VIRY.CZ

Notebook je prvních několik minut po startu zcela nepoužitelný, když vytížení disku zkončí, internet je hrozně nestabilní. Problém s internetem může teoreticky být chyba wifi, sděluji pro informaci. Používám Win10

Proces: Hostitel místní služby (Omezená síť)

FRST launcher se mi nepodařilo stáhnout.
RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-12-04 09:24:23
Microsoft Windows 10 Home
System drive C: has 188 GB (65%) free of 289 GB
Total RAM: 6006 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:24:32, on 4.12.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\uTorrent\uninstall.exe
C:\Program Files (x86)\uTorrent\utorrent.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9387 bytes

======Listing Processes======








C:\WINDOWS\system32\lsass.exe
winlogon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\atiesrxx.exe
atieclxx
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"

dashost.exe {c7720c3b-9e69-43b4-82c6fce59d02202e}
sihost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"fontdrvhost.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Bluetooth®: Off
WLAN: On</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>1181806106</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=54.0.2840.99 --handshake-handle=0x1bc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/IgnoreIfNavigatedBack/ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/ExEnable2/StrictSecureCookies/Default/SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_41/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,13,16,17,18,20,34,60 --gpu-vendor-id=0x1002 --gpu-device-id=0x68e4 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=15.201.1151.1008 --gpu-driver-date=11-4-2015 --mojo-application-channel-token=4610D7DC1DFAD2D75CDC8F63319863B3 --mojo-platform-channel-handle=1288 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/IgnoreIfNavigatedBack/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/ExEnable2/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_41/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=A34989F28B54EC3AC55CC8880BC9D544 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=A34989F28B54EC3AC55CC8880BC9D544 --channel="8672.2.475359084\439776535" --mojo-platform-channel-handle=2636 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/IgnoreIfNavigatedBack/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/ExEnable2/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_41/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=29EEEBC83C4492B4DB1581FB52457EFF --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=29EEEBC83C4492B4DB1581FB52457EFF --channel="8672.4.153184323\2038519339" --mojo-platform-channel-handle=4692 /prefetch:1
C:\WINDOWS\system32\AUDIODG.EXE 0x2b4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/IgnoreIfNavigatedBack/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*SecurityWarningIconUpdate/Enabled/*SignInPasswordPromo/ExEnable2/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_41/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=FD1B5828DD69693E64F18761A918507A --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=FD1B5828DD69693E64F18761A918507A --channel="8672.15.1237784614\2147351668" --mojo-platform-channel-handle=4996 /prefetch:1
C:\WINDOWS\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
C:\Windows\System32\DataExchangeHost.exe -Embedding
"C:\WINDOWS\system32\rundll32.exe" -localserver 22d8c27b-47a1-48d1-ad08-7da7abd79617
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/IgnoreIfNavigatedBack/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/*ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*SecurityWarningIconUpdate/Enabled/*SignInPasswordPromo/ExEnable2/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_41/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=28C59BDB98B7E7F0D1D8FCD926190C5E --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=28C59BDB98B7E7F0D1D8FCD926190C5E --channel="8672.30.804650588\2131980092" --mojo-platform-channel-handle=7820 /prefetch:1
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Program Files (x86)\uTorrent\uninstall.exe" backup
utorrent.exe

"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 604 620 628 8192 624
"C:\Users\Admin\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2011-01-11 6602856]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-07-21 8192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-04-27 3954352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-09-08 633024]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2016-10-13 2860832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"=C:\WINDOWS\system32\cmd.exe [2016-07-16 232960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-03-01 379552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-11-09 586296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPOSD]
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2010-12-13 318520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2016-10-13 2860832]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-11-04 767176]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-06-30 7408312]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2011-02-01 656920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.RTV1"=rtvcvfw64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-12-04 09:24:23 ----D---- C:\rsit
2016-12-04 09:24:23 ----D---- C:\Program Files\trend micro
2016-12-01 18:22:30 ----D---- C:\Program Files (x86)\uTorrent
2016-12-01 17:43:05 ----SHD---- C:\Config.Msi
2016-11-26 00:49:28 ----D---- C:\Program Files (x86)\GPU-Z
2016-11-26 00:12:10 ----AD---- C:\Program Files\CCleaner
2016-11-25 23:14:18 ----D---- C:\Program Files (x86)\RivaTuner Statistics Server
2016-11-25 23:12:08 ----D---- C:\Program Files (x86)\MSI Afterburner
2016-11-25 23:10:47 ----AD---- C:\Program Files\7-Zip
2016-11-10 18:33:41 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerInstaller.exe
2016-11-09 18:15:49 ----A---- C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 18:15:47 ----A---- C:\WINDOWS\system32\wer.dll
2016-11-09 18:15:47 ----A---- C:\WINDOWS\system32\oleaut32.dll
2016-11-09 18:15:47 ----A---- C:\WINDOWS\system32\ole32.dll
2016-11-09 18:15:47 ----A---- C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 18:15:46 ----A---- C:\WINDOWS\system32\weretw.dll
2016-11-09 18:15:45 ----A---- C:\WINDOWS\SYSWOW64\msctf.dll
2016-11-09 18:15:45 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-11-09 18:15:45 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2016-11-09 18:15:45 ----A---- C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 18:15:45 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 18:15:45 ----A---- C:\WINDOWS\system32\asycfilt.dll
2016-11-09 18:15:44 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2016-11-09 18:15:44 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2016-11-09 18:15:44 ----A---- C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 18:15:44 ----A---- C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 18:15:44 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2016-11-09 18:15:43 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2016-11-09 18:15:43 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2016-11-09 18:15:43 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2016-11-09 18:15:42 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2016-11-09 18:15:42 ----A---- C:\WINDOWS\system32\usercpl.dll
2016-11-09 18:15:42 ----A---- C:\WINDOWS\system32\ubpm.dll
2016-11-09 18:15:41 ----A---- C:\WINDOWS\SYSWOW64\weretw.dll
2016-11-09 18:15:41 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2016-11-09 18:15:41 ----A---- C:\WINDOWS\system32\WpcTok.exe
2016-11-09 18:15:41 ----A---- C:\WINDOWS\system32\drivers\bowser.sys
2016-11-09 18:15:41 ----A---- C:\WINDOWS\system32\ddraw.dll
2016-11-09 18:15:40 ----A---- C:\WINDOWS\SYSWOW64\NPSM.dll
2016-11-09 18:15:40 ----A---- C:\WINDOWS\system32\dab.dll
2016-11-09 18:15:39 ----A---- C:\WINDOWS\SYSWOW64\wininetlui.dll
2016-11-09 18:15:39 ----A---- C:\WINDOWS\system32\TSpkg.dll
2016-11-09 18:15:38 ----A---- C:\WINDOWS\SYSWOW64\chartv.dll
2016-11-09 18:15:38 ----A---- C:\WINDOWS\system32\netplwiz.dll
2016-11-09 18:15:38 ----A---- C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 18:15:37 ----A---- C:\WINDOWS\SYSWOW64\zipfldr.dll
2016-11-09 18:15:37 ----A---- C:\WINDOWS\SYSWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 18:15:37 ----A---- C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 18:15:36 ----A---- C:\WINDOWS\SYSWOW64\atmlib.dll
2016-11-09 18:15:35 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 18:15:34 ----A---- C:\WINDOWS\system32\chartv.dll
2016-11-09 18:15:33 ----A---- C:\WINDOWS\system32\wmp.dll
2016-11-09 18:15:30 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2016-11-09 18:15:29 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2016-11-09 18:15:28 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2016-11-09 18:15:27 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2016-11-09 18:15:27 ----A---- C:\WINDOWS\system32\authui.dll
2016-11-09 18:15:26 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2016-11-09 18:15:26 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 18:15:25 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2016-11-09 18:15:25 ----A---- C:\WINDOWS\system32\ListSvc.dll
2016-11-09 18:15:24 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2016-11-09 18:15:24 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2016-11-09 18:15:24 ----A---- C:\WINDOWS\SYSWOW64\comdlg32.dll
2016-11-09 18:15:24 ----A---- C:\WINDOWS\system32\comdlg32.dll
2016-11-09 18:15:23 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2016-11-09 18:15:23 ----A---- C:\WINDOWS\system32\efsext.dll
2016-11-09 18:15:22 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2016-11-09 18:15:22 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2016-11-09 18:15:22 ----A---- C:\WINDOWS\system32\rdpcore.dll
2016-11-09 18:15:21 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2016-11-09 18:15:21 ----A---- C:\WINDOWS\system32\wwansvc.dll
2016-11-09 18:15:21 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 18:15:21 ----A---- C:\WINDOWS\system32\twinapi.dll
2016-11-09 18:15:21 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2016-11-09 18:15:20 ----A---- C:\WINDOWS\SYSWOW64\twinapi.dll
2016-11-09 18:15:20 ----A---- C:\WINDOWS\SYSWOW64\gameux.dll
2016-11-09 18:15:19 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2016-11-09 18:15:19 ----A---- C:\WINDOWS\SYSWOW64\hgcpl.dll
2016-11-09 18:15:18 ----A---- C:\WINDOWS\SYSWOW64\themecpl.dll
2016-11-09 18:15:18 ----A---- C:\WINDOWS\SYSWOW64\sud.dll
2016-11-09 18:15:18 ----A---- C:\WINDOWS\SYSWOW64\stobject.dll
2016-11-09 18:15:18 ----A---- C:\WINDOWS\SYSWOW64\DevicePairing.dll
2016-11-09 18:15:17 ----A---- C:\WINDOWS\SYSWOW64\LaunchWinApp.exe
2016-11-09 18:15:17 ----A---- C:\WINDOWS\SYSWOW64\fontext.dll
2016-11-09 18:15:17 ----A---- C:\WINDOWS\SYSWOW64\AuthExt.dll
2016-11-09 18:15:09 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 18:15:03 ----A---- C:\WINDOWS\system32\browserbroker.dll
2016-11-09 18:15:01 ----A---- C:\WINDOWS\SYSWOW64\mstsc.exe
2016-11-09 18:15:01 ----A---- C:\WINDOWS\system32\msv1_0.dll
2016-11-09 18:15:01 ----A---- C:\WINDOWS\system32\hgcpl.dll
2016-11-09 18:15:00 ----A---- C:\WINDOWS\explorer.exe
2016-11-09 18:14:59 ----A---- C:\WINDOWS\system32\gameux.dll
2016-11-09 18:14:59 ----A---- C:\WINDOWS\system32\fontext.dll
2016-11-09 18:14:58 ----A---- C:\WINDOWS\system32\ntdll.dll
2016-11-09 18:14:57 ----A---- C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 18:14:57 ----A---- C:\WINDOWS\system32\AudioSes.dll
2016-11-09 18:14:57 ----A---- C:\WINDOWS\system32\AudioEng.dll
2016-11-09 18:14:56 ----A---- C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 18:14:56 ----A---- C:\WINDOWS\system32\audiosrv.dll
2016-11-09 18:14:55 ----A---- C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 18:14:54 ----A---- C:\WINDOWS\system32\twinui.dll
2016-11-09 18:14:52 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 18:14:51 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 18:14:49 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2016-11-09 18:14:49 ----A---- C:\WINDOWS\system32\winload.exe
2016-11-09 18:14:48 ----A---- C:\WINDOWS\SYSWOW64\StoreAgent.dll
2016-11-09 18:14:48 ----A---- C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 18:14:48 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 18:14:47 ----A---- C:\WINDOWS\SYSWOW64\InstallAgentUserBroker.exe
2016-11-09 18:14:47 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2016-11-09 18:14:47 ----A---- C:\WINDOWS\system32\NPSM.dll
2016-11-09 18:14:47 ----A---- C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 18:14:47 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2016-11-09 18:14:47 ----A---- C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 18:14:46 ----A---- C:\WINDOWS\SYSWOW64\usercpl.dll
2016-11-09 18:14:46 ----A---- C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 18:14:46 ----A---- C:\WINDOWS\system32\sud.dll
2016-11-09 18:14:45 ----A---- C:\WINDOWS\SYSWOW64\msinfo32.exe
2016-11-09 18:14:45 ----A---- C:\WINDOWS\system32\themecpl.dll
2016-11-09 18:14:45 ----A---- C:\WINDOWS\system32\stobject.dll
2016-11-09 18:14:45 ----A---- C:\WINDOWS\system32\msinfo32.exe
2016-11-09 18:14:45 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 18:14:45 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 18:14:44 ----A---- C:\WINDOWS\system32\zipfldr.dll
2016-11-09 18:14:44 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 18:14:44 ----A---- C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 18:14:39 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-11-09 18:14:38 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-11-09 18:14:37 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-11-09 18:14:34 ----A---- C:\WINDOWS\system32\mshtmled.dll
2016-11-09 18:14:34 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-11-09 18:14:34 ----A---- C:\WINDOWS\system32\FSClient.dll
2016-11-09 18:14:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.Globalization.dll
2016-11-09 18:14:29 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2016-11-09 18:14:29 ----A---- C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 18:14:28 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 18:14:28 ----A---- C:\WINDOWS\system32\FrameServer.dll
2016-11-09 18:14:25 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-11-09 18:14:24 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 18:14:22 ----A---- C:\WINDOWS\system32\wininet.dll
2016-11-09 18:14:21 ----A---- C:\WINDOWS\system32\inetcomm.dll
2016-11-09 18:14:21 ----A---- C:\WINDOWS\system32\bisrv.dll
2016-11-09 18:14:20 ----A---- C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 18:14:20 ----A---- C:\WINDOWS\system32\cdp.dll
2016-11-09 18:14:16 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-11-09 18:14:14 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-11-09 18:14:14 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-11-09 18:14:13 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-11-09 18:14:12 ----A---- C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 18:14:11 ----A---- C:\WINDOWS\system32\ntshrui.dll
2016-11-09 18:14:11 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 18:14:10 ----A---- C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 18:14:10 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 18:14:09 ----A---- C:\WINDOWS\system32\shell32.dll
2016-11-09 18:14:06 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 18:14:05 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2016-11-09 18:14:04 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-11-09 18:14:02 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 18:14:02 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 18:13:59 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-11-09 18:13:57 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 18:13:56 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-11-09 18:13:54 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 18:13:53 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2016-11-09 18:13:53 ----A---- C:\WINDOWS\system32\ieproxy.dll
2016-11-09 18:13:52 ----A---- C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 18:13:52 ----A---- C:\WINDOWS\system32\mstscax.dll
2016-11-09 18:13:51 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-11-09 18:13:51 ----A---- C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 18:13:51 ----A---- C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 18:13:50 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2016-11-09 18:13:50 ----A---- C:\WINDOWS\SYSWOW64\d3d9.dll
2016-11-09 18:13:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 18:13:48 ----A---- C:\WINDOWS\SYSWOW64\NetSetupEngine.dll
2016-11-09 18:13:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2016-11-09 18:13:46 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2016-11-09 18:13:46 ----A---- C:\WINDOWS\SYSWOW64\comctl32.dll
2016-11-09 18:13:46 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 18:13:45 ----A---- C:\WINDOWS\SYSWOW64\NetSetupApi.dll
2016-11-09 18:13:45 ----A---- C:\WINDOWS\SYSWOW64\input.dll
2016-11-09 18:13:45 ----A---- C:\WINDOWS\system32\wifitask.exe
2016-11-09 18:13:45 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 18:13:44 ----A---- C:\WINDOWS\SYSWOW64\UIAnimation.dll
2016-11-09 18:13:44 ----A---- C:\WINDOWS\SYSWOW64\indexeddbserver.dll
2016-11-09 18:13:44 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2016-11-09 18:13:43 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2016-11-09 18:13:43 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2016-11-09 18:13:42 ----A---- C:\WINDOWS\SYSWOW64\TSpkg.dll
2016-11-09 18:13:42 ----A---- C:\WINDOWS\SYSWOW64\LockAppBroker.dll
2016-11-09 18:13:42 ----A---- C:\WINDOWS\SYSWOW64\ErrorDetails.dll
2016-11-09 18:13:42 ----A---- C:\WINDOWS\SYSWOW64\asycfilt.dll
2016-11-09 18:13:42 ----A---- C:\WINDOWS\SYSWOW64\ActionCenterCPL.dll
2016-11-09 18:13:42 ----A---- C:\WINDOWS\system32\shdocvw.dll
2016-11-09 18:13:42 ----A---- C:\WINDOWS\system32\iepeers.dll
2016-11-09 18:13:42 ----A---- C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 18:13:41 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2016-11-09 18:13:41 ----A---- C:\WINDOWS\SYSWOW64\ErrorDetailsUpdate.dll
2016-11-09 18:13:41 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 18:13:41 ----A---- C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 18:13:41 ----A---- C:\WINDOWS\system32\dxtrans.dll
2016-11-09 18:13:41 ----A---- C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 18:13:40 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2016-11-09 18:13:40 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2016-11-09 18:13:40 ----A---- C:\WINDOWS\SYSWOW64\GlobCollationHost.dll
2016-11-09 18:13:40 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 18:13:40 ----A---- C:\WINDOWS\system32\AppCapture.dll
2016-11-09 18:13:39 ----A---- C:\WINDOWS\system32\rdpudd.dll
2016-11-09 18:13:38 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 18:13:38 ----A---- C:\WINDOWS\system32\mfsvr.dll
2016-11-09 18:13:38 ----A---- C:\WINDOWS\system32\d3d9.dll
2016-11-09 18:13:37 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 18:13:37 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-11-09 18:13:36 ----A---- C:\WINDOWS\SYSWOW64\MSVidCtl.dll
2016-11-09 18:13:36 ----A---- C:\WINDOWS\system32\mfcore.dll
2016-11-09 18:13:35 ----A---- C:\WINDOWS\system32\gdi32full.dll
2016-11-09 18:13:33 ----A---- C:\WINDOWS\system32\winresume.exe
2016-11-09 18:13:32 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2016-11-09 18:13:30 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-11-09 18:13:30 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 18:13:30 ----A---- C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 18:13:29 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-11-09 18:13:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 18:13:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 18:13:29 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-11-09 18:13:29 ----A---- C:\WINDOWS\SYSWOW64\bcastdvr.exe
2016-11-09 18:13:29 ----A---- C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 18:13:28 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2016-11-09 18:13:28 ----A---- C:\WINDOWS\system32\msctf.dll
2016-11-09 18:13:28 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 18:13:27 ----A---- C:\WINDOWS\SYSWOW64\BcastDVRHelper.dll
2016-11-09 18:13:27 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 18:13:27 ----A---- C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 18:13:27 ----A---- C:\WINDOWS\system32\atmfd.dll
2016-11-09 18:13:26 ----A---- C:\WINDOWS\SYSWOW64\mfsensorgroup.dll
2016-11-09 18:13:26 ----A---- C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 18:13:26 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 18:13:26 ----A---- C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 18:13:26 ----A---- C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 18:13:26 ----A---- C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 18:13:26 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 18:13:26 ----A---- C:\WINDOWS\system32\drivers\iorate.sys
2016-11-09 18:13:25 ----A---- C:\WINDOWS\SYSWOW64\FSClient.dll
2016-11-09 18:13:25 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2016-11-09 18:13:25 ----A---- C:\WINDOWS\system32\win32k.sys
2016-11-09 18:13:24 ----A---- C:\WINDOWS\SYSWOW64\ddraw.dll
2016-11-09 18:13:24 ----A---- C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 18:13:24 ----A---- C:\WINDOWS\system32\input.dll
2016-11-09 18:13:23 ----A---- C:\WINDOWS\SYSWOW64\ntshrui.dll
2016-11-09 18:13:23 ----A---- C:\WINDOWS\SYSWOW64\efsext.dll
2016-11-09 18:13:23 ----A---- C:\WINDOWS\SYSWOW64\d3d8.dll
2016-11-09 18:13:23 ----A---- C:\WINDOWS\system32\wininetlui.dll
2016-11-09 18:13:22 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2016-11-09 18:13:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BlockedShutdown.dll
2016-11-09 18:13:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BioFeedback.dll
2016-11-09 18:13:20 ----A---- C:\WINDOWS\SYSWOW64\AppCapture.dll
2016-11-09 18:13:20 ----A---- C:\WINDOWS\system32\atmlib.dll

======List of files/folders modified in the last 1 month======

2016-12-04 09:24:23 ----RD---- C:\Program Files
2016-12-04 09:15:37 ----D---- C:\WINDOWS\Prefetch
2016-12-04 08:51:04 ----D---- C:\Program Files (x86)\Steam
2016-12-04 08:43:53 ----D---- C:\WINDOWS\Temp
2016-12-04 08:39:56 ----D---- C:\WINDOWS\System32
2016-12-04 08:39:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-04 08:34:17 ----D---- C:\ProgramData\PDFC
2016-12-04 08:34:12 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2016-12-04 08:34:07 ----D---- C:\Windows
2016-12-04 08:33:23 ----D---- C:\WINDOWS\system32\sru
2016-12-04 08:33:23 ----D---- C:\WINDOWS\system32\catroot2
2016-12-04 08:25:22 ----D---- C:\WINDOWS\system32\NDF
2016-12-04 08:24:17 ----D---- C:\WINDOWS\system32\SleepStudy
2016-12-03 18:25:07 ----RD---- C:\WINDOWS\Microsoft.NET
2016-12-03 17:51:33 ----D---- C:\WINDOWS\system32\drivers
2016-12-03 17:10:22 ----HD---- C:\ProgramData
2016-12-03 15:56:59 ----D---- C:\WINDOWS\AppReadiness
2016-12-02 20:43:35 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2016-12-02 17:42:55 ----D---- C:\WINDOWS\INF
2016-12-02 06:19:45 ----HD---- C:\Program Files\WindowsApps
2016-12-02 06:07:59 ----D---- C:\WINDOWS\system32\CatRoot
2016-12-02 06:07:55 ----D---- C:\WINDOWS\system32\DriverStore
2016-12-01 20:20:42 ----D---- C:\WINDOWS\system32\drivers\UMDF
2016-12-01 18:26:52 ----D---- C:\torrent
2016-12-01 18:22:30 ----RD---- C:\Program Files (x86)
2016-12-01 17:43:14 ----SHD---- C:\WINDOWS\Installer
2016-12-01 17:43:09 ----D---- C:\ProgramData\WinZip
2016-12-01 17:42:38 ----D---- C:\Program Files (x86)\7-Zip
2016-12-01 17:41:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-01 17:41:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-12-01 17:38:55 ----D---- C:\WINDOWS\system32\Tasks
2016-12-01 17:38:31 ----SHD---- C:\System Volume Information
2016-12-01 17:36:57 ----SD---- C:\Users\Admin\AppData\Roaming\Microsoft
2016-11-30 20:32:18 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2016-11-28 20:54:35 ----D---- C:\WINDOWS\LiveKernelReports
2016-11-26 22:04:26 ----RSD---- C:\WINDOWS\assembly
2016-11-26 18:42:12 ----D---- C:\WINDOWS\debug
2016-11-26 00:20:13 ----D---- C:\WINDOWS\SYSWOW64\directx
2016-11-26 00:20:08 ----HD---- C:\WINDOWS\msdownld.tmp
2016-11-26 00:20:07 ----D---- C:\WINDOWS\Logs
2016-11-26 00:19:58 ----D---- C:\WINDOWS\SysWOW64
2016-11-26 00:16:35 ----D---- C:\WINDOWS\SoftwareDistribution
2016-11-26 00:13:00 ----DC---- C:\WINDOWS\Panther
2016-11-26 00:12:54 ----D---- C:\WINDOWS\Minidump
2016-11-18 23:12:00 ----D---- C:\WINDOWS\rescache
2016-11-18 22:55:02 ----D---- C:\WINDOWS\system32\config
2016-11-11 11:53:45 ----D---- C:\WINDOWS\WinSxS
2016-11-10 21:32:31 ----D---- C:\WINDOWS\SYSWOW64\migration
2016-11-10 21:32:31 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-11-10 21:32:30 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 21:32:30 ----D---- C:\WINDOWS\system32\oobe
2016-11-10 21:32:30 ----D---- C:\WINDOWS\system32\migwiz
2016-11-10 21:32:30 ----D---- C:\WINDOWS\system32\migration
2016-11-10 21:32:29 ----D---- C:\WINDOWS\system32\cs-CZ
2016-11-10 21:32:29 ----D---- C:\WINDOWS\system32\Boot
2016-11-10 21:32:26 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-11-10 21:32:26 ----D---- C:\WINDOWS\ShellExperiences
2016-11-10 21:32:26 ----D---- C:\WINDOWS\bcastdvr
2016-11-10 21:32:26 ----D---- C:\WINDOWS\AppPatch
2016-11-10 18:47:00 ----D---- C:\WINDOWS\CbsTemp
2016-11-10 18:39:23 ----D---- C:\WINDOWS\system32\MRT
2016-11-10 18:33:46 ----D---- C:\WINDOWS\system32\Macromed
2016-11-10 18:33:43 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2016-11-09 23:51:30 ----AC---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2016-06-14 74544]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2016-08-05 292704]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2016-06-14 37144]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2016-06-14 103064]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2016-06-14 1070904]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2016-06-14 465792]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-07-16 88576]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-07-16 8192]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2016-06-14 37656]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2016-06-14 107792]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2016-06-14 166432]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2016-07-16 48128]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2016-07-16 78336]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-12-25 21648880]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-12-25 674288]
R3 athr;@netathrx.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\drivers\athwnx.sys [2016-07-16 4233728]
R3 AtiHDAudioService;@oem4.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWT6.sys [2015-05-28 102912]
R3 BTATH_BUS;@oem5.inf,%BTATH_BUS.SVCDESC%;Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys [2011-03-01 28832]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2016-07-13 610336]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-08-20 84992]
R3 HECIx64;@oem27.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface; C:\WINDOWS\System32\drivers\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2011-01-12 2709224]
R3 RSPCIESTOR;@oem10.inf,%Rts5208%;Realtek PCIE CardReader Driver; C:\WINDOWS\system32\DRIVERS\RtsPStor.sys [2012-03-29 342632]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-16 589824]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2016-04-27 52904]
R3 SynTP;@oem17.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2016-04-27 622784]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-07-16 105824]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-07-16 101216]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2016-07-16 58720]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2016-07-16 61792]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2016-07-16 32096]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2016-07-16 9728]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2016-10-15 967168]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-07-16 38912]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-09-10 118272]
S3 clwvd;@oem9.inf,%clwvd.DeviceDesc%;CyberLink WebCam Virtual Driver; C:\WINDOWS\system32\DRIVERS\clwvd.sys [2011-02-09 31088]
S3 dg_ssudbus;@oem20.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2015-11-01 108800]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-07-16 20480]
S3 GPU-Z;GPU-Z; \??\C:\Users\Admin\AppData\Local\Temp\GPU-Z.sys [2016-11-26 27008]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-07-16 50016]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-08-06 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2016-07-16 81408]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-07-16 176384]
S3 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2010-09-13 437272]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2016-07-16 526176]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-07-16 842584]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2016-07-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2016-07-16 928608]
S3 RTCore64;RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys []
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2016-07-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-07-16 50688]
S3 UdeCx;USB Device Emulation Support Library; C:\WINDOWS\system32\drivers\udecx.sys [2016-07-16 45568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2015-12-25 255472]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-06-14 243296]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 CDPUserSvc_32eef;CDPUserSvc_32eef; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-12-01 126520]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-07-23 268824]
R2 OneSyncSvc_32eef;Hostitel synchronizace_32eef; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-04-27 253960]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-02-04 797240]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-16 152216]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-10 270016]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-07-16 93184]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-11-20 227904]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-11-15 259664]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-16 152216]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService_32eef;Služba zasílání zpráv_32eef; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PimIndexMaintenanceSvc_32eef;Data kontaktů_32eef; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-09-07 1312768]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-10-13 1459488]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2016-07-16 287744]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S4 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3800487716-3025749632-1461767461-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDF
HKU\S-1-5-21-3800487716-3025749632-1461767461-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDF
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3800487716-3025749632-1461767461-1000 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3800487716-3025749632-1461767461-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-3800487716-3025749632-1461767461-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR StartupUrls: Default -> "hxxp://websearch.search-guide.info/?pid=518&r=2013/11/12&hid=9512509551006325946&lg=EN&cc=CZ&unqvl=40"
U4 aspnet_state; no ImagePath
C:\WINDOWS\system32\ApnDatabase.xml
C:\Users\Admin\AppData\Local\Temp
Task: {07A40334-A9E4-4724-B07B-8A4831525BB9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0A77D2D4-8B1F-401E-9CC6-45CAFDDA7C20} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1659994A-D04E-4855-AF67-BAB592D15BEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {25145D99-A170-4FC7-999A-BB4E9C0A0D80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3B1F4A65-C02F-4690-8088-CCD7F53550F0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {654C2173-9816-46EB-A06E-4F6506F8514A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8F289ABF-0F95-4262-8B73-4A82D7E6545B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AF54050F-ACFA-47C4-8432-61DF6327A9CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BC46AF16-0BC5-4F4D-839C-FE521CE905D8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D112C2FD-54F8-46F8-8430-D0F00BA10B02} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ED53EC3D-04FA-44A3-8599-CBA3AFBA8E09} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\Admin\Desktop" je 11894 MB.

To je příliš mnoho a může to zpomalovat start systému. Vytvořte v C:\Users\Admin novou složku, do níž přesuňte všechna data z plochy (kromě zástupců). Na ploch si pak dejte zástupce té složky pro snazší přístup.

Omlouvám se, asi jsem už jednou PC čistil a log po nějaké době smazal. Projel jsem to podruhé se stejným fixlistem, snad jsem něco nedo*ral

Nastala nějaká změna?

PC zamrzává například v chrome.

Zkusíme tyto utility:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Junkware stihnu až odpoledne. Zatím díky.

Edit: Při probíhání Zoek.exe párkrát vyskočilo, že aplikace xxxxx.exe nemohla být spuštěna.

Jj. Až budou provedeny oba skeny, dejte vědět.

Tedy zde kód z JRT.

OK. Zmenilo se něco?

Zatím se zdá v pohodě