Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosim o kontrolu PC

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
jajko
Návštěvník
Návštěvník
Příspěvky: 88
Registrován: 10 črc 2009 19:47

Prosim o kontrolu PC

#1 Příspěvek od jajko »

Logfile of random's system information tool 1.10 (written by random/random)
Run by PC at 2016-07-19 15:41:08
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 20 GB (14%) free of 145 GB
Total RAM: 4095 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:41:14, on 19. 7. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-search.com/?affID=1201 ... 158307c8ba
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download Using &BitSpirit - D:\Programy E\BitSpirit\bsurl.htm
O8 - Extra context menu item: Download With Album Copier - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programy\ICQ7.2\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programy\ICQ7.2\ICQ.exe (file missing)
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - D:\Programy\icq\ICQ7.4\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - D:\Programy\icq\ICQ7.4\ICQ.exe (file missing)
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {208413D2-71EE-4052-9C8B-A4F8C6278E64} - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm (HKCU)
O9 - Extra 'Tools' menuitem: Download With Album Copier - {208413D2-71EE-4052-9C8B-A4F8C6278E64} - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - E:\Programy\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11647 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
taskeng.exe {98555708-8A6D-4F97-A64A-A04ECC36D7D5}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
taskeng.exe {3B7127E2-B681-4207-8638-9F298BFECE9C}
"C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe" --autorun
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
WLIDSvcM.exe 2480
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\DllHost.exe /Processid:{B366DEBE-645B-43A5-B865-DDD82C345492}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\PC\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=51.0.2704.103 --handshake-handle=0xd4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableMediaRouter/Disabled/ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Unused_1/OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledIdleConnectionTimeoutJuly/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/ResourcePriorities/Launch25PermanentB_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --type=gpu-process --channel="3692.0.817752270\457599229" --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,10,12,13,25,54 --gpu-vendor-id=0x1002 --gpu-device-id=0x68d9 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=15.200.1062.1004 --mojo-platform-channel-handle=1088 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_1/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledIdleConnectionTimeoutJuly/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentB_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=C7654D331799B9A63ECE29C73B16EB8B --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3692.2.502613947\614925142" --mojo-platform-channel-handle=2592 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_1/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledIdleConnectionTimeoutJuly/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentB_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=488A68D71CC11477EB746EE10563ED78 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3692.3.1500207703\1704262255" --mojo-platform-channel-handle=1780 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_1/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledIdleConnectionTimeoutJuly/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentB_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=E5D969E1D5D75525E40B3737D0766C4A --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3692.4.1655970777\857996965" --mojo-platform-channel-handle=3656 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_1/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledIdleConnectionTimeoutJuly/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentB_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=77D6B79D925BF460A129AA5C3AF2F2C0 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3692.5.1138480996\1092990109" --mojo-platform-channel-handle=3752 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_1/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledIdleConnectionTimeoutJuly/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentB_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=98F959F36BCD0E3DB38E73F8DCAE2714 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3692.6.1064767451\547677881" --mojo-platform-channel-handle=3840 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_1/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledIdleConnectionTimeoutJuly/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentB_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=635DFA8BAFE8D181E771E8B678AB3B00 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3692.7.1104498777\561807992" --mojo-platform-channel-handle=3840 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_1/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledIdleConnectionTimeoutJuly/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentB_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=2B9C1A22DC8A2A9BDA109CBE14BCBA29 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3692.8.492287596\1550293540" --mojo-platform-channel-handle=4028 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_1/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledIdleConnectionTimeoutJuly/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentB_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=F93F66A1B87C45048683AD3274CEBDFE --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3692.9.1564022113\2018358480" --mojo-platform-channel-handle=4124 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_1/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledIdleConnectionTimeoutJuly/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentB_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=841A546547DB1E6A041850C66092AD01 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3692.10.2071477231\1275981002" --mojo-platform-channel-handle=4144 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_1/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledIdleConnectionTimeoutJuly/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentB_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=0073981D10722D7A3F113079BAD2F110 --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3692.11.1081069180\264941382" --mojo-platform-channel-handle=4244 /prefetch:1
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_1/*OutOfProcessPac/Default/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledIdleConnectionTimeoutJuly/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentB_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_21/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=E870317F1D8A5A7EEB2C6BC06E965527 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3692.42.423999747\1062592908" --mojo-platform-channel-handle=8628 /prefetch:1
taskeng.exe {3CE5DAC3-6A68-4DA0-BAF9-53B96EA24627}
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\wuauclt.exe"

"C:\Users\PC\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DriverToolkit Autorun.job - C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe --autorun
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HP Photo Creations Communicator.job - C:\ProgramData\HP Photo Creations\Communicator.exe --auto
C:\Windows\tasks\PC SpeedUp Service Deactivator.job - C:\Program Files (x86)\Zrychlenie PC\PCSUSD.exe /dev0 /idle

=========Mozilla firefox=========

ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nnggvj24.default-1467741386556

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5]
"Description"=A component of your photo software powered by RocketLife
"Path"=C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
ffxtlbr@babylon.com

C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
libdivx.dll
np-mswmp.dll
npdivx32.dll
npdivx32.xpt
NPLV82Win32.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
ssldivx.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25 2111616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-04 381656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-09 462400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25 1637504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-08-08 1527496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-09 173120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{EEE6C35B-6118-11DC-9C72-001320C79847}
{98889811-442D-49dd-99D7-DC866BE87DBC}
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-08-08 1527496]
{9E131A93-EED7-4BEB-B015-A0ADB30B5646}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25 1110232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21 472992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCEPServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [2013-05-16 1039240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-08-08 1644744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\Windows\ZSSnp211.exe [2007-04-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
D:\Programy\CloneCD\CloneCDTray.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
E:\Programy\DAEMON Tools Lite\DTLite.exe [2015-02-26 5583120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
C:\Windows\Domino.exe [2006-08-18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_73B90D4D0D4A45E4E1249D0D8EDB5EB0]
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2016-06-15 941720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
D:\Programy\hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
C:\Program Files (x86)\Zrychlenie PC\PCSUNotifier.exe [2015-06-29 354760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-05-17 53123712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
E:\Programy E\steam\steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01 596504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator]
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
E:\Programy E\PowerDirector\MUITransfer\MUIStartMenu.exe E:\Programy E\PowerDirector UpdateWithCreateOnce Software\CyberLink\PowerDirector\7.0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Aktualizovat ESET licenci.lnk]
C:\PROGRA~2\ESET\MINODL~1\MINODL~1.EXE -u -d 10000 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\ASUS\BLUETO~1\BTTray.exe [2012-12-06 1393528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk]
E:\PROGRA~1\RIOTGA~1\LOLREP~1\LOLREC~1.EXE -minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
C:\PROGRA~2\MICROS~1\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"NPSStartup"= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01 596504]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-08-04 767176]
"PlaysTV"=C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [2016-07-13 71440]
"Raptr"=C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [2016-07-14 58640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~3\bitguard\271769~1.27\{16cdf~1\loader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2014-06-28 275360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luckyleapuninstall.exe]
"Debugger=""C:\Program Files (x86)\Zrychlenie PC\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sqlite3.exe]
"Debugger=""C:\Program Files (x86)\Zrychlenie PC\PCSUSD.exe" /debugexe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-07-19 15:41:08 ----D---- C:\rsit
2016-07-19 15:41:08 ----D---- C:\Program Files\trend micro
2016-07-17 13:47:00 ----A---- C:\Windows\system32\drivers\nvmfdx64.sys
2016-07-17 13:47:00 ----A---- C:\Windows\system32\drivers\nvm62x64.sys
2016-07-17 13:43:07 ----D---- C:\ProgramData\ATI
2016-07-17 13:42:30 ----D---- C:\Users\PC\AppData\Roaming\PlaysTV
2016-07-17 13:40:54 ----D---- C:\Program Files (x86)\Raptr Inc
2016-07-17 13:26:37 ----D---- C:\Program Files (x86)\AMD
2016-07-17 13:25:54 ----SHD---- C:\Config.Msi
2016-07-17 13:24:04 ----D---- C:\Program Files (x86)\DriverToolkit

======List of files/folders modified in the last 1 month======

2016-07-19 15:41:09 ----D---- C:\Windows\Temp
2016-07-19 15:41:08 ----RD---- C:\Program Files
2016-07-19 15:26:09 ----D---- C:\Windows\system32\config
2016-07-19 11:26:42 ----D---- C:\Users\PC\AppData\Roaming\DAEMON Tools Lite
2016-07-18 22:59:41 ----D---- C:\Users\PC\AppData\Roaming\uTorrent
2016-07-18 22:59:31 ----D---- C:\Users\PC\AppData\Roaming\Skype
2016-07-18 21:12:51 ----RD---- C:\Program Files (x86)
2016-07-18 19:49:45 ----AD---- C:\Windows
2016-07-18 16:29:45 ----D---- C:\Windows\SoftwareDistribution
2016-07-17 23:56:40 ----D---- C:\Windows\inf
2016-07-17 16:11:05 ----SHD---- C:\System Volume Information
2016-07-17 15:48:47 ----D---- C:\Windows\Microsoft.NET
2016-07-17 15:36:14 ----D---- C:\Users\PC\AppData\Roaming\Media Player Classic
2016-07-17 14:03:18 ----D---- C:\Windows\SysWOW64
2016-07-17 14:03:18 ----D---- C:\Windows\System32
2016-07-17 14:02:19 ----D---- C:\Windows\system32\catroot
2016-07-17 13:59:03 ----D---- C:\Windows\Tasks
2016-07-17 13:59:03 ----D---- C:\Windows\system32\Tasks
2016-07-17 13:47:03 ----D---- C:\Windows\system32\drivers
2016-07-17 13:43:17 ----D---- C:\Users\PC\AppData\Roaming\Raptr
2016-07-17 13:43:07 ----HD---- C:\ProgramData
2016-07-17 13:41:23 ----D---- C:\Program Files (x86)\Raptr
2016-07-17 13:39:45 ----SHD---- C:\Windows\Installer
2016-07-17 13:39:09 ----D---- C:\Program Files\AMD
2016-07-17 13:38:35 ----D---- C:\ProgramData\AMD
2016-07-17 13:37:56 ----D---- C:\Program Files\ATI Technologies
2016-07-17 13:30:45 ----D---- C:\Windows\system32\DriverStore
2016-07-17 13:26:17 ----D---- C:\ProgramData\Package Cache
2016-07-17 13:23:45 ----D---- C:\AMD
2016-07-17 12:53:02 ----D---- C:\Program Files (x86)\Zrychlenie PC
2016-07-16 22:30:49 ----D---- C:\Users\PC\AppData\Roaming\TS3Client
2016-07-14 18:34:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-07-14 18:34:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2016-07-13 14:56:07 ----D---- C:\Users\PC\AppData\Roaming\Battle.net
2016-07-13 12:23:49 ----D---- C:\Program Files (x86)\Google
2016-07-12 15:34:21 ----D---- C:\Windows\system32\Macromed
2016-07-12 15:34:11 ----D---- C:\Windows\SYSWOW64\Macromed
2016-07-05 09:50:09 ----D---- C:\Windows\system32\catroot2
2016-07-02 16:15:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-07-02 16:13:53 ----D---- C:\Windows\Prefetch
2016-07-01 23:06:58 ----D---- C:\Users\PC\AppData\Roaming\vlc
2016-07-01 22:42:14 ----A---- C:\Windows\NeroDigital.ini
2016-06-23 22:43:35 ----D---- C:\Users\PC\AppData\Roaming\Spotify

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-12-29 834544]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R2 rzpmgrk;rzpmgrk; \??\C:\Windows\system32\drivers\rzpmgrk.sys [2014-11-01 37184]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-08-04 21622784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-08-04 665088]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2015-07-15 96256]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2012-09-24 165688]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-12-03 598808]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-05-01 184144]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2012-03-06 210984]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-03-06 21544]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-03-13 30352]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-08-12 350952]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-01-07 82816]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 vvftav211;vvftav211; C:\Windows\system32\drivers\vvftav211.sys [2007-12-10 308224]
S1 FileDisk;FileDisk; C:\Windows\system32\drivers\FileDisk.sys []
S2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys []
S3 AF9035HB;AF9035 Hybrid Device; C:\Windows\System32\Drivers\AF9035HB.sys [2011-01-31 907904]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-02-22 102936]
S3 ESETCleanersDriver;ESET Cleaner Service; \??\C:\Windows\system32\Drivers\ESETCleanersDriver.sys [2016-06-19 170280]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver; C:\Windows\system32\DRIVERS\evolve.sys [2015-09-25 21656]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 132608]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-04-09 116864]
S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 116096]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2010-08-12 350952]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2013-02-22 203544]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM); C:\Windows\system32\drivers\vasdDev.sys [2012-03-19 1454896]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2014-05-16 141600]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-06-25 82128]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-05-25 1364096]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-05-25 1687680]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-03-23 327808]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14 270016]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; E:\Programy\DAEMON Tools Lite\DiscSoftBusService.exe [2015-02-26 1272592]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-11-09 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-06-10 146888]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2016-01-09 3916368]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-07-01 1450064]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-11 1255736]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-08-04 246784]
S4 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-08-04 344064]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 btwdins;Bluetooth Service; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [2012-12-06 1005944]
S4 EvoSvc;Evolve Service; C:\Program Files\Echobit\Evolve\EvoSvc.exe [2015-09-25 1583488]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-09-05 654848]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S4 chromoting;Služba Vzdialená plocha Chrome; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [2016-06-20 76616]
S4 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 LkCitadelServer;Lookout Citadel Server; C:\Windows\SysWOW64\lkcitdl.exe [2007-01-22 695136]
S4 lkClassAds;National Instruments PSP Server Locator; C:\Windows\SysWOW64\lkads.exe [2007-02-14 56096]
S4 lkTimeSync;National Instruments Time Synchronization; C:\Windows\SysWOW64\lktsrv.exe [2007-02-14 64288]
S4 LolScreenSaverService;League Screensaver; E:\tomas\LolScreenSaver\service\service.exe [2016-03-30 707072]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 niSvcLoc;NI Service Locator; C:\Windows\SysWOW64\nisvcloc.exe [2007-02-21 56096]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S4 PCSUService;PC Speed Up Service; C:\Program Files (x86)\Zrychlenie PC\PCSUService.exe [2015-06-29 445384]
S4 PlaysService;Plays.tv Update Service; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [2016-07-13 32528]
S4 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
S4 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2013-09-13 337776]
S4 Razer Game Scanner Service;Razer Game Scanner; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-11-01 183488]
S4 SCService;SpeedChecker Service; C:\Program Files (x86)\Zrychlenie PC\SpeedCheckerService.exe [2016-01-21 67232]
S4 tor;Tor Win32 Service; C:\Program Files (x86)\Tor\tor.exe --nt-service -ControlPort 9051 []
S4 TunngleService;TunngleService; E:\Programy\Tunngle\TnglCtrl.exe [2015-08-27 800208]

-----------------EOF-----------------
Nahoru
jajko
Návštěvník
Návštěvník
Příspěvky: 88
Registrován: 10 črc 2009 19:47

Re: Prosim o kontrolu PC

#2 Příspěvek od jajko »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2016
Ran by PC (administrator) on PC-TOMJAK (19-07-2016 16:14:52)
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [4035152 2011-09-22] (ESET)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-07-13] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-07-14] (Raptr, Inc)
HKU\S-1-5-21-1732022708-3317739241-618183903-1000\...\MountPoints2: {153aa548-10c7-11e0-bc05-00158307c8ba} - J:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1732022708-3317739241-618183903-1000\...\MountPoints2: {153aa55a-10c7-11e0-bc05-00158307c8ba} - J:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1732022708-3317739241-618183903-1000\...\MountPoints2: {35c52aec-fe42-11d5-8813-000272d675a5} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1732022708-3317739241-618183903-1000\...\MountPoints2: {c352b6df-681a-11e5-80aa-000272d675a5} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1732022708-3317739241-618183903-1000\...\MountPoints2: {cc17f573-c97b-11e4-8c47-000272d675a5} - F:\setup.exe
IFEO\luckyleapuninstall.exe: [Debugger] "C:\Program Files (x86)\Zrychlenie PC\PCSUSD.exe" /debugexe
IFEO\sqlite3.exe: [Debugger] "C:\Program Files (x86)\Zrychlenie PC\PCSUSD.exe" /debugexe
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{51642872-6B47-42AD-BE7B-65900F25B4E2}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
URLSearchHook: HKU\S-1-5-21-1732022708-3317739241-618183903-1000 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-04] (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-09] (Oracle Corporation)
BHO-x32: Pomocník pri prihlasovaní v konte Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-09] (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nnggvj24.default-1467741386556
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-02-04] (RealNetworks, Inc.)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-18] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1732022708-3317739241-618183903-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1732022708-3317739241-618183903-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2012-10-15] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll [2009-05-01] (The OpenSSL Project, http://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll [2007-02-08] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll [2009-05-01] (The OpenSSL Project, http://www.openssl.org/)
FF Extension: Adblock Plus - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nnggvj24.default-1467741386556\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-05]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-02-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [albumcopier@biro.solutions] - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\FirefoxExtensions\albumcopier
FF Extension: Biro Solutions Album Copier - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\FirefoxExtensions\albumcopier [2012-05-01] [not signed]
FF HKLM-x32\...\Mozilla Firefox 3.5\Extensions: [albumcopier@biro.solutions] - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\FirefoxExtensions\albumcopier
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2015-01-05] [not signed]

Chrome:
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Turn Off the Lights) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-06-26]
CHR Extension: (Adblock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Fabulous for Facebook) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehhfialhajmaoobgcjlfmphcfphfpkkg [2014-10-30]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-23]
CHR Extension: (Translate Selected Text) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbimffnjoeobhjhochngikepgfejjmgj [2016-06-30]
CHR Extension: (PhotoLive - Download Facebook Photos!) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpjnpabklnaaifclgealaepelncljadk [2014-09-24]
CHR Extension: (AdBlock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-17]
CHR Extension: (Color Changer for Facebook) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnafahpcndghkcdngfombklgpffkehmg [2015-01-12]
CHR Extension: (Last.fm Scrobbler) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2016-03-24]
CHR Extension: (Extension Details) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom [2014-08-23]
CHR Extension: (WhatFont) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2016-06-17]
CHR Extension: (Downloads) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2014-09-24]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-08-23]
CHR Extension: (Soundcloud Scrobbler) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpeffoigdfgjdbbijlaaodoicejjbpcg [2014-09-22]
CHR Extension: (Turn Off the Lights) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2014-11-09]
CHR Extension: (Ashish Mishra) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2014-09-24]
CHR Extension: (Save to Pocket) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-07-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (KMPlayer Toolbar) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj [2015-01-07] [UpdateUrl: hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php] <==== ATTENTION
CHR Extension: (Prezentácie Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-07]
CHR Extension: (Dokumenty Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-07]
CHR Extension: (Disk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-07]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07]
CHR Extension: (Hľadať v Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07]
CHR Extension: (Claro Toolbar) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcillohgikpecbmgioknapdpcjofaafl [2015-01-07] [UpdateUrl: hxxp://img.claro-search.com/ext/chrome/update/update-claro.xml] <==== ATTENTION
CHR Extension: (Tabuľky Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-07]
CHR Extension: (Vzdialená plocha Chrome) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-01-07]
CHR Extension: (AdBlock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-07]
CHR Extension: (Extension Details) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom [2015-01-07]
CHR Extension: (SweetIM for Facebook) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2015-01-07]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-01-07]
CHR Extension: (Skype Click to Call) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-07]
CHR Extension: (Peňaženka Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07]
CHR Extension: (Vid-Saver) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc [2015-01-07] [UpdateUrl: hxxps://crossrider.cotssl.net/plugin/chrome/update/3491.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07]
CHR HKLM-x32\...\Chrome\Extension: [aaaaoggiphohkihibdkcnhnokmkfmhnj] - C:\Users\PC\AppData\Local\APN\GoogleCRXs\aaaaoggiphohkihibdkcnhnokmkfmhnj_7.15.4.0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-02-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S4 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2012-12-06] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S4 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Spoločnosť Google Inc.)
S3 Disc Soft Lite Bus Service; E:\Programy\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET)
S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-09-25] (Echobit LLC)
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-09-05] (Macrovision Europe Ltd.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2007-01-22] (National Instruments, Inc.)
S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [56096 2007-02-14] (National Instruments, Inc.)
S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [64288 2007-02-14] (National Instruments, Inc.)
S4 LolScreenSaverService; E:\tomas\LolScreenSaver\service\service.exe [707072 2016-03-30] () [File not signed]
S4 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG)
S4 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe [56096 2007-02-21] (National Instruments Corp.)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S4 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-07-13] (Plays.tv, LLC)
S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-11-01] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TunngleService; E:\Programy\Tunngle\TnglCtrl.exe [800208 2015-08-27] (Tunngle.net GmbH) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 tor; "C:\Program Files (x86)\Tor\tor.exe" --nt-service "-ControlPort" "9051" [X]
S4 WinHttpAutoProxySvc; winhttp.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF9035HB; C:\Windows\System32\Drivers\AF9035HB.sys [907904 2011-01-31] (ITE Technologies )
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-13] (Disc Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2016-06-19] (ESET)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-09-25] (Echobit, LLC)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
S1 FileDisk; C:\Windows\SysWow64\Drivers\FileDisk.sys [10556 2004-06-09] (Bo Brantén)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-11-01] (Razer, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-29] () [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203544 2013-02-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
R3 vvftav211; C:\Windows\System32\drivers\vvftav211.sys [308224 2007-12-10] (Vimicro Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R3 ZSMC30x; C:\Windows\System32\Drivers\ZS211.sys [1491712 2007-12-13] (ZSMC.Corporation)
U3 ahpihaib; no ImagePath
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-19 16:13 - 2016-07-19 16:13 - 00033071 _____ C:\Users\PC\Desktop\Addition.txt
2016-07-19 16:11 - 2016-07-19 16:14 - 00027080 _____ C:\Users\PC\Desktop\FRST.txt
2016-07-19 16:10 - 2016-07-19 16:14 - 00000000 ____D C:\FRST
2016-07-19 15:55 - 2016-07-19 15:57 - 00000000 ____D C:\AdwCleaner
2016-07-19 15:55 - 2016-07-19 15:55 - 03712064 _____ C:\Users\PC\Downloads\AdwCleaner.exe
2016-07-19 15:53 - 2016-07-19 15:53 - 02391552 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2016-07-19 15:41 - 2016-07-19 15:41 - 00000000 ____D C:\rsit
2016-07-19 15:41 - 2016-07-19 15:41 - 00000000 ____D C:\Program Files\trend micro
2016-07-19 15:40 - 2016-07-19 15:41 - 01222144 _____ C:\Users\PC\Downloads\RSITx64.exe
2016-07-18 17:54 - 2016-07-18 19:39 - 00000000 ____D C:\Users\PC\Downloads\Windows 8 .1 Pro Retail x64 En Us
2016-07-18 16:30 - 2016-07-18 16:31 - 28911494 _____ C:\Users\PC\Downloads\Windows6.1-KB3161608-x64.msu
2016-07-18 16:30 - 2016-07-18 16:30 - 18121553 _____ C:\Users\PC\Downloads\Windows6.1-KB3161608-x86.msu
2016-07-18 16:29 - 2016-07-18 16:29 - 03328910 _____ C:\Users\PC\Downloads\Windows6.1-KB3102810-x64.msu
2016-07-18 11:31 - 2016-07-18 11:31 - 00313366 _____ C:\Users\PC\Downloads\WindowsUpdateDiagnostic.diagcab
2016-07-18 00:17 - 2016-07-18 00:31 - 120155450 _____ C:\Users\PC\Downloads\Prago-Union-Smrt-Žije.7z
2016-07-18 00:07 - 2016-07-18 00:17 - 85533317 _____ C:\Users\PC\Downloads\Logic---Ze-dna.rar
2016-07-17 23:42 - 2016-07-17 23:49 - 121731694 _____ C:\Users\PC\Downloads\Bonobo---Black-Sands-[mp3-320-2010].rar
2016-07-17 23:13 - 2016-07-17 23:13 - 00021825 _____ C:\Users\PC\Downloads\[kat.cr]dj.shadow.the.mountain.will.fall.2016.mp3.320kbps.torrent
2016-07-17 23:13 - 2016-07-17 23:13 - 00013904 _____ C:\Users\PC\Downloads\[kat.cr]dj.shadow.reconstructed.the.best.of.dj.shadow.deluxe.edition.album.2012.torrent
2016-07-17 13:47 - 2010-08-12 13:07 - 00350952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvm62x64.sys
2016-07-17 13:47 - 2010-08-12 13:07 - 00344680 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmfdx64.sys
2016-07-17 13:43 - 2016-07-17 13:43 - 00824134 _____ C:\Users\PC\Downloads\314da8b149260c7d28949313c3f173ad.zip
2016-07-17 13:43 - 2016-07-17 13:43 - 00000000 ____D C:\ProgramData\ATI
2016-07-17 13:42 - 2016-07-19 16:00 - 00000000 ____D C:\Users\PC\AppData\Roaming\PlaysTV
2016-07-17 13:42 - 2016-07-17 13:42 - 00002019 _____ C:\Users\Public\Desktop\Raptr.lnk
2016-07-17 13:42 - 2016-07-17 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
2016-07-17 13:42 - 2016-07-17 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-07-17 13:40 - 2016-07-17 13:41 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-07-17 13:39 - 2016-07-17 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-07-17 13:26 - 2016-07-17 13:26 - 00124703 _____ C:\Users\PC\Downloads\netnvm32.inf_x86_71879814f34d8995.zip
2016-07-17 13:26 - 2016-07-17 13:26 - 00000000 ____D C:\Program Files (x86)\AMD
2016-07-17 13:24 - 2016-07-17 13:24 - 00001067 _____ C:\Users\Public\Desktop\DriverToolkit.lnk
2016-07-17 13:21 - 2016-07-17 13:21 - 02449376 _____ (Megaify Software ) C:\Users\PC\Downloads\DriverToolkitInstaller.exe
2016-07-17 13:19 - 2016-07-17 13:19 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\PC\Downloads\autodetectutility.exe
2016-07-15 20:14 - 2016-07-15 20:31 - 150655901 _____ C:\Users\PC\Downloads\Prago-Union---Smrt-zije--(2016).7z
2016-07-12 22:04 - 2016-07-12 22:04 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Blizzard Entertainment
2016-07-08 14:12 - 2016-07-08 14:12 - 01969769 _____ C:\Users\PC\Documents\kinetic.mp4
2016-07-08 14:06 - 2016-07-08 14:16 - 00328240 _____ C:\Users\PC\Downloads\TechnoClassic - Rock It.mp3.sfk
2016-07-08 14:06 - 2016-07-08 14:16 - 00322920 _____ C:\Users\PC\Downloads\Dj Sona Kinetic - Login Screen.mp4.sfk
2016-07-08 14:04 - 2016-07-08 14:06 - 36245705 _____ C:\Users\PC\Downloads\Dj Sona Kinetic - Login Screen.mp4
2016-07-06 17:15 - 2016-07-13 17:15 - 00003348 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2016-07-05 23:47 - 2016-07-06 00:04 - 888517106 _____ C:\Users\PC\Downloads\A_Color_Map_of_the_Sun_-_Disc_1.zip
2016-07-04 13:45 - 2016-07-04 13:45 - 37253120 _____ C:\Users\PC\Downloads\mi(1).lvl
2016-07-02 16:05 - 2016-07-02 16:11 - 37253120 _____ C:\Users\PC\Downloads\mi.lvl
2016-07-01 22:44 - 2016-07-01 22:52 - 00072288 _____ C:\Users\PC\Documents\Azir.mp4.sfk
2016-07-01 12:54 - 2016-07-01 12:54 - 00110467 _____ C:\Users\PC\Downloads\swrogued.zip
2016-07-01 12:42 - 2016-07-01 12:42 - 00052846 _____ C:\Users\PC\Downloads\teamsnap.zip
2016-07-01 12:34 - 2016-07-01 12:34 - 00166400 _____ C:\Users\PC\Downloads\roguescr.zip
2016-07-01 12:33 - 2016-07-01 12:34 - 00193141 _____ C:\Users\PC\Downloads\roguerat.zip
2016-07-01 11:50 - 2016-07-01 11:50 - 00183638 _____ C:\Users\PC\Downloads\roguedit.zip
2016-07-01 11:49 - 2016-07-01 11:49 - 00126781 _____ C:\Users\PC\Downloads\roguedat.zip
2016-07-01 11:44 - 2016-07-01 11:48 - 02535184 _____ (LucasArts Entertainment Company LLC) C:\Users\PC\Downloads\rogueupd121.exe
2016-06-29 17:48 - 2016-06-29 18:20 - 38070645 _____ C:\Users\PC\Downloads\StarWars-_Rogue_Squadron.rar
2016-06-19 15:52 - 2016-06-19 15:52 - 00170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-19 16:08 - 2009-07-14 06:45 - 00026976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-19 16:08 - 2009-07-14 06:45 - 00026976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-19 15:59 - 2011-01-07 17:36 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-19 15:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-19 15:57 - 2010-12-25 19:28 - 00000000 ____D C:\ProgramData\ICQ
2016-07-19 15:34 - 2013-11-17 12:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-19 15:26 - 2012-11-25 15:36 - 00000332 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-07-19 12:28 - 2013-08-11 22:56 - 00000000 ____D C:\Users\PC\AppData\Local\Battle.net
2016-07-19 11:26 - 2010-12-29 20:50 - 00000000 ____D C:\Users\PC\AppData\Roaming\DAEMON Tools Lite
2016-07-19 10:27 - 2014-08-16 10:17 - 00000000 ____D C:\Users\PC\AppData\Local\Adobe
2016-07-18 22:59 - 2015-08-15 22:17 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2016-07-18 22:59 - 2011-01-07 17:43 - 00000000 ____D C:\Users\PC\AppData\Roaming\Skype
2016-07-17 23:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-17 23:13 - 2012-06-02 20:21 - 00000000 ____D C:\Users\PC\Documents\Stiahnuté
2016-07-17 16:58 - 2010-12-25 14:31 - 00000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics
2016-07-17 15:36 - 2012-10-19 17:32 - 00000000 ____D C:\Users\PC\AppData\Roaming\Media Player Classic
2016-07-17 13:52 - 2015-07-09 11:23 - 00000000 ____D C:\Users\PC\Documents\Heroes of the Storm
2016-07-17 13:43 - 2014-09-13 20:08 - 00000000 ____D C:\Users\PC\AppData\Roaming\Raptr
2016-07-17 13:41 - 2014-09-13 20:08 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-07-17 13:39 - 2014-02-15 12:21 - 00000000 ____D C:\Program Files\AMD
2016-07-17 13:38 - 2014-02-15 12:26 - 00000000 ____D C:\ProgramData\AMD
2016-07-17 13:37 - 2010-12-11 12:57 - 00000000 ____D C:\Program Files\ATI Technologies
2016-07-17 13:26 - 2014-02-15 12:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-17 13:23 - 2014-02-15 12:14 - 00000000 ____D C:\AMD
2016-07-17 12:53 - 2013-10-31 16:22 - 00000000 ____D C:\Program Files (x86)\Zrychlenie PC
2016-07-16 22:30 - 2011-02-09 17:23 - 00000000 ____D C:\Users\PC\AppData\Roaming\TS3Client
2016-07-14 18:34 - 2013-11-17 12:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 18:34 - 2013-02-28 16:55 - 19527360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-14 18:34 - 2012-06-20 13:09 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 18:34 - 2012-06-20 13:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 11:11 - 2015-07-07 09:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-07-13 19:34 - 2015-07-22 19:34 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-13 14:56 - 2013-08-11 22:56 - 00000000 ____D C:\Users\PC\AppData\Roaming\Battle.net
2016-07-13 12:23 - 2011-01-07 17:36 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-12 15:34 - 2011-11-19 13:46 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 15:34 - 2010-12-11 13:13 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-08 08:59 - 2009-07-14 07:08 - 00032516 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-05 19:56 - 2015-07-22 20:00 - 00000000 ____D C:\Users\PC\Desktop\Staré údaje Firefoxu
2016-07-02 16:18 - 2012-04-15 15:35 - 00000000 ____D C:\Users\PC\Documents\My Games
2016-07-02 16:15 - 2009-07-14 07:13 - 00782578 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-01 23:06 - 2014-07-22 22:30 - 00000000 ____D C:\Users\PC\AppData\Roaming\vlc
2016-07-01 22:59 - 2011-01-18 21:24 - 00000089 _____ C:\Users\PC\AppData\Roaming\default.pls
2016-07-01 22:42 - 2012-07-02 14:05 - 00000069 _____ C:\Windows\NeroDigital.ini
2016-06-23 22:43 - 2013-12-12 17:07 - 00000000 ____D C:\Users\PC\AppData\Roaming\Spotify
2016-06-23 15:48 - 2013-12-12 17:08 - 00000000 ____D C:\Users\PC\AppData\Local\Spotify

==================== Files in the root of some directories =======

2012-05-07 13:18 - 2012-05-07 13:20 - 166449761 _____ () C:\Users\PC\AppData\Roaming\.minecraft.rar
2014-10-20 17:06 - 2014-10-20 17:06 - 0000132 _____ () C:\Users\PC\AppData\Roaming\Adobe BMP Format CS5 Prefs
2011-11-23 18:38 - 2011-11-23 18:38 - 0704000 _____ (Ubisoft) C:\Users\PC\AppData\Roaming\AssassinsCreedRevelations.exe
2011-01-18 21:24 - 2016-07-01 22:59 - 0000089 _____ () C:\Users\PC\AppData\Roaming\default.pls
2011-01-07 17:17 - 2011-01-07 17:17 - 0099384 _____ () C:\Users\PC\AppData\Roaming\inst.exe
2012-09-30 11:25 - 2012-10-11 16:59 - 0000000 _____ () C:\Users\PC\AppData\Roaming\Made
2012-11-24 13:44 - 2015-05-31 19:19 - 0000565 _____ () C:\Users\PC\AppData\Roaming\mpqe.ini
2015-05-15 22:12 - 2015-06-13 10:51 - 0001333 _____ () C:\Users\PC\AppData\Roaming\MPQEditor.ini
2011-01-07 17:17 - 2011-01-07 17:17 - 0007859 _____ () C:\Users\PC\AppData\Roaming\pcouffin.cat
2011-01-07 17:17 - 2011-01-07 17:17 - 0001167 _____ () C:\Users\PC\AppData\Roaming\pcouffin.inf
2011-01-07 17:18 - 2011-01-07 17:18 - 0000034 _____ () C:\Users\PC\AppData\Roaming\pcouffin.log
2011-01-07 17:17 - 2011-01-07 17:17 - 0082816 _____ (VSO Software) C:\Users\PC\AppData\Roaming\pcouffin.sys
2010-12-26 12:09 - 2010-12-26 12:32 - 0000990 ___SH () C:\Users\PC\AppData\Roaming\systemfl.$dk
2012-05-01 13:21 - 2012-05-01 13:21 - 0000136 _____ () C:\Users\PC\AppData\Local\configurator.xml
2011-05-08 11:14 - 2014-04-14 19:10 - 0028672 _____ () C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-10 18:46 - 2015-07-20 09:26 - 0007610 _____ () C:\Users\PC\AppData\Local\resmon.resmoncfg
2012-10-21 20:56 - 2012-10-21 20:56 - 0000064 _____ () C:\Users\PC\AppData\Local\SRDownloader.err
2012-10-20 11:54 - 2012-10-21 20:56 - 0001296 _____ () C:\Users\PC\AppData\Local\SRDownloader.nast
2011-11-29 15:26 - 2011-11-29 15:26 - 0000000 _____ () C:\Users\PC\AppData\Local\{1EF3C09A-5A15-4A40-AACB-444A3B5482F6}
2011-11-27 14:06 - 2011-11-27 14:06 - 0000000 _____ () C:\Users\PC\AppData\Local\{2728DD4D-03CC-4776-A43A-0D1F4A003A2B}
2011-11-18 13:22 - 2011-11-18 13:22 - 0000000 _____ () C:\Users\PC\AppData\Local\{33AC95AE-A671-4034-B8D8-9137727E14F4}
2011-12-01 14:36 - 2011-12-01 14:36 - 0000000 _____ () C:\Users\PC\AppData\Local\{53B313D7-54CA-4931-8F4A-2D815E6375D4}
2011-08-01 20:04 - 2011-08-01 20:04 - 0000000 _____ () C:\Users\PC\AppData\Local\{738FC2E2-8B8D-4164-B40C-144A865D27D8}
2011-12-08 18:39 - 2011-12-08 18:39 - 0000000 _____ () C:\Users\PC\AppData\Local\{761B7C9C-C92A-442B-9105-0EC96C7214E8}
2011-11-22 15:25 - 2011-11-22 15:25 - 0000000 _____ () C:\Users\PC\AppData\Local\{7C915318-A4CF-4669-838A-6EDA95039687}
2011-12-13 15:36 - 2011-12-13 15:36 - 0000000 _____ () C:\Users\PC\AppData\Local\{8A5626C7-F52D-4378-8EAB-E63E22C40504}
2011-12-15 17:03 - 2011-12-15 17:03 - 0000000 _____ () C:\Users\PC\AppData\Local\{95FED701-D211-4546-864C-EB5BA95FC90A}
2011-12-08 18:39 - 2011-12-08 18:39 - 0000000 _____ () C:\Users\PC\AppData\Local\{9CF62CFA-EAE8-404E-811B-3A63432D0638}
2011-12-02 14:37 - 2011-12-02 14:37 - 0000000 _____ () C:\Users\PC\AppData\Local\{A679BEEA-F86B-4EC9-B15A-73F20C2326E9}
2011-12-14 18:44 - 2011-12-14 18:44 - 0000000 _____ () C:\Users\PC\AppData\Local\{AF089E0C-8759-49C9-8965-9C66FFC9A68F}
2012-01-01 12:48 - 2012-01-01 12:48 - 0000000 _____ () C:\Users\PC\AppData\Local\{F813732F-998A-45BA-9087-E8BCE7A77FD0}
2012-01-16 18:22 - 2012-01-16 18:22 - 0000000 _____ () C:\Users\PC\AppData\Local\{F99E1135-C59E-41BF-840E-6FEBDFB576CB}
2011-03-27 17:21 - 2011-03-27 17:21 - 0000041 ___SH () C:\ProgramData\.zreglib
2013-01-09 20:14 - 2013-01-09 20:16 - 95023320 ____T () C:\ProgramData\dsgsdgdsgdsgw.pad
2011-01-07 17:44 - 2011-01-07 17:44 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad


Some files in TEMP:
====================
C:\Users\PC\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe
C:\Users\PC\AppData\Local\Temp\libeay32.dll
C:\Users\PC\AppData\Local\Temp\msvcr120.dll
C:\Users\PC\AppData\Local\Temp\playstv_patch.exe
C:\Users\PC\AppData\Local\Temp\raptrpatch.exe
C:\Users\PC\AppData\Local\Temp\raptr_stub.exe
C:\Users\PC\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.


LastRegBack: 2016-06-27 18:22

==================== End of FRST.txt ============================
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Prosim o kontrolu PC

#3 Příspěvek od Roli »

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


Dále použij Mbam z mého podpisu a dej mi sem z něj log po smazání nepořádku.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
jajko
Návštěvník
Návštěvník
Příspěvky: 88
Registrován: 10 črc 2009 19:47

Re: Prosim o kontrolu PC

#4 Příspěvek od jajko »

# AdwCleaner v5.201 - Log vytvorený 19/07/2016 v 19:45:09
# Aktualizované 30/06/2016 by ToolsLib
# Databáza : 2016-07-18.2 [Server]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (X64)
# Užívateľské meno : PC - PC-TOMJAK
# Spustené z : C:\Users\PC\Downloads\AdwCleaner.exe
# Nastavenie : Čistenie
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****


***** [ Priečinky ] *****


***** [ Súbory ] *****

[#] Súbor Zmazané : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ambjmeohlajelahhhniggkkceagdlcgj

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupcovia ] *****


***** [ Naplánované úlohy ] *****

[!] Úloha Nie Zmazané : BitGuard
[!] Úloha Nie Zmazané : CPU Grid Computing
[!] Úloha Nie Zmazané : LaunchApp
[!] Úloha Nie Zmazané : LaunchSignup
[!] Úloha Nie Zmazané : Scheduled Update for Ask Toolbar

***** [ Registre ] *****

[-] Hodnota Zmazané : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
[-] Hodnota Zmazané : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
[-] Hodnota Zmazané : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

***** [ Webové prehliadače ] *****


*************************

:: "Tracing" kľúče zmazané

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [49369 bajtov] - [19/07/2016 15:57:14]
C:\AdwCleaner\AdwCleaner[C2].txt - [1458 bajtov] - [19/07/2016 19:45:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [54890 bajtov] - [19/07/2016 15:55:30]
C:\AdwCleaner\AdwCleaner[S2].txt - [1576 bajtov] - [19/07/2016 19:43:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1681 bajtov] ##########
Nahoru
jajko
Návštěvník
Návštěvník
Příspěvky: 88
Registrován: 10 črc 2009 19:47

Re: Prosim o kontrolu PC

#5 Příspěvek od jajko »

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 19. 7. 2016
Čas skenování: 19:58
Protokol: malwarebytes anti Malware.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.07.19.09
Databáze rootkitů: v2016.05.27.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: PC

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 819456
Uplynulý čas: 2 hod, 42 min, 38 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 12
PUP.Optional.Babylon, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [a93c58cdaeec84b2c4012e60a062f50b],
PUP.Optional.ICQToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXPLORER BARS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [41a48b9a3c5eae88292db4dc857d6e92],
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, , [d80d2cf98d0d3df9834729654eb458a8],
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\TRACING\MyPC Backup_RASAPI32, , [0adbce57edadea4c8d1933a2cc374eb2],
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\TRACING\MyPC Backup_RASMANCS, , [7c6950d5c0dab383b8eeb22317ec956b],
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\TRACING\SpeedCheckerService_RASAPI32, , [8362c263c3d77abcc2ae972aa85bbb45],
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\TRACING\SpeedCheckerService_RASMANCS, , [dc0973b269311e18e28eb20f8b7843bd],
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{163DE5FA-20F5-4467-8F7D-5E0234B7C414}, , [edf8d0554951191dcf144ba9659e47b9],
PUP.Optional.BitGuard, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2628FB92-245F-4B30-9C70-743F40D40012}, , [3ea743e29dfdbc7a885335c5a65d16ea],
PUP.Optional.BitGuard, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\BitGuard, , [2db843e29505bf7777654652857ee719],
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Scheduled Update for Ask Toolbar, , [20c5879e3f5ba98df0b17573f90a7a86],
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, , [499c58cd53473303c2af8e2142c1e917],

Hodnoty registru: 2
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{163DE5FA-20F5-4467-8F7D-5E0234B7C414}|Path, \Scheduled Update for Ask Toolbar, , [edf8d0554951191dcf144ba9659e47b9]
PUP.Optional.BitGuard, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2628FB92-245F-4B30-9C70-743F40D40012}|Path, \BitGuard, , [3ea743e29dfdbc7a885335c5a65d16ea]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 3
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom, , [c81dcb5a8e0c082e3037b8f9ad557a86],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0, , [c81dcb5a8e0c082e3037b8f9ad557a86],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0\_metadata, , [c81dcb5a8e0c082e3037b8f9ad557a86],

Soubory: 32
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\Zrychlenie PC\PCSpeedUp.sys, , [ca1ba382cdcd1a1c40b180acc9382fd1],
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\Zrychlenie PC\PCSUUCC.exe, , [fde8f0354c4ef93d9a5752da1ee3ea16],
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\Zrychlenie PC\SpeedCheckerService.exe, , [04e159cc1d7d49edf8c60dbd2cd524dc],
PUP.Optional.ASK, C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Ask.com\UpdateTask.exe.vir, , [9f46b17489114cea64635369758c9c64],
PUP.Optional.EpicScale, C:\AdwCleaner\FileQuarantine\C\ProgramData\epicscale\18508.dat.vir, , [ba2b6bba8b0f76c00db0fef42ad6a060],
PUP.Optional.EpicScale, C:\AdwCleaner\FileQuarantine\C\ProgramData\epicscale\32834.dat.vir, , [479e190c6f2b6bcb11ac9b5750b0738d],
PUP.Optional.EpicScale, C:\AdwCleaner\FileQuarantine\C\ProgramData\epicscale\EpicScale.exe.vir, , [c2231b0a8812f5418a3304ee9b659967],
PUP.Optional.EpicScale, C:\AdwCleaner\FileQuarantine\C\ProgramData\epicscale\0\EpicScale.dat.vir, , [dd0874b10f8b44f2774648aa25dbc53b],
PUP.Optional.EpicScale, C:\AdwCleaner\FileQuarantine\C\ProgramData\epicscale\0\EpicScale.exe.vir, , [c81d6abbabef02348a33b9397f81f010],
PUP.Optional.EpicScale, C:\AdwCleaner\FileQuarantine\C\ProgramData\epicscale\0\EpicScale64.exe.vir, , [df0683a2bfdb8babe1dcfcf607f96d93],
PUP.Optional.EpicScale, C:\AdwCleaner\FileQuarantine\C\ProgramData\epicscale\0\Nova.dat.vir, , [c91c988d4f4bc571d6e7886afd03768a],
PUP.Optional.EpicScale, C:\AdwCleaner\FileQuarantine\C\ProgramData\epicscale\0\x64\EpicScale64.exe.vir, , [c42138ed4c4e37ffae0f747e6b95b050],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\FileQuarantine\C\Users\PC\Documents\PCSpeedUp-Silent-Update.exe.vir, , [8e57ea3bb6e446f0d51c18142cd5a858],
PUP.Optional.SweetIM, C:\Users\PC\Documents\setup_8C77AC9-753C-4AF4-BD28-40367933BEF.exe, , [fde8ac79a3f7999df6270d7d1aea1ae6],
PUP.Optional.InstallCore, C:\Users\PC\Downloads\[R.G. Gamblers] Ori and the Blind Forest\setup.exe, , [02e378ad029858def2bdac95c8397090],
HackTool.AutoKMS, C:\Users\PC\Downloads\Windows 8 .1 Pro Retail x64 En Us\portable.9.1.3 (nova-s).zip, , [07de68bd891196a085254016d12f9c64],
PUP.Optional.BitCoinMiner, C:\Windows\SysWOW64\acumncarsuo.exe, , [f4f1968fa7f3ea4c53f888ada55dff01],
Trojan.Agent.BCM, C:\Windows\SysWOW64\lcpmncarsuo.exe, , [905547deaaf05fd772b76c479a6608f8],
Trojan.BitCoinMiner, C:\Windows\SysWOW64\dcgmncarsuo.exe, , [964f7baaf8a2e2545df8142106fcf709],
RiskWare.FilePatcher, E:\Programy\SV13\Sony Vegas Pro 13.exe, , [14d162c3efabb77fe59b92be90719070],
Exploit.Dropper.GSA, C:\ProgramData\dsgsdgdsgdsgw.pad, , [786dba6b5f3b39fd7da83a9f22e19070],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0\background.js, , [c81dcb5a8e0c082e3037b8f9ad557a86],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0\icon-128.png, , [c81dcb5a8e0c082e3037b8f9ad557a86],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0\icon-16.png, , [c81dcb5a8e0c082e3037b8f9ad557a86],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0\icon-48.png, , [c81dcb5a8e0c082e3037b8f9ad557a86],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0\jquery-1.11.0.min.js, , [c81dcb5a8e0c082e3037b8f9ad557a86],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0\jquery.bpopup.min.js, , [c81dcb5a8e0c082e3037b8f9ad557a86],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0\manifest.json, , [c81dcb5a8e0c082e3037b8f9ad557a86],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0\script.js, , [c81dcb5a8e0c082e3037b8f9ad557a86],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0\_DS_Store, , [c81dcb5a8e0c082e3037b8f9ad557a86],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0\_metadata\computed_hashes.json, , [c81dcb5a8e0c082e3037b8f9ad557a86],
PUP.Optional.CrossRider, C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom\0.1_0\_metadata\verified_contents.json, , [c81dcb5a8e0c082e3037b8f9ad557a86],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Prosim o kontrolu PC

#6 Příspěvek od Roli »

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.


P.S. v AdwCleaneru nech smazat Scheduled Update for Ask Toolbar
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
jajko
Návštěvník
Návštěvník
Příspěvky: 88
Registrován: 10 črc 2009 19:47

Re: Prosim o kontrolu PC

#7 Příspěvek od jajko »

ComboFix 16-07-16.01 - PC . 07. 2016 20:01:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4095.3045 [GMT 2:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC\AppData\Roaming\Love
c:\users\PC\AppData\Roaming\Love\mari0\mappacks\custom_mappack_1\settings.txt
c:\users\PC\AppData\Roaming\Love\mari0\options.txt
c:\users\PC\AppData\Roaming\Love\ortho_robot\save.txt
c:\users\PC\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\users\PC\Documents\~WRL1901.tmp
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Files Created from 2016-06-20 to 2016-07-20 )))))))))))))))))))))))))))))))
.
.
2016-07-20 18:15 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD7D9DA1-54D9-4C05-B5AB-63E660E8B2E0}\mpengine.dll
2016-07-20 18:13 . 2016-07-20 18:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-07-20 08:14 . 2016-07-20 08:14 -------- d-----w- c:\users\PC\AppData\Roaming\AMD
2016-07-19 17:57 . 2016-07-19 17:58 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-19 17:56 . 2016-07-19 17:57 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-07-19 17:56 . 2016-07-19 17:56 -------- d-----w- c:\programdata\Malwarebytes
2016-07-19 17:56 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-07-19 17:56 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-07-19 17:56 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-07-19 14:10 . 2016-07-19 14:15 -------- d-----w- C:\FRST
2016-07-19 13:55 . 2016-07-19 17:45 -------- d-----w- C:\AdwCleaner
2016-07-19 13:41 . 2016-07-19 13:41 -------- d-----w- C:\rsit
2016-07-19 13:41 . 2016-07-19 13:41 -------- d-----w- c:\program files\trend micro
2016-07-18 10:31 . 2016-07-18 10:31 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3740.dll
2016-07-17 11:47 . 2010-08-12 11:07 344680 ----a-w- c:\windows\system32\drivers\nvmfdx64.sys
2016-07-17 11:47 . 2010-08-12 11:07 350952 ----a-w- c:\windows\system32\drivers\nvm62x64.sys
2016-07-17 11:43 . 2016-07-17 11:43 -------- d-----w- c:\programdata\ATI
2016-07-17 11:42 . 2016-07-20 16:33 -------- d-----w- c:\users\PC\AppData\Roaming\PlaysTV
2016-07-17 11:40 . 2016-07-17 11:41 -------- d-----w- c:\program files (x86)\Raptr Inc
2016-07-17 11:26 . 2016-07-17 11:26 -------- d-----w- c:\program files (x86)\AMD
2016-07-16 09:52 . 2016-07-16 09:52 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2816.dll
2016-07-13 10:56 . 2016-07-13 10:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.276.dll
2016-07-08 21:11 . 2016-07-08 21:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.1428.dll
2016-07-07 10:02 . 2016-07-07 10:02 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2944.dll
2016-07-04 11:06 . 2016-07-04 11:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.856.dll
2016-07-03 09:11 . 2016-07-03 09:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2088.dll
2016-06-26 15:27 . 2016-06-26 15:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.780.dll
2016-06-24 17:56 . 2016-06-24 17:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3020.dll
2016-06-24 11:08 . 2016-06-24 11:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3932.dll
2016-06-23 16:55 . 2016-06-23 16:55 252640 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2016-06-23 13:58 . 2016-06-23 13:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.1120.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-19 21:13 . 2010-12-11 11:35 144749672 ----a-w- c:\windows\system32\MRT.exe
2016-07-15 10:11 . 2016-05-24 19:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.224.dll
2016-07-14 16:34 . 2016-06-10 09:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.1968.dll
2016-07-14 16:34 . 2012-06-20 11:09 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-14 16:34 . 2012-06-20 11:09 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-14 16:34 . 2013-02-28 14:55 19527360 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-07-09 09:44 . 2016-02-13 12:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2404.dll
2016-07-01 17:34 . 2010-06-24 10:33 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-06-20 11:13 . 2016-06-20 11:13 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.4564.dll
2016-06-19 13:52 . 2016-06-19 13:52 170280 ----a-w- c:\windows\system32\drivers\ESETCleanersDriver.sys
2016-06-18 09:54 . 2016-06-18 09:54 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3224.dll
2016-06-09 10:27 . 2016-06-09 10:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3456.dll
2016-06-05 14:42 . 2016-06-05 14:42 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3792.dll
2016-06-02 13:18 . 2016-06-02 13:18 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3188.dll
2016-06-01 14:53 . 2016-06-01 14:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2600.dll
2016-05-28 11:03 . 2016-05-28 11:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.1264.dll
2016-05-25 09:15 . 2016-05-25 09:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.568.dll
2016-05-23 13:22 . 2016-05-23 13:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.1396.dll
2016-05-23 11:58 . 2016-05-23 11:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3884.dll
2016-05-19 19:49 . 2016-05-19 19:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2580.dll
2016-05-18 16:58 . 2016-05-18 16:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.5648.dll
2016-05-16 10:05 . 2016-05-16 10:05 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3976.dll
2016-05-14 18:51 . 2016-05-14 18:51 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3380.dll
2016-05-12 12:45 . 2016-05-12 12:45 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2908.dll
2016-05-10 14:15 . 2016-05-10 14:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.4136.dll
2016-05-09 07:45 . 2014-10-25 09:54 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-05-06 14:14 . 2016-05-06 14:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2672.dll
2016-05-05 16:18 . 2016-05-05 16:18 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.4568.dll
2016-05-02 13:20 . 2016-05-02 13:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.5576.dll
2016-05-01 15:11 . 2016-05-01 15:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.984.dll
2016-04-30 15:49 . 2016-04-30 15:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3916.dll
2016-04-29 13:50 . 2016-04-29 13:50 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2992.dll
2016-04-23 16:17 . 2016-04-23 16:17 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.1888.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="d:\programy\Ccleaner\CCleaner64.exe" [2016-07-13 8891608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-04 767176]
"PlaysTV"="c:\program files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" [2016-07-13 71440]
"Raptr"="c:\program files (x86)\Raptr Inc\Raptr\raptrstub.exe" [2016-07-13 58640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\Bluetooth Software\BtwProximityCP.dll
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys;c:\windows\SYSNATIVE\Drivers\AF9035HB.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;e:\programy\DAEMON Tools Lite\DiscSoftBusService.exe;e:\programy\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
R4 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]
R4 chromoting;Služba Vzdialená plocha Chrome;c:\program files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [x]
R4 LolScreenSaverService;League Screensaver;e:\tomas\LolScreenSaver\service\service.exe;e:\tomas\LolScreenSaver\service\service.exe [x]
R4 PlaysService;Plays.tv Update Service;c:\program files (x86)\Raptr Inc\PlaysTV\plays_service.exe;c:\program files (x86)\Raptr Inc\PlaysTV\plays_service.exe [x]
R4 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R4 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
R4 TunngleService;TunngleService;e:\programy\Tunngle\TnglCtrl.exe;e:\programy\Tunngle\TnglCtrl.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 XQHDrv;BigNox Service;c:\windows\system32\DRIVERS\XQHDrv.sys;c:\windows\SYSNATIVE\DRIVERS\XQHDrv.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys;c:\windows\SYSNATIVE\drivers\vvftav211.sys [x]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys;c:\windows\SYSNATIVE\Drivers\ZS211.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-18 09:23 1245848 ----a-w- c:\program files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-17 16:34]
.
2016-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-07 17:44]
.
2016-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-07 17:44]
.
2016-07-20 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-11-18 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download Using &BitSpirit - d:\programy e\BitSpirit\bsurl.htm
IE: Download With Album Copier - c:\program files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - d:\programy\icq\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nnggvj24.default-1467741386556\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Abe's Oddysee - d:\hry\Oddworld\Uninst.isu
AddRemove-Counter-Strike 1.6_is1 - e:\hry\CS\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1732022708-3317739241-618183903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1732022708-3317739241-618183903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2016-07-20 20:21:34 - machine was rebooted
ComboFix-quarantined-files.txt 2016-07-20 18:21
.
Pre-Run: 19 556 143 104 bytes free
Post-Run: 19 347 709 952 bytes free
.
- - End Of File - - 9960A628A059015E730EB0017080D282
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
jajko
Návštěvník
Návštěvník
Příspěvky: 88
Registrován: 10 črc 2009 19:47

Re: Prosim o kontrolu PC

#8 Příspěvek od jajko »

P.S. v AdwCleaneru nech smazat Scheduled Update for Ask Toolbar.....

TAK TOTO SOM TAM TEDA NENASIEL- možeš to prosím nejako upresniť?
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Prosim o kontrolu PC

#9 Příspěvek od Roli »

jajko píše:P.S. v AdwCleaneru nech smazat Scheduled Update for Ask Toolbar.....

TAK TOTO SOM TAM TEDA NENASIEL- možeš to prosím nejako upresniť?
Vidím to ve výpisu jako nesmazané :

[!] Úloha Nie Zmazané : Scheduled Update for Ask Toolbar

Spusť jej znovu a pokud to tam najdeš nech smazat.


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock::  
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
jajko
Návštěvník
Návštěvník
Příspěvky: 88
Registrován: 10 črc 2009 19:47

Re: Prosim o kontrolu PC

#10 Příspěvek od jajko »

ComboFix 16-07-16.01 - PC . 07. 2016 10:56:22.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4095.1109 [GMT 2:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
Command switches used :: c:\users\PC\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-06-22 to 2016-07-22 )))))))))))))))))))))))))))))))
.
.
2016-07-22 09:12 . 2016-07-22 09:12 -------- d-----w- c:\users\Tomjak\AppData\Local\temp
2016-07-22 09:12 . 2016-07-22 09:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-07-22 09:12 . 2016-07-22 09:12 -------- d-----w- c:\users\Deathburn\AppData\Local\temp
2016-07-21 15:57 . 2016-07-21 15:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-07-21 08:58 . 2016-07-21 08:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2396.dll
2016-07-20 08:14 . 2016-07-20 08:14 -------- d-----w- c:\users\PC\AppData\Roaming\AMD
2016-07-19 17:57 . 2016-07-19 17:58 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-19 17:56 . 2016-07-19 17:57 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-07-19 17:56 . 2016-07-19 17:56 -------- d-----w- c:\programdata\Malwarebytes
2016-07-19 17:56 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-07-19 17:56 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-07-19 17:56 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-07-19 14:40 . 2015-08-27 18:18 2004480 ----a-w- c:\windows\system32\msxml6.dll
2016-07-19 14:40 . 2015-08-27 18:18 1887232 ----a-w- c:\windows\system32\msxml3.dll
2016-07-19 14:40 . 2015-08-27 17:58 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2016-07-19 14:40 . 2015-08-27 18:13 2048 ----a-w- c:\windows\system32\msxml6r.dll
2016-07-19 14:40 . 2015-08-27 18:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-07-19 14:40 . 2015-08-27 17:58 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2016-07-19 14:40 . 2015-08-27 17:51 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2016-07-19 14:40 . 2015-08-27 17:51 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-07-19 14:36 . 2016-04-09 06:58 14186496 ----a-w- c:\windows\system32\shell32.dll
2016-07-19 14:36 . 2016-04-09 05:53 3231232 ----a-w- c:\windows\explorer.exe
2016-07-19 14:36 . 2016-04-09 06:57 1867776 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-07-19 14:36 . 2016-04-09 06:57 1941504 ----a-w- c:\windows\system32\authui.dll
2016-07-19 14:36 . 2016-04-09 06:54 1806848 ----a-w- c:\windows\SysWow64\authui.dll
2016-07-19 14:36 . 2016-04-09 05:44 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-07-19 14:36 . 2016-04-09 06:54 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-07-19 14:10 . 2016-07-19 14:15 -------- d-----w- C:\FRST
2016-07-19 13:55 . 2016-07-22 08:49 -------- d-----w- C:\AdwCleaner
2016-07-19 13:41 . 2016-07-19 13:41 -------- d-----w- C:\rsit
2016-07-19 13:41 . 2016-07-19 13:41 -------- d-----w- c:\program files\trend micro
2016-07-18 10:31 . 2016-07-18 10:31 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3740.dll
2016-07-17 11:47 . 2010-08-12 11:07 344680 ----a-w- c:\windows\system32\drivers\nvmfdx64.sys
2016-07-17 11:47 . 2010-08-12 11:07 350952 ----a-w- c:\windows\system32\drivers\nvm62x64.sys
2016-07-17 11:43 . 2016-07-17 11:43 -------- d-----w- c:\programdata\ATI
2016-07-17 11:42 . 2016-07-20 16:33 -------- d-----w- c:\users\PC\AppData\Roaming\PlaysTV
2016-07-17 11:40 . 2016-07-17 11:41 -------- d-----w- c:\program files (x86)\Raptr Inc
2016-07-17 11:26 . 2016-07-17 11:26 -------- d-----w- c:\program files (x86)\AMD
2016-07-16 09:52 . 2016-07-16 09:52 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2816.dll
2016-07-13 10:56 . 2016-07-13 10:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.276.dll
2016-07-08 21:11 . 2016-07-08 21:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.1428.dll
2016-07-07 10:02 . 2016-07-07 10:02 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2944.dll
2016-07-04 11:06 . 2016-07-04 11:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.856.dll
2016-07-03 09:11 . 2016-07-03 09:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2088.dll
2016-06-26 15:27 . 2016-06-26 15:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.780.dll
2016-06-24 17:56 . 2016-06-24 17:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3020.dll
2016-06-24 11:08 . 2016-06-24 11:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3932.dll
2016-06-23 16:55 . 2016-06-23 16:55 252640 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2016-06-23 13:58 . 2016-06-23 13:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.1120.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-21 15:56 . 2014-10-25 09:54 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-07-19 21:13 . 2010-12-11 11:35 144749672 ----a-w- c:\windows\system32\MRT.exe
2016-07-15 10:11 . 2016-05-24 19:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.224.dll
2016-07-14 16:34 . 2016-06-10 09:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.1968.dll
2016-07-14 16:34 . 2012-06-20 11:09 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-14 16:34 . 2012-06-20 11:09 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-14 16:34 . 2013-02-28 14:55 19527360 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-07-09 09:44 . 2016-02-13 12:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2404.dll
2016-07-01 17:34 . 2010-06-24 10:33 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-06-20 11:13 . 2016-06-20 11:13 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.4564.dll
2016-06-19 13:52 . 2016-06-19 13:52 170280 ----a-w- c:\windows\system32\drivers\ESETCleanersDriver.sys
2016-06-18 09:54 . 2016-06-18 09:54 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3224.dll
2016-06-09 10:27 . 2016-06-09 10:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3456.dll
2016-06-05 14:42 . 2016-06-05 14:42 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3792.dll
2016-06-02 13:18 . 2016-06-02 13:18 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3188.dll
2016-06-01 14:53 . 2016-06-01 14:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2600.dll
2016-05-28 11:03 . 2016-05-28 11:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.1264.dll
2016-05-25 09:15 . 2016-05-25 09:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.568.dll
2016-05-23 13:22 . 2016-05-23 13:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.1396.dll
2016-05-23 11:58 . 2016-05-23 11:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3884.dll
2016-05-19 19:49 . 2016-05-19 19:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2580.dll
2016-05-18 16:58 . 2016-05-18 16:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.5648.dll
2016-05-16 10:05 . 2016-05-16 10:05 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3976.dll
2016-05-14 18:51 . 2016-05-14 18:51 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3380.dll
2016-05-12 12:45 . 2016-05-12 12:45 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2908.dll
2016-05-10 14:15 . 2016-05-10 14:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.4136.dll
2016-05-06 14:14 . 2016-05-06 14:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2672.dll
2016-05-05 16:18 . 2016-05-05 16:18 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.4568.dll
2016-05-02 13:20 . 2016-05-02 13:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.5576.dll
2016-05-01 15:11 . 2016-05-01 15:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.984.dll
2016-04-30 15:49 . 2016-04-30 15:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.3916.dll
2016-04-29 13:50 . 2016-04-29 13:50 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.2992.dll
2016-04-23 16:17 . 2016-04-23 16:17 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F40C60D7-8988-4ECB-B429-A6074B72AE10}\offreg.1888.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="d:\programy\Ccleaner\CCleaner64.exe" [2016-07-13 8891608]
"GoogleChromeAutoLaunch_73B90D4D0D4A45E4E1249D0D8EDB5EB0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-06-15 941720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\Bluetooth Software\BtwProximityCP.dll
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys;c:\windows\SYSNATIVE\Drivers\AF9035HB.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;e:\programy\DAEMON Tools Lite\DiscSoftBusService.exe;e:\programy\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
R4 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]
R4 chromoting;Služba Vzdialená plocha Chrome;c:\program files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [x]
R4 LolScreenSaverService;League Screensaver;e:\tomas\LolScreenSaver\service\service.exe;e:\tomas\LolScreenSaver\service\service.exe [x]
R4 PlaysService;Plays.tv Update Service;c:\program files (x86)\Raptr Inc\PlaysTV\plays_service.exe;c:\program files (x86)\Raptr Inc\PlaysTV\plays_service.exe [x]
R4 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R4 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
R4 TunngleService;TunngleService;e:\programy\Tunngle\TnglCtrl.exe;e:\programy\Tunngle\TnglCtrl.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 XQHDrv;BigNox Service;c:\windows\system32\DRIVERS\XQHDrv.sys;c:\windows\SYSNATIVE\DRIVERS\XQHDrv.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys;c:\windows\SYSNATIVE\drivers\vvftav211.sys [x]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys;c:\windows\SYSNATIVE\Drivers\ZS211.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-18 09:23 1245848 ----a-w- c:\program files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-17 16:34]
.
2016-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-07 17:44]
.
2016-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-07 17:44]
.
2016-07-22 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-11-18 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download Using &BitSpirit - d:\programy e\BitSpirit\bsurl.htm
IE: Download With Album Copier - c:\program files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - d:\programy\icq\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nnggvj24.default-1467741386556\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk - c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.exe -u -d 10000
AddRemove-Abe's Oddysee - d:\hry\Oddworld\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1732022708-3317739241-618183903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1732022708-3317739241-618183903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2016-07-22 11:15:11
ComboFix-quarantined-files.txt 2016-07-22 09:15
ComboFix2.txt 2016-07-20 18:21
.
Pre-Run: 18 605 641 728 bytes free
Post-Run: 18 124 992 512 bytes free
.
- - End Of File - - 85F2F11652405080CB2D3CCA21FFCA3F
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
jajko
Návštěvník
Návštěvník
Příspěvky: 88
Registrován: 10 črc 2009 19:47

Re: Prosim o kontrolu PC

#11 Příspěvek od jajko »

Znovu som spustil ADWcleaner a súbor tam nebol. Posielam Log

# AdwCleaner v5.201 - Log vytvorený 22/07/2016 v 11:19:42
# Aktualizované 30/06/2016 by ToolsLib
# Databáza : 2016-07-21.2 [Server]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (X64)
# Užívateľské meno : PC - PC-TOMJAK
# Spustené z : C:\Users\PC\Downloads\AdwCleaner.exe
# Nastavenie : Čistenie
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****


***** [ Priečinky ] *****


***** [ Súbory ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupcovia ] *****


***** [ Naplánované úlohy ] *****

[-] Úloha Zmazané : CPU Grid Computing
[-] Úloha Zmazané : LaunchApp
[-] Úloha Zmazané : LaunchSignup

***** [ Registre ] *****


***** [ Webové prehliadače ] *****


*************************

:: "Tracing" kľúče zmazané
:: Nastavenia Winsock resetované.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [49369 bajtov] - [19/07/2016 15:57:14]
C:\AdwCleaner\AdwCleaner[C2].txt - [1761 bajtov] - [19/07/2016 19:45:09]
C:\AdwCleaner\AdwCleaner[C3].txt - [1046 bajtov] - [22/07/2016 11:19:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [54890 bajtov] - [19/07/2016 15:55:30]
C:\AdwCleaner\AdwCleaner[S2].txt - [1576 bajtov] - [19/07/2016 19:43:41]
C:\AdwCleaner\AdwCleaner[S3].txt - [1240 bajtov] - [20/07/2016 20:27:53]
C:\AdwCleaner\AdwCleaner[S4].txt - [1314 bajtov] - [22/07/2016 10:49:02]
C:\AdwCleaner\AdwCleaner[S5].txt - [541 bajtov] - [22/07/2016 11:17:08]
C:\AdwCleaner\AdwCleaner[S6].txt - [1461 bajtov] - [22/07/2016 11:18:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1564 bajtov] ##########
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Prosim o kontrolu PC

#12 Příspěvek od Roli »

Mbam odinstaluj.


Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jak se PC chová.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
jajko
Návštěvník
Návštěvník
Příspěvky: 88
Registrován: 10 črc 2009 19:47

Re: Prosim o kontrolu PC

#13 Příspěvek od jajko »

ĎAKUJEM ROLI !!

Už všetko šlape ako ma - aj aktualizacie windows idu ok!
Ešte raz DIKY!
Palec hore - si dobrý !!!
:thumbsup:
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Prosim o kontrolu PC

#14 Příspěvek od Roli »

jajko píše:ĎAKUJEM ROLI !!

Už všetko šlape ako ma - aj aktualizacie windows idu ok!
Ešte raz DIKY!
Palec hore - si dobrý !!!
:thumbsup:
Není zač a :closed:
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“