-24 16:56 - 2016-06-24 16:56 - 00001268 _____ C:\Users\W7\Desktop\INISS.lnk
2016-06-24 12:45 - 2016-06-24 12:45 - 00000000 _____ C:\WINDOWS\system32\Accessories
2016-06-24 12:42 - 2008-02-29 20:24 - 00444064 _____ (ComponentOne) C:\WINDOWS\SysWOW64\Vsflex7L.ocx
2016-06-24 12:28 - 2008-02-29 20:24 - 00444064 _____ (ComponentOne) C:\WINDOWS\system32\Vsflex7L.ocx
2016-06-22 22:23 - 2016-06-22 22:23 - 00001361 _____ C:\Users\W7\AppData\Local\recently-used.xbel
2016-06-21 16:57 - 2016-07-07 12:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-21 16:35 - 2016-06-21 17:08 - 00002949 _____ C:\Users\W7\Desktop\Přihláškaredaktor.htm
2016-06-21 16:35 - 2016-06-21 16:48 - 00000373 _____ C:\Users\W7\Desktop\mail.php
2016-06-21 15:07 - 2016-06-21 15:07 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-06-19 10:57 - 2016-06-19 10:57 - 00002911 _____ C:\Users\W7\Desktop\Industry Giant 2.lnk
2016-06-19 10:57 - 2016-06-19 10:57 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
2016-06-19 10:57 - 2016-06-19 10:57 - 00000000 ____D C:\Program Files (x86)\Industry Giant 2
2016-06-18 07:36 - 2016-06-18 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-06-18 07:36 - 2016-06-18 07:36 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-06-18 07:35 - 2016-06-18 07:35 - 00279044 _____ C:\WINDOWS\Minidump\061816-12953-01.dmp
2016-06-17 14:19 - 2016-05-28 08:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-17 14:19 - 2016-05-28 08:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-17 14:19 - 2016-05-28 08:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-17 14:19 - 2016-05-28 08:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-17 14:19 - 2016-05-28 08:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-17 14:19 - 2016-05-28 08:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-17 14:19 - 2016-05-28 07:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-17 14:19 - 2016-05-28 07:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-17 14:19 - 2016-05-28 07:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-17 14:19 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-17 14:19 - 2016-05-28 07:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-17 14:19 - 2016-05-28 07:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-17 14:19 - 2016-05-28 07:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-17 14:19 - 2016-05-28 07:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-17 14:19 - 2016-05-28 07:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-17 14:19 - 2016-05-28 07:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-17 14:19 - 2016-05-28 07:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-17 14:19 - 2016-05-28 07:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-17 14:19 - 2016-05-28 07:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-17 14:19 - 2016-05-28 07:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-17 14:19 - 2016-05-28 07:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-17 14:19 - 2016-05-28 07:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-17 14:19 - 2016-05-28 07:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-17 14:19 - 2016-05-28 07:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-17 14:19 - 2016-05-28 07:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-17 14:19 - 2016-05-28 07:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-17 14:19 - 2016-05-28 07:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-17 14:19 - 2016-05-28 07:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-17 14:19 - 2016-05-28 07:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-17 14:19 - 2016-05-28 07:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-17 14:19 - 2016-05-28 07:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-17 14:19 - 2016-05-28 07:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-17 14:19 - 2016-05-28 07:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-17 14:19 - 2016-05-28 07:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-17 14:19 - 2016-05-28 07:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-17 14:19 - 2016-05-28 07:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-17 14:19 - 2016-05-28 07:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-17 14:19 - 2016-05-28 07:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-17 14:19 - 2016-05-28 07:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-17 14:19 - 2016-05-28 07:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-17 14:19 - 2016-05-28 07:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-17 14:19 - 2016-05-28 07:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-17 14:19 - 2016-05-28 07:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-17 14:19 - 2016-05-28 06:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-17 14:19 - 2016-05-28 06:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-17 14:19 - 2016-05-28 06:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-17 14:19 - 2016-05-28 06:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-17 14:19 - 2016-05-28 06:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-17 14:19 - 2016-05-28 06:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-17 14:19 - 2016-05-28 06:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-17 14:19 - 2016-05-28 06:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-17 14:19 - 2016-05-28 06:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-17 14:19 - 2016-05-28 06:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-17 14:19 - 2016-05-28 06:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-17 14:19 - 2016-05-28 06:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-17 14:19 - 2016-05-28 06:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-17 14:19 - 2016-05-28 06:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-17 14:19 - 2016-05-28 06:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-17 14:19 - 2016-05-28 06:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-17 14:19 - 2016-05-28 06:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-17 14:19 - 2016-05-28 06:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-17 14:19 - 2016-05-28 06:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-17 14:19 - 2016-05-28 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-17 14:19 - 2016-05-28 06:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-17 14:19 - 2016-05-28 06:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-17 14:19 - 2016-05-28 06:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-17 14:19 - 2016-05-28 06:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-17 14:19 - 2016-05-28 06:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-17 14:19 - 2016-05-28 06:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-17 14:19 - 2016-05-28 06:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-17 14:19 - 2016-05-28 06:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-17 14:19 - 2016-05-28 06:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-17 14:19 - 2016-05-28 06:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-17 14:19 - 2016-05-28 06:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-17 14:19 - 2016-05-28 06:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-17 14:19 - 2016-05-28 06:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-17 14:19 - 2016-05-28 06:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-17 14:19 - 2016-05-28 06:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-17 14:19 - 2016-05-28 06:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-17 14:19 - 2016-05-28 06:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-17 14:19 - 2016-05-28 06:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-17 14:19 - 2016-05-28 06:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-17 14:19 - 2016-05-28 06:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-17 14:19 - 2016-05-28 06:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-17 14:19 - 2016-05-28 06:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-17 14:19 - 2016-05-28 06:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-17 14:19 - 2016-05-28 06:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-17 14:19 - 2016-05-28 06:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-17 14:19 - 2016-05-28 06:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-17 14:19 - 2016-05-28 06:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-17 14:19 - 2016-05-28 06:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-17 14:19 - 2016-05-28 06:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-17 14:19 - 2016-05-28 06:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-17 14:19 - 2016-05-28 06:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-17 14:19 - 2016-05-28 06:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-17 14:19 - 2016-05-28 06:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-17 14:19 - 2016-05-28 06:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-17 14:19 - 2016-05-28 06:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-17 14:19 - 2016-05-28 06:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-17 14:19 - 2016-05-28 06:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-17 14:19 - 2016-05-28 06:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-17 14:19 - 2016-05-28 06:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-17 14:19 - 2016-05-28 06:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-17 14:19 - 2016-05-28 06:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-17 14:19 - 2016-05-28 06:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-17 14:19 - 2016-05-28 06:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-17 14:19 - 2016-05-28 06:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-17 14:19 - 2016-05-28 06:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-17 14:19 - 2016-05-28 06:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-17 14:19 - 2016-05-28 06:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-17 14:19 - 2016-05-28 06:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-17 14:19 - 2016-05-28 06:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-17 14:19 - 2016-05-28 06:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-17 14:19 - 2016-05-28 06:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-17 14:19 - 2016-05-28 06:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-17 14:19 - 2016-05-28 06:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-17 14:19 - 2016-05-28 06:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-17 14:19 - 2016-05-28 06:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-17 14:19 - 2016-05-28 06:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-17 14:19 - 2016-05-28 06:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-17 14:19 - 2016-05-28 06:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-17 14:19 - 2016-05-28 06:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-17 14:19 - 2016-05-28 06:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-17 14:19 - 2016-05-28 06:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-17 14:19 - 2016-05-28 06:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-17 14:19 - 2016-05-28 06:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-17 14:19 - 2016-05-28 06:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-17 14:19 - 2016-05-28 06:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-17 14:19 - 2016-05-28 06:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-17 14:19 - 2016-05-28 06:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-17 14:19 - 2016-05-28 06:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-17 14:19 - 2016-05-28 06:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-17 14:19 - 2016-05-28 06:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-17 14:19 - 2016-05-28 06:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-17 14:19 - 2016-05-28 06:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-17 14:19 - 2016-05-28 06:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-17 14:19 - 2016-05-28 06:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-17 14:19 - 2016-05-28 06:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-17 14:19 - 2016-05-28 06:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-17 14:19 - 2016-05-28 06:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-17 14:19 - 2016-05-28 06:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-17 14:19 - 2016-05-28 06:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-17 14:19 - 2016-05-28 06:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-17 14:19 - 2016-05-28 06:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-17 14:19 - 2016-05-28 06:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-17 14:19 - 2016-05-28 06:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-17 14:19 - 2016-05-28 06:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-17 14:19 - 2016-05-28 06:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-17 14:19 - 2016-05-28 06:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-17 14:19 - 2016-05-28 06:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-17 14:19 - 2016-05-28 06:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-17 14:19 - 2016-05-28 06:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-17 14:19 - 2016-05-28 06:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-17 14:19 - 2016-05-28 06:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-17 14:19 - 2016-05-28 06:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-17 14:19 - 2016-05-28 06:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-17 14:19 - 2016-05-28 06:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-17 14:19 - 2016-05-28 06:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-17 14:19 - 2016-05-28 06:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-17 14:19 - 2016-05-28 06:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-17 14:19 - 2016-05-28 06:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-17 14:19 - 2016-05-28 06:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-17 14:19 - 2016-05-28 06:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-17 14:19 - 2016-05-28 06:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-17 14:19 - 2016-05-28 06:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-17 14:19 - 2016-05-28 06:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-17 14:19 - 2016-05-28 06:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-17 14:19 - 2016-05-28 06:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-17 14:19 - 2016-05-28 06:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-17 14:19 - 2016-05-28 06:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-17 14:19 - 2016-05-28 06:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-17 14:19 - 2016-05-28 06:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-17 14:19 - 2016-05-28 06:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-17 14:19 - 2016-05-28 06:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-17 14:19 - 2016-05-28 06:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-17 14:19 - 2016-05-28 06:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-17 14:19 - 2016-05-28 06:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-17 14:19 - 2016-05-28 06:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-17 14:19 - 2016-05-28 06:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-17 14:19 - 2016-05-28 06:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-17 14:19 - 2016-05-28 06:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-17 14:19 - 2016-05-28 06:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-17 14:19 - 2016-05-28 06:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-17 14:19 - 2016-05-28 06:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-17 14:19 - 2016-05-28 06:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-17 14:19 - 2016-05-28 06:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-17 14:19 - 2016-05-28 06:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-17 14:19 - 2016-05-28 06:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-17 14:19 - 2016-05-28 06:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-17 14:19 - 2016-05-28 06:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-17 14:19 - 2016-05-28 06:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-17 14:19 - 2016-05-28 06:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-17 14:19 - 2016-05-28 06:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-17 14:19 - 2016-05-28 06:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-17 14:19 - 2016-05-28 06:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-17 14:19 - 2016-05-28 06:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-17 14:19 - 2016-05-28 06:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-17 14:19 - 2016-05-28 06:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-17 14:19 - 2016-05-28 06:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-17 14:19 - 2016-05-28 06:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-17 14:19 - 2016-05-28 06:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-17 14:19 - 2016-05-28 06:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-17 14:19 - 2016-05-28 06:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-17 14:19 - 2016-05-28 06:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-17 14:19 - 2016-05-28 06:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-17 14:19 - 2016-05-28 06:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-17 14:19 - 2016-05-28 05:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-17 14:19 - 2016-05-28 05:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-17 14:19 - 2016-05-28 05:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-17 14:19 - 2016-05-28 05:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-17 14:19 - 2016-05-28 05:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-17 14:19 - 2016-05-28 05:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-17 14:19 - 2016-05-28 05:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-17 14:19 - 2016-05-28 05:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-17 14:19 - 2016-05-28 05:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-14 20:37 - 2016-06-14 20:37 - 00029901 _____ C:\Users\W7\Desktop\kalkulatormob.php
2016-06-14 20:35 - 2016-06-14 20:36 - 00029901 _____ C:\Users\W7\Desktop\kalkulatormob.html
2016-06-14 20:30 - 2016-06-14 20:34 - 00001222 _____ C:\Users\W7\Desktop\stylemob.css
2016-06-14 20:28 - 2016-06-14 20:36 - 00001749 _____ C:\Users\W7\Desktop\zadavanimob.html
2016-06-13 21:24 - 2016-06-13 21:24 - 00000385 _____ C:\Users\W7\Desktop\404.html
2016-06-13 20:12 - 2016-06-13 20:12 - 00001340 _____ C:\Users\W7\Desktop\style.css
2016-06-13 18:42 - 2016-06-15 15:44 - 00000000 ____D C:\Users\W7\AppData\Local\OfficeBSCache-OD-jirkasta@centrum.cz

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-07 22:10 - 2016-02-20 10:43 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-07 21:29 - 2016-06-06 17:19 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-07 20:27 - 2015-10-30 20:31 - 00750030 _____ C:\WINDOWS\system32\perfh005.dat
2016-07-07 20:27 - 2015-10-30 20:31 - 00150654 _____ C:\WINDOWS\system32\perfc005.dat
2016-07-07 20:27 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-07 20:27 - 2015-09-23 15:29 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-07 20:25 - 2016-02-06 22:16 - 00000000 ____D C:\Users\W7\AppData\Local\LogMeIn Hamachi
2016-07-07 20:24 - 2016-06-06 17:19 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-07 20:22 - 2015-12-20 15:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-07 20:21 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-07 20:20 - 2016-04-28 18:30 - 00000000 ____D C:\WINDOWS\system32\log
2016-07-07 19:02 - 2015-09-23 18:34 - 00004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B38BA62-AC3C-4ACC-A775-DF79BFDA5197}
2016-07-07 18:29 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-07 13:01 - 2015-12-20 15:24 - 00000000 ____D C:\Users\W7
2016-07-07 13:01 - 2015-10-15 20:54 - 00000000 ____D C:\Users\W7\AppData\Roaming\Skype
2016-07-07 13:00 - 2016-03-24 14:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-07 13:00 - 2015-10-15 20:54 - 00000000 ____D C:\ProgramData\Skype
2016-07-07 12:35 - 2016-03-05 00:19 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-07 12:35 - 2016-02-28 15:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-07 12:35 - 2016-02-28 15:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-07 12:35 - 2015-12-19 18:32 - 591053247 _____ C:\WINDOWS\MEMORY.DMP
2016-07-07 12:35 - 2015-11-18 20:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-06 22:13 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-05 22:55 - 2015-09-23 15:26 - 00000000 ____D C:\Users\W7\AppData\Local\Packages
2016-07-05 22:05 - 2016-05-25 21:36 - 00000000 ____D C:\WINDOWS\SysWOW64\_tWm
2016-07-04 21:19 - 2016-01-22 13:44 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-01 20:22 - 2015-12-21 14:08 - 00000000 ____D C:\Users\W7\AppData\Roaming\Audacity
2016-07-01 18:18 - 2016-05-14 21:59 - 00054547 _____ C:\Users\W7\Desktop\OpenRailsLog.txt
2016-07-01 18:07 - 2016-05-14 21:56 - 00000000 ____D C:\Users\W7\AppData\Roaming\Open Rails
2016-07-01 14:57 - 2015-09-23 15:34 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-06-23 22:47 - 2016-02-28 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-21 15:07 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-21 15:07 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-21 15:06 - 2015-12-11 14:12 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-20 20:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-18 07:39 - 2015-08-21 20:46 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-18 07:36 - 2016-02-06 22:16 - 00000995 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-06-18 07:32 - 2015-12-20 15:23 - 00382120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-17 23:02 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-17 23:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-17 23:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-17 20:56 - 2015-09-29 16:03 - 00000000 ____D C:\Users\W7\AppData\Roaming\uTorrent
2016-06-17 20:31 - 2016-06-06 17:21 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 20:18 - 2016-05-15 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Čáslav-Třemošnice
2016-06-17 18:26 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-17 18:25 - 2015-09-23 18:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-17 18:21 - 2015-09-23 18:17 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-17 17:13 - 2016-01-22 14:16 - 00000000 ____D C:\Users\W7\Documents\Euro Truck Simulator 2
2016-06-14 20:33 - 2015-10-30 09:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 20:33 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 19:26 - 2014-04-26 21:30 - 00000000 ____D C:\Users\W7\.gimp-2.8
2016-06-13 19:25 - 2015-10-02 23:21 - 00000000 ____D C:\Users\W7\AppData\Local\gtk-2.0
2016-06-09 16:24 - 2016-03-19 21:08 - 00000000 ____D C:\ProgramData\Oracle
2016-06-09 16:14 - 2016-03-19 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-09 16:14 - 2016-03-19 21:08 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-09 16:13 - 2016-03-19 21:08 - 00097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-06-09 16:13 - 2015-09-10 19:52 - 00000000 ____D C:\Users\W7\.oracle_jre_usage
2016-06-07 13:44 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-06-07 13:34 - 2016-04-28 18:29 - 00000000 ____D C:\ProgramData\uckt
2016-06-07 13:32 - 2016-05-27 13:13 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-06-07 13:26 - 2016-04-28 18:30 - 00002366 _____ C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2015-11-15 23:52 - 2016-04-16 14:58 - 0000000 _____ () C:\Users\W7\AppData\Roaming\FileIn.cns
2015-11-15 23:52 - 2016-04-16 14:58 - 0000000 _____ () C:\Users\W7\AppData\Roaming\FileOut.cns
2016-01-11 01:52 - 2016-01-11 01:52 - 0003584 _____ () C:\Users\W7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-30 18:32 - 2015-09-30 18:32 - 0000058 _____ () C:\Users\W7\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2016-06-22 22:23 - 2016-06-22 22:23 - 0001361 _____ () C:\Users\W7\AppData\Local\recently-used.xbel
2015-10-24 12:55 - 2016-05-06 15:44 - 0007603 _____ () C:\Users\W7\AppData\Local\resmon.resmoncfg
2015-12-20 15:23 - 2015-12-20 15:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-12-07 22:18 - 2015-12-07 22:18 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\W7\AppData\Local\Temp\AcDeltree.exe
C:\Users\W7\AppData\Local\Temp\bitool.dll
C:\Users\W7\AppData\Local\Temp\drm_dialogs.dll
C:\Users\W7\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\W7\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\W7\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\W7\AppData\Local\Temp\i4jdel0.exe
C:\Users\W7\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\W7\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\W7\AppData\Local\Temp\libeay32.dll
C:\Users\W7\AppData\Local\Temp\msvcr120.dll
C:\Users\W7\AppData\Local\Temp\ReimagePackage.exe
C:\Users\W7\AppData\Local\Temp\SkypeSetup.exe
C:\Users\W7\AppData\Local\Temp\sqlite3.dll
C:\Users\W7\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-29 18:28

==================== End of FRST.txt ============================

Re: Virus COM Surrogate?

Napsal: 07 črc 2016 21:41
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\W7\AppData\Local\Akamai\netsession_win.exe"
C:\Users\W7\AppData\Local\Akamai
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\DP45977C.lfl
C:\Users\W7\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Virus COM Surrogate?

Napsal: 07 črc 2016 21:58
od jiri.s
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by W7 (2016-07-07 22:51:02) Run:1
Running from C:\Users\W7\Desktop
Loaded Profiles: W7 (Available Profiles: W7)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\W7\AppData\Local\Akamai\netsession_win.exe"
C:\Users\W7\AppData\Local\Akamai
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\DP45977C.lfl
C:\Users\W7\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully
"C:\Users\W7\AppData\Local\Akamai" => not found.
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\W7\AppData\Local\Temp" folder move:

Could not move "C:\Users\W7\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-07 22:53:23)

C:\Users\W7\AppData\Local\Temp => moved successfully

==== End of Fixlog 22:53:24 ====

Ozval se Upload Center MSO, že došlo k chybě při přístupu k mezipaměti.

Re: Virus COM Surrogate?

Napsal: 08 črc 2016 07:55
od Rudy
Mazali jsme jen zbytečnosti a nedůvěryhodné položky. Udělejte ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Virus COM Surrogate?

Napsal: 09 črc 2016 09:43
od jiri.s
Našel 19 potencionálně nežádoucích programů:
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 9.7.2016
Čas skenování: 10:34
Protokol: vysledek.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.07.09.04
Databáze rootkitů: v2016.05.27.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: W7

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 368732
Uplynulý čas: 5 min, 26 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 8
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0198C0DD-B96D-4CD2-AE28-E02E12871E82}, , [b741b56c2278b383531b20d832d1837d],
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0F4C406E-310A-4B17-82D5-7BB1BD46D5B7}, , [a553cb563a60dc5a9ecf0bede81b6898],
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BDBBA6CB-2666-4503-9163-407EAC97A51D}, , [8672c65b03973303e9843fb9ce3535cb],
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ceQeekgBrowserUpdateCore, , [43b553ce8812de58acc3bc3c58abb24e],
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ceQeekgBrowserUpdateUA, , [c3358899782291a589e637c1af54ed13],
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ceQeekgCheckTask, , [2eca2ff266343402f37dec0ce41f7090],
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, , [a850b170a4f67db90becd0d9996b7789],
PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CKTSVC, , [f70147dad7c3af8769924e7cda28fb05],

Hodnoty registru: 8
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0198C0DD-B96D-4CD2-AE28-E02E12871E82}|Path, \ceQeekgCheckTask, , [b741b56c2278b383531b20d832d1837d]
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0F4C406E-310A-4B17-82D5-7BB1BD46D5B7}|Path, \ceQeekgBrowserUpdateCore, , [a553cb563a60dc5a9ecf0bede81b6898]
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BDBBA6CB-2666-4503-9163-407EAC97A51D}|Path, \ceQeekgBrowserUpdateUA, , [8672c65b03973303e9843fb9ce3535cb]
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEqA3Ul ... =ffsengext, , [a850b170a4f67db90becd0d9996b7789]
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEqA3Ul ... =ffsengext, , [16e2968bd9c12016f304abfed82cf50b]
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?u ... =ffsengext, , [fdfb071aacee0432b443cbdee02424dc]
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?u ... toolbar&q=, , [3abe051c207a8da97087bdecee167888]
PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CKTSVC|ImagePath, "C:\Program Files (x86)\Uncheckit\cktSvc.exe" {92E162D7-70FD-48F7-A779-91154F8FD518}, , [f70147dad7c3af8769924e7cda28fb05]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 3
PUP.Optional.Ghokswa.Gen, C:\Windows\System32\Tasks\ceQeekgBrowserUpdateCore, , [24d48d942e6ce84ef376c434ea1906fa],
PUP.Optional.Ghokswa.Gen, C:\Windows\System32\Tasks\ceQeekgBrowserUpdateUA, , [7187ed34d7c3b68078f18573e51e43bd],
PUP.Optional.Ghokswa.Gen, C:\Windows\System32\Tasks\ceQeekgCheckTask, , [fcfc26fb26744de980eacb2dcd36b14f],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: Virus COM Surrogate?

Napsal: 09 črc 2016 10:08
od Rudy
Všechny nálezy smažte.

Re: Virus COM Surrogate?

Napsal: 09 črc 2016 10:22
od jiri.s
Všechny nálezy byly smazány. Bohužel však problém s COM Surrogate stále přetrvává. :( Zašlu i screen okna: https://ctrlv.cz/UFIM
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz