VIRY.CZ

Malwarebytes našel nějaké svinstvo které jsem dal odstranit. Notebook zpomalený, systém se načte
ale nenaběhne že by se sním dalo pracovat. Stále se točí kurzor že něco dělá. Log jsem dělal z nouzového režimu.

Logfile of random's system information tool 1.10 (written by random/random)
Run by ProBook at 2016-12-24 16:07:23
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 489 GB (71%) free of 692 GB
Total RAM: 3978 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:07:28, on 24.12.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\ProBook.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [T-Mobile CManager] "c:\program files (x86)\t-mobile\web'n'walk manager\manager.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{280D6BC2-1899-4FFD-8BB6-1D8D62E96030}: NameServer =
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\windows\SysWOW64\flcdlock.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 11089 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
ctfmon.exe
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\windows\system32\cmd.exe"
\??\C:\windows\system32\conhost.exe "324265248-523916093-1409326952-1483747017-1555748552821681322-1470379549308143545
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\ProBook\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\ProBook\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=55.0.2883.87 --handshake-handle=0xa4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1616 --on-initialized-event-handle=332 --parent-handle=336 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/*Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Control/SignInPasswordPromo/ExEnable2/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_76/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=655C1CD7EAFF6939A63B6FF1354F1C2C --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --service-request-channel-token=655C1CD7EAFF6939A63B6FF1354F1C2C --mojo-platform-channel-handle=4088 /prefetch:1
"C:\Users\ProBook\Downloads\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

=========Mozilla firefox=========

ProfilePath - C:\Users\ProBook\AppData\Roaming\Mozilla\Firefox\Profiles\yz0xthzp.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.205 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.77.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.205 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll


C:\Users\ProBook\AppData\Roaming\Mozilla\Firefox\Profiles\yz0xthzp.default\extensions\
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-05 173120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-24 193136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [2012-03-30 636032]
"QLBController"=c:\program files (x86)\hewlett-packard\hp hotkey support\qlbcontroller.exe [2013-10-16 337184]
"Persistence"=c:\windows\system32\igfxpers.exe [2012-03-26 439064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-09-25 132736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile CManager"=c:\program files (x86)\t-mobile\web'n'walk manager\manager.exe [2015-08-06 2162152]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-12-06 9288408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
c:\program files (x86)\intel\intel(r) rapid storage technology\iastoriconlaunch.exe [2012-03-01 56088]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-09-25 132736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-03-26 434688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"midi3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi5"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-12-24 16:07:23 ----D---- C:\rsit
2016-12-24 16:07:23 ----D---- C:\Program Files\trend micro
2016-12-24 16:04:54 ----A---- C:\windows\ntbtlog.txt
2016-12-24 15:30:37 ----D---- C:\Program Files\CCleaner
2016-12-24 15:30:22 ----D---- C:\ProgramData\Google
2016-12-15 20:14:29 ----A---- C:\windows\system32\mshtml.dll
2016-12-15 20:14:28 ----A---- C:\windows\SYSWOW64\mshtml.dll
2016-12-15 20:14:24 ----A---- C:\windows\system32\ieframe.dll
2016-12-15 20:14:23 ----A---- C:\windows\SYSWOW64\ieframe.dll
2016-12-15 20:14:22 ----A---- C:\windows\system32\jscript9.dll
2016-12-15 20:14:21 ----A---- C:\windows\SYSWOW64\jscript9.dll
2016-12-15 20:14:20 ----A---- C:\windows\SYSWOW64\wininet.dll
2016-12-15 20:14:20 ----A---- C:\windows\system32\wininet.dll
2016-12-15 20:14:20 ----A---- C:\windows\system32\win32k.sys
2016-12-15 20:14:20 ----A---- C:\windows\system32\msi.dll
2016-12-15 20:14:19 ----A---- C:\windows\SYSWOW64\msi.dll
2016-12-15 20:14:19 ----A---- C:\windows\system32\drivers\cng.sys
2016-12-15 20:14:19 ----A---- C:\windows\system32\clfs.sys
2016-12-15 20:14:18 ----A---- C:\windows\SYSWOW64\urlmon.dll
2016-12-15 20:14:18 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2016-12-15 20:14:18 ----A---- C:\windows\SYSWOW64\bcrypt.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\usp10.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\user32.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\iedkcs32.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\gdi32.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\consent.exe
2016-12-15 20:14:18 ----A---- C:\windows\system32\bcrypt.dll
2016-12-15 20:14:17 ----A---- C:\windows\SYSWOW64\usp10.dll
2016-12-15 20:14:17 ----A---- C:\windows\system32\urlmon.dll
2016-12-15 20:14:17 ----A---- C:\windows\system32\hlink.dll
2016-12-15 20:14:17 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2016-12-15 20:14:17 ----A---- C:\windows\system32\drivers\ksecdd.sys
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\user32.dll
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\hlink.dll
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\gdi32.dll
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\certcli.dll
2016-12-15 20:14:16 ----A---- C:\windows\system32\mshtmlmedia.dll
2016-12-15 20:14:16 ----A---- C:\windows\system32\certcli.dll
2016-12-15 20:14:15 ----A---- C:\windows\SYSWOW64\jscript.dll
2016-12-15 20:14:15 ----A---- C:\windows\system32\vbscript.dll
2016-12-15 20:14:15 ----A---- C:\windows\system32\msfeeds.dll
2016-12-15 20:14:15 ----A---- C:\windows\system32\jscript.dll
2016-12-15 20:14:15 ----A---- C:\windows\system32\iertutil.dll
2016-12-15 20:14:14 ----A---- C:\windows\SYSWOW64\vbscript.dll
2016-12-15 20:14:14 ----A---- C:\windows\SYSWOW64\iertutil.dll
2016-12-15 20:14:14 ----A---- C:\windows\system32\rpcrt4.dll
2016-12-15 20:14:14 ----A---- C:\windows\system32\ieapfltr.dll
2016-12-15 20:14:13 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2016-12-15 20:14:13 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2016-12-15 20:14:13 ----A---- C:\windows\system32\msiexec.exe
2016-12-15 20:14:13 ----A---- C:\windows\system32\ieui.dll
2016-12-15 20:14:13 ----A---- C:\windows\system32\authui.dll
2016-12-15 20:14:12 ----A---- C:\windows\SYSWOW64\msiexec.exe
2016-12-15 20:14:12 ----A---- C:\windows\system32\msihnd.dll
2016-12-15 20:14:12 ----A---- C:\windows\system32\lsasrv.dll
2016-12-15 20:14:12 ----A---- C:\windows\system32\dxtmsft.dll
2016-12-15 20:14:11 ----A---- C:\windows\SYSWOW64\rpcrt4.dll
2016-12-15 20:14:11 ----A---- C:\windows\system32\webcheck.dll
2016-12-15 20:14:11 ----A---- C:\windows\system32\msrating.dll
2016-12-15 20:14:11 ----A---- C:\windows\system32\mshtmled.dll
2016-12-15 20:14:11 ----A---- C:\windows\system32\dxtrans.dll
2016-12-15 20:14:10 ----A---- C:\windows\SYSWOW64\ieui.dll
2016-12-15 20:14:10 ----A---- C:\windows\SYSWOW64\authui.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\occache.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2016-12-15 20:14:10 ----A---- C:\windows\system32\kerberos.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\jsproxy.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\jscript9diag.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2016-12-15 20:14:10 ----A---- C:\windows\system32\appinfo.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\webcheck.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\msihnd.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2016-12-15 20:14:09 ----A---- C:\windows\system32\schannel.dll
2016-12-15 20:14:09 ----A---- C:\windows\system32\inseng.dll
2016-12-15 20:14:09 ----A---- C:\windows\system32\ieUnatt.exe
2016-12-15 20:14:08 ----A---- C:\windows\SYSWOW64\sspicli.dll
2016-12-15 20:14:08 ----A---- C:\windows\SYSWOW64\occache.dll
2016-12-15 20:14:08 ----A---- C:\windows\SYSWOW64\msrating.dll
2016-12-15 20:14:08 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2016-12-15 20:14:08 ----A---- C:\windows\system32\ncrypt.dll
2016-12-15 20:14:08 ----A---- C:\windows\system32\ieetwproxystub.dll
2016-12-15 20:14:07 ----A---- C:\windows\SYSWOW64\kerberos.dll
2016-12-15 20:14:07 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2016-12-15 20:14:07 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2016-12-15 20:14:07 ----A---- C:\windows\system32\TSpkg.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\msv1_0.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\MshtmlDac.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\iesetup.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2016-12-15 20:14:06 ----A---- C:\windows\system32\ie4uinit.exe
2016-12-15 20:14:05 ----A---- C:\windows\SYSWOW64\msv1_0.dll
2016-12-15 20:14:05 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2016-12-15 20:14:05 ----A---- C:\windows\system32\wdigest.dll
2016-12-15 20:14:05 ----A---- C:\windows\system32\sspicli.dll
2016-12-15 20:14:04 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2016-12-15 20:14:04 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-12-15 20:14:04 ----A---- C:\windows\system32\rpchttp.dll
2016-12-15 20:14:03 ----A---- C:\windows\SYSWOW64\inseng.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\wdigest.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\schannel.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\rpchttp.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\iesetup.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\iernonce.dll
2016-12-15 20:14:02 ----A---- C:\windows\system32\sspisrv.dll
2016-12-15 20:14:02 ----A---- C:\windows\system32\iernonce.dll
2016-12-15 20:14:02 ----A---- C:\windows\system32\ieetwcollector.exe
2016-12-15 20:14:02 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2016-12-15 20:14:02 ----A---- C:\windows\system32\cryptbase.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\secur32.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\cryptbase.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\credssp.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\auditpol.exe
2016-12-15 20:14:01 ----A---- C:\windows\system32\secur32.dll
2016-12-15 20:14:01 ----A---- C:\windows\system32\lsass.exe
2016-12-15 20:14:01 ----A---- C:\windows\system32\credssp.dll
2016-12-15 20:14:01 ----A---- C:\windows\system32\auditpol.exe
2016-12-15 20:14:00 ----A---- C:\windows\SYSWOW64\msimsg.dll
2016-12-15 20:14:00 ----A---- C:\windows\SYSWOW64\msaudite.dll
2016-12-15 20:14:00 ----A---- C:\windows\SYSWOW64\adtschema.dll
2016-12-15 20:14:00 ----A---- C:\windows\system32\msimsg.dll
2016-12-15 20:14:00 ----A---- C:\windows\system32\msaudite.dll
2016-12-15 20:14:00 ----A---- C:\windows\system32\adtschema.dll
2016-12-15 20:13:59 ----A---- C:\windows\SYSWOW64\msobjs.dll
2016-12-15 20:13:59 ----A---- C:\windows\system32\msobjs.dll
2016-12-15 20:13:59 ----A---- C:\windows\system32\ieetwcollectorres.dll
2016-12-15 20:13:58 ----A---- C:\windows\SYSWOW64\tzres.dll
2016-12-15 20:13:58 ----A---- C:\windows\system32\tzres.dll
2016-12-06 08:17:39 ----D---- C:\windows\IObit
2016-12-01 18:46:12 ----A---- C:\windows\SYSWOW64\ssinstall-uninstall.bat
2016-12-01 18:46:08 ----A---- C:\windows\SYSWOW64\ssins.exe
2016-11-29 22:34:16 ----A---- C:\windows\SYSWOW64\msvcr110_clr0400.dll
2016-11-29 22:34:16 ----A---- C:\windows\SYSWOW64\msvcr100_clr0400.dll
2016-11-29 22:34:16 ----A---- C:\windows\SYSWOW64\msvcp110_clr0400.dll
2016-11-29 22:34:16 ----A---- C:\windows\SYSWOW64\aspnet_counters.dll
2016-11-29 22:27:48 ----A---- C:\windows\system32\msvcr110_clr0400.dll
2016-11-29 22:27:48 ----A---- C:\windows\system32\msvcr100_clr0400.dll
2016-11-29 22:27:48 ----A---- C:\windows\system32\msvcp110_clr0400.dll
2016-11-29 22:27:48 ----A---- C:\windows\system32\aspnet_counters.dll

======List of files/folders modified in the last 1 month======

2016-12-24 16:07:23 ----RD---- C:\Program Files
2016-12-24 16:07:17 ----D---- C:\windows\Temp
2016-12-24 16:04:54 ----D---- C:\Windows
2016-12-24 15:56:12 ----D---- C:\ProgramData\PDFC
2016-12-24 15:53:54 ----D---- C:\windows\inf
2016-12-24 15:42:32 ----D---- C:\windows\system32\config
2016-12-24 15:39:04 ----A---- C:\windows\SYSWOW64\log.txt
2016-12-24 15:38:47 ----SHD---- C:\windows\Installer
2016-12-24 15:38:45 ----SHD---- C:\System Volume Information
2016-12-24 15:38:34 ----D---- C:\windows\Prefetch
2016-12-24 15:34:25 ----D---- C:\Users\ProBook\AppData\Roaming\TeamViewer
2016-12-24 15:34:25 ----D---- C:\Program Files (x86)\TeamViewer
2016-12-24 15:34:15 ----D---- C:\windows\SoftwareDistribution
2016-12-24 15:30:46 ----D---- C:\windows\system32\Tasks
2016-12-24 15:30:36 ----RD---- C:\Program Files (x86)
2016-12-24 15:30:33 ----D---- C:\Program Files\Google
2016-12-24 15:30:33 ----D---- C:\Program Files (x86)\Google
2016-12-24 15:30:32 ----SHD---- C:\Config.Msi
2016-12-24 15:30:22 ----HD---- C:\ProgramData
2016-12-24 15:30:05 ----D---- C:\ProgramData\WinZip
2016-12-24 15:27:19 ----D---- C:\Program Files (x86)\IObit
2016-12-24 15:26:32 ----D---- C:\windows\system32\drivers
2016-12-24 15:09:45 ----D---- C:\swsetup
2016-12-23 21:13:54 ----D---- C:\windows\winsxs
2016-12-23 21:11:00 ----D---- C:\windows\system32\catroot2
2016-12-23 20:58:13 ----SHD---- C:\boot
2016-12-23 20:48:49 ----D---- C:\windows\Tasks
2016-12-23 20:39:31 ----D---- C:\Users\ProBook\AppData\Roaming\IObit
2016-12-23 20:35:31 ----D---- C:\windows\Minidump
2016-12-23 20:11:25 ----D---- C:\ProgramData\APN
2016-12-23 19:29:21 ----D---- C:\ProgramData\ProductData
2016-12-22 15:07:13 ----D---- C:\Users\ProBook\AppData\Roaming\SoftGrid Client
2016-12-21 20:16:11 ----D---- C:\windows\debug
2016-12-16 18:30:05 ----D---- C:\windows\rescache
2016-12-16 08:37:42 ----D---- C:\windows\Microsoft.NET
2016-12-16 08:03:19 ----RSD---- C:\windows\assembly
2016-12-16 07:44:47 ----D---- C:\Program Files\Internet Explorer
2016-12-16 07:44:45 ----D---- C:\windows\SYSWOW64\en-US
2016-12-16 07:44:45 ----D---- C:\windows\SYSWOW64\cs-CZ
2016-12-16 07:44:45 ----D---- C:\Program Files (x86)\Internet Explorer
2016-12-16 07:44:44 ----D---- C:\windows\SysWOW64
2016-12-16 07:44:42 ----D---- C:\windows\system32\cs-CZ
2016-12-16 07:44:41 ----D---- C:\windows\system32\en-US
2016-12-16 07:44:41 ----D---- C:\windows\System32
2016-12-15 23:32:58 ----D---- C:\windows\system32\MRT
2016-12-15 23:29:55 ----AC---- C:\windows\system32\MRT.exe
2016-12-15 23:28:09 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2016-12-15 23:27:58 ----A---- C:\windows\system32\PerfStringBackup.INI
2016-12-15 09:26:16 ----D---- C:\ProgramData\IObit
2016-12-13 00:39:09 ----D---- C:\Users\ProBook\AppData\Roaming\WinTrack
2016-12-07 09:32:47 ----A---- C:\windows\SYSWOW64\libeay32.dll
2016-12-01 18:46:12 ----A---- C:\windows\SYSWOW64\ssleay32.dll
2016-12-01 16:49:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-11-30 10:45:09 ----D---- C:\windows\ModemLogs
2016-11-30 09:34:38 ----D---- C:\windows\system32\catroot
2016-11-30 09:34:12 ----D---- C:\Program Files\Microsoft Security Client
2016-11-30 09:34:11 ----D---- C:\Program Files (x86)\Microsoft Security Client
2016-11-27 08:54:11 ----D---- C:\windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\windows\system32\DRIVERS\amdkmpfd.sys [2012-03-20 32896]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2012-09-07 31040]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\drivers\iaStor.sys [2012-02-02 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
R0 MfeEpeOpal;MfeEpeOpal; C:\windows\system32\drivers\MfeEpeOpal.sys [2013-03-27 91432]
R0 MfeEpePc;MfeEpePc; C:\windows\system32\drivers\MfeEpePc.sys [2013-03-27 158760]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2012-12-20 3837440]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus; C:\windows\system32\DRIVERS\btath_bus.sys [2013-09-25 34384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2011-07-18 25912]
R3 huawei_enumerator;huawei_enumerator; C:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 90112]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2013-11-06 62784]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2013-06-12 708200]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2013-12-18 549104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-03-18 26528]
S2 MBAMChameleon;MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys []
S3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2012-09-07 43328]
S3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2014-12-10 16752640]
S3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2014-12-10 584192]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2012-02-03 42816]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2013-09-25 89800]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2013-09-25 338120]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service; C:\windows\system32\drivers\btath_avdt.sys [2013-09-25 116424]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\windows\system32\DRIVERS\btath_hcrp.sys [2013-09-25 179432]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2013-09-25 77464]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\windows\system32\DRIVERS\btath_rcp.sys [2013-09-25 137928]
S3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2013-09-25 590024]
S3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthMtpEnum;Modul pro výčet zařízení Bluetooth MTP; C:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 64512]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2012-04-17 80384]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2012-01-31 64312]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\windows\system32\DRIVERS\ewdcsc.sys [2010-10-08 32768]
S3 huawei_cdcacm;huawei_cdcacm; C:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 30720]
S3 huawei_wwanecm;huawei_wwanecm; C:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-04-23 238080]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2011-12-31 225920]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\windows\system32\DRIVERS\ewusbdev.sys []
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-03-26 14748416]
S3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 intelkmd;intelkmd; C:\windows\system32\DRIVERS\igdpmd64.sys [2012-03-26 14748416]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3hub.sys [2013-06-12 358456]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\windows\system32\DRIVERS\iusb3xhc.sys [2013-06-12 791608]
S3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2013-11-20 176880]
S3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2014-10-08 766632]
S3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2014-10-08 273576]
S3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2014-10-08 29352]
S3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2014-10-08 23208]
S3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\SPUVCbv_x64.sys [2013-06-12 1064184]
S3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\windows\system32\DRIVERS\stwrt64.sys [2013-06-12 543744]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
S2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2014-12-10 239616]
S2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-09-25 312448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-03-18 822496]
S2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2009-07-14 27136]
S2 DpHost;@C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-04-28 493904]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05 154440]
S2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
S2 HPFSService;File Sanitizer for HP ProtectTools; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-08-07 378488]
S2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2013-10-16 681760]
S2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2012-09-07 33600]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-08-15 29728]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-03-01 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
S2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-11-06 131032]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-11-06 165336]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-10-09 2934048]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-11-06 279000]
S2 MbnExt;Mobile Broadband Extension Service; C:\windows\system32\svchost.exe [2009-07-14 27136]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2013-03-27 1327104]
S2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-07-18 1143432]
S2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-08 534184]
S2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2013-06-12 327680]
S2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-09-20 7500048]
S2 uArcCapture;ArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2012-02-03 498352]
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-11-06 366040]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2012-03-20 2694224]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09 270016]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-29 51384]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-26 276248]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\windows\SysWOW64\flcdlock.exe [2012-04-27 477056]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05 154440]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-12-24 194032]
S3 hpCMSrv;HP Connection Manager 4 Service; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2013-10-31 1421112]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2015-04-28 1102472]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2016-11-12 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-23 146888]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-08 211104]
S3 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]

-----------------EOF-----------------


Díky za kontrolu.

Radek

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v6.041 - Log vytvořen 24/12/2016 v 21:00:47
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-23.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : ProBook - PROBOOK-HP
# Spuštěno z : C:\Users\ProBook\Downloads\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\ProgramData\apn
[-] Složka smazána: C:\ProgramData\Ask
[#] Složka smazána po restartu: C:\ProgramData\Application Data\apn
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Ask
[-] Složka smazána: C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\AskToolbar


***** [ Soubory ] *****

[-] Soubor smazán: C:\prefs.js


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Klíč smazán: HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
[-] Klíč smazán: HKU\S-1-5-21-627175611-570232580-1928622291-1001\Software\AppDataLow\Software\Browser Extensions
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\AppDataLow\Software\AskToolbar
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Browser Extensions
[#] Klíč smazán po restartu: [x64] HKCU\Software\AppDataLow\Software\Browser Extensions
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\forum.malezeljeznice.net
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\malezeljeznice.net
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wlogin.icq.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\forum.malezeljeznice.net
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\malezeljeznice.net
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wlogin.icq.com


***** [ Prohlížeče ] *****

[-] [C:\Users\ProBook\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: bbmegnmpleoagolcnjnejdacakedpcgd


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5755 Bajty] - [24/12/2016 21:00:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [5842 Bajty] - [24/12/2016 21:00:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5901 Bajty] ##########

Dejte nový log RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by ProBook at 2016-12-24 21:12:36
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 488 GB (71%) free of 692 GB
Total RAM: 3978 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:12:43, on 24.12.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\ProBook.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [T-Mobile CManager] "c:\program files (x86)\t-mobile\web'n'walk manager\manager.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{280D6BC2-1899-4FFD-8BB6-1D8D62E96030}: NameServer =
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\windows\SysWOW64\flcdlock.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 11390 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
"C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
atieclxx
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\windows\system32\vcsFPService.exe
"C:\windows\system32\Dwm.exe"
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe 38543488
\??\C:\windows\system32\conhost.exe "32046534119631207731705393891897589435-55353520-369828197704748706-1043344161
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
C:\windows\System32\svchost.exe -k utcsvc
"c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\windows\SysWOW64\svchost.exe -k MbnExt
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\windows\system32\UI0Detect.exe
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\servicing\TrustedInstaller.exe
"C:\windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3bcb905f-9e84-478e-a8ad-03352d4ca912 -SystemEventPortName:HostProcess-937eb959-393a-42bb-8e01-47422fe68275 -IoCancelEventPortName:HostProcess-f907a084-d1ea-40e1-bfd2-1b9dc729eb7c -NonStateChangingEventPortName:HostProcess-211c9107-61ae-4202-b017-b6af3e8283b8 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4f49732c-2b3c-425a-ab6e-1845cb6edea0 -DeviceGroupId:
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\ProBook\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\ProBook\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=55.0.2883.87 --handshake-handle=0xa4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=5668 --on-initialized-event-handle=340 --parent-handle=344 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/Html5ByDefault/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Control/SignInPasswordPromo/ExEnable2/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_76/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=6,14,16,17,18,21,37,54,65 --gpu-vendor-id=0x1002 --gpu-device-id=0x0000 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=14.301.1003.1003 --gpu-driver-date=12-3-2014 --gpu-secondary-vendor-ids=0x8086 --gpu-secondary-device-ids=0x0166 --gpu-active-vendor-id=0x8086 --gpu-active-device-id=0x0166 --service-request-channel-token=4786FAA31BA264A09BCFF9CC74743B57 --mojo-platform-channel-handle=1056 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/*Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Control/SignInPasswordPromo/ExEnable2/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_76/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=B9104CD4AD4AFB07576A462650494115 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=B9104CD4AD4AFB07576A462650494115 --mojo-platform-channel-handle=2956 /prefetch:1
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\windows\system32\mspaint.exe"

"c:\Program Files\Microsoft Security Client\\MpCmdRun.exe" SignatureUpdate -ScheduleJob -RestrictPrivileges -Reinvoke
"c:\Program Files\Microsoft Security Client\\MpCmdRun.exe" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate
\??\C:\windows\system32\conhost.exe "14068195882038843873-812966575-212437792-18432956311649412970-923467689877607988
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\sppsvc.exe
taskeng.exe {E187C8E2-6E63-4971-9346-5995F373F0A7}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/*Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Control/SignInPasswordPromo/ExEnable2/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_76/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=C6A78CA90BF4D5BA8006A0E8647DA3E8 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=C6A78CA90BF4D5BA8006A0E8647DA3E8 --mojo-platform-channel-handle=3708 /prefetch:1
"C:\Users\ProBook\Downloads\RSITx64.exe"
"C:\windows\system32\wuauclt.exe" /RunHandlerComServer
"C:\windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.233.3169.0.exe" ANTIMALWARE /q
MpSigStub.exe /program ANTIMALWARE /q

=========Mozilla firefox=========

ProfilePath - C:\Users\ProBook\AppData\Roaming\Mozilla\Firefox\Profiles\yz0xthzp.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.205 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.77.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.205 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll


C:\Users\ProBook\AppData\Roaming\Mozilla\Firefox\Profiles\yz0xthzp.default\extensions\
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-05 173120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-24 193136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [2012-03-30 636032]
"QLBController"=c:\program files (x86)\hewlett-packard\hp hotkey support\qlbcontroller.exe [2013-10-16 337184]
"Persistence"=c:\windows\system32\igfxpers.exe [2012-03-26 439064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-09-25 132736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile CManager"=c:\program files (x86)\t-mobile\web'n'walk manager\manager.exe [2015-08-06 2162152]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-12-06 9288408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
c:\program files (x86)\intel\intel(r) rapid storage technology\iastoriconlaunch.exe [2012-03-01 56088]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-09-25 132736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-03-26 434688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"midi3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi5"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-12-24 20:58:49 ----D---- C:\AdwCleaner
2016-12-24 16:07:23 ----D---- C:\rsit
2016-12-24 16:07:23 ----D---- C:\Program Files\trend micro
2016-12-24 16:04:54 ----A---- C:\windows\ntbtlog.txt
2016-12-24 15:30:37 ----D---- C:\Program Files\CCleaner
2016-12-24 15:30:22 ----D---- C:\ProgramData\Google
2016-12-15 20:14:29 ----A---- C:\windows\system32\mshtml.dll
2016-12-15 20:14:28 ----A---- C:\windows\SYSWOW64\mshtml.dll
2016-12-15 20:14:24 ----A---- C:\windows\system32\ieframe.dll
2016-12-15 20:14:23 ----A---- C:\windows\SYSWOW64\ieframe.dll
2016-12-15 20:14:22 ----A---- C:\windows\system32\jscript9.dll
2016-12-15 20:14:21 ----A---- C:\windows\SYSWOW64\jscript9.dll
2016-12-15 20:14:20 ----A---- C:\windows\SYSWOW64\wininet.dll
2016-12-15 20:14:20 ----A---- C:\windows\system32\wininet.dll
2016-12-15 20:14:20 ----A---- C:\windows\system32\win32k.sys
2016-12-15 20:14:20 ----A---- C:\windows\system32\msi.dll
2016-12-15 20:14:19 ----A---- C:\windows\SYSWOW64\msi.dll
2016-12-15 20:14:19 ----A---- C:\windows\system32\drivers\cng.sys
2016-12-15 20:14:19 ----A---- C:\windows\system32\clfs.sys
2016-12-15 20:14:18 ----A---- C:\windows\SYSWOW64\urlmon.dll
2016-12-15 20:14:18 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2016-12-15 20:14:18 ----A---- C:\windows\SYSWOW64\bcrypt.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\usp10.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\user32.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\iedkcs32.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\gdi32.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\consent.exe
2016-12-15 20:14:18 ----A---- C:\windows\system32\bcrypt.dll
2016-12-15 20:14:17 ----A---- C:\windows\SYSWOW64\usp10.dll
2016-12-15 20:14:17 ----A---- C:\windows\system32\urlmon.dll
2016-12-15 20:14:17 ----A---- C:\windows\system32\hlink.dll
2016-12-15 20:14:17 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2016-12-15 20:14:17 ----A---- C:\windows\system32\drivers\ksecdd.sys
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\user32.dll
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\hlink.dll
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\gdi32.dll
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\certcli.dll
2016-12-15 20:14:16 ----A---- C:\windows\system32\mshtmlmedia.dll
2016-12-15 20:14:16 ----A---- C:\windows\system32\certcli.dll
2016-12-15 20:14:15 ----A---- C:\windows\SYSWOW64\jscript.dll
2016-12-15 20:14:15 ----A---- C:\windows\system32\vbscript.dll
2016-12-15 20:14:15 ----A---- C:\windows\system32\msfeeds.dll
2016-12-15 20:14:15 ----A---- C:\windows\system32\jscript.dll
2016-12-15 20:14:15 ----A---- C:\windows\system32\iertutil.dll
2016-12-15 20:14:14 ----A---- C:\windows\SYSWOW64\vbscript.dll
2016-12-15 20:14:14 ----A---- C:\windows\SYSWOW64\iertutil.dll
2016-12-15 20:14:14 ----A---- C:\windows\system32\rpcrt4.dll
2016-12-15 20:14:14 ----A---- C:\windows\system32\ieapfltr.dll
2016-12-15 20:14:13 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2016-12-15 20:14:13 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2016-12-15 20:14:13 ----A---- C:\windows\system32\msiexec.exe
2016-12-15 20:14:13 ----A---- C:\windows\system32\ieui.dll
2016-12-15 20:14:13 ----A---- C:\windows\system32\authui.dll
2016-12-15 20:14:12 ----A---- C:\windows\SYSWOW64\msiexec.exe
2016-12-15 20:14:12 ----A---- C:\windows\system32\msihnd.dll
2016-12-15 20:14:12 ----A---- C:\windows\system32\lsasrv.dll
2016-12-15 20:14:12 ----A---- C:\windows\system32\dxtmsft.dll
2016-12-15 20:14:11 ----A---- C:\windows\SYSWOW64\rpcrt4.dll
2016-12-15 20:14:11 ----A---- C:\windows\system32\webcheck.dll
2016-12-15 20:14:11 ----A---- C:\windows\system32\msrating.dll
2016-12-15 20:14:11 ----A---- C:\windows\system32\mshtmled.dll
2016-12-15 20:14:11 ----A---- C:\windows\system32\dxtrans.dll
2016-12-15 20:14:10 ----A---- C:\windows\SYSWOW64\ieui.dll
2016-12-15 20:14:10 ----A---- C:\windows\SYSWOW64\authui.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\occache.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2016-12-15 20:14:10 ----A---- C:\windows\system32\kerberos.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\jsproxy.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\jscript9diag.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2016-12-15 20:14:10 ----A---- C:\windows\system32\appinfo.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\webcheck.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\msihnd.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2016-12-15 20:14:09 ----A---- C:\windows\system32\schannel.dll
2016-12-15 20:14:09 ----A---- C:\windows\system32\inseng.dll
2016-12-15 20:14:09 ----A---- C:\windows\system32\ieUnatt.exe
2016-12-15 20:14:08 ----A---- C:\windows\SYSWOW64\sspicli.dll
2016-12-15 20:14:08 ----A---- C:\windows\SYSWOW64\occache.dll
2016-12-15 20:14:08 ----A---- C:\windows\SYSWOW64\msrating.dll
2016-12-15 20:14:08 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2016-12-15 20:14:08 ----A---- C:\windows\system32\ncrypt.dll
2016-12-15 20:14:08 ----A---- C:\windows\system32\ieetwproxystub.dll
2016-12-15 20:14:07 ----A---- C:\windows\SYSWOW64\kerberos.dll
2016-12-15 20:14:07 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2016-12-15 20:14:07 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2016-12-15 20:14:07 ----A---- C:\windows\system32\TSpkg.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\msv1_0.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\MshtmlDac.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\iesetup.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2016-12-15 20:14:06 ----A---- C:\windows\system32\ie4uinit.exe
2016-12-15 20:14:05 ----A---- C:\windows\SYSWOW64\msv1_0.dll
2016-12-15 20:14:05 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2016-12-15 20:14:05 ----A---- C:\windows\system32\wdigest.dll
2016-12-15 20:14:05 ----A---- C:\windows\system32\sspicli.dll
2016-12-15 20:14:04 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2016-12-15 20:14:04 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-12-15 20:14:04 ----A---- C:\windows\system32\rpchttp.dll
2016-12-15 20:14:03 ----A---- C:\windows\SYSWOW64\inseng.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\wdigest.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\schannel.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\rpchttp.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\iesetup.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\iernonce.dll
2016-12-15 20:14:02 ----A---- C:\windows\system32\sspisrv.dll
2016-12-15 20:14:02 ----A---- C:\windows\system32\iernonce.dll
2016-12-15 20:14:02 ----A---- C:\windows\system32\ieetwcollector.exe
2016-12-15 20:14:02 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2016-12-15 20:14:02 ----A---- C:\windows\system32\cryptbase.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\secur32.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\cryptbase.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\credssp.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\auditpol.exe
2016-12-15 20:14:01 ----A---- C:\windows\system32\secur32.dll
2016-12-15 20:14:01 ----A---- C:\windows\system32\lsass.exe
2016-12-15 20:14:01 ----A---- C:\windows\system32\credssp.dll
2016-12-15 20:14:01 ----A---- C:\windows\system32\auditpol.exe
2016-12-15 20:14:00 ----A---- C:\windows\SYSWOW64\msimsg.dll
2016-12-15 20:14:00 ----A---- C:\windows\SYSWOW64\msaudite.dll
2016-12-15 20:14:00 ----A---- C:\windows\SYSWOW64\adtschema.dll
2016-12-15 20:14:00 ----A---- C:\windows\system32\msimsg.dll
2016-12-15 20:14:00 ----A---- C:\windows\system32\msaudite.dll
2016-12-15 20:14:00 ----A---- C:\windows\system32\adtschema.dll
2016-12-15 20:13:59 ----A---- C:\windows\SYSWOW64\msobjs.dll
2016-12-15 20:13:59 ----A---- C:\windows\system32\msobjs.dll
2016-12-15 20:13:59 ----A---- C:\windows\system32\ieetwcollectorres.dll
2016-12-15 20:13:58 ----A---- C:\windows\SYSWOW64\tzres.dll
2016-12-15 20:13:58 ----A---- C:\windows\system32\tzres.dll
2016-12-06 08:17:39 ----D---- C:\windows\IObit
2016-12-01 18:46:12 ----A---- C:\windows\SYSWOW64\ssinstall-uninstall.bat
2016-12-01 18:46:08 ----A---- C:\windows\SYSWOW64\ssins.exe
2016-11-29 22:34:16 ----A---- C:\windows\SYSWOW64\msvcr110_clr0400.dll
2016-11-29 22:34:16 ----A---- C:\windows\SYSWOW64\msvcr100_clr0400.dll
2016-11-29 22:34:16 ----A---- C:\windows\SYSWOW64\msvcp110_clr0400.dll
2016-11-29 22:34:16 ----A---- C:\windows\SYSWOW64\aspnet_counters.dll
2016-11-29 22:27:48 ----A---- C:\windows\system32\msvcr110_clr0400.dll
2016-11-29 22:27:48 ----A---- C:\windows\system32\msvcr100_clr0400.dll
2016-11-29 22:27:48 ----A---- C:\windows\system32\msvcp110_clr0400.dll
2016-11-29 22:27:48 ----A---- C:\windows\system32\aspnet_counters.dll

======List of files/folders modified in the last 1 month======

2016-12-24 21:12:43 ----D---- C:\windows\Prefetch
2016-12-24 21:12:39 ----D---- C:\windows\Temp
2016-12-24 21:11:56 ----D---- C:\windows\SoftwareDistribution
2016-12-24 21:05:06 ----A---- C:\windows\SYSWOW64\log.txt
2016-12-24 21:02:51 ----D---- C:\windows\system32\config
2016-12-24 21:02:22 ----D---- C:\ProgramData\PDFC
2016-12-24 21:01:33 ----D---- C:\Windows
2016-12-24 21:00:38 ----HD---- C:\ProgramData
2016-12-24 16:38:10 ----D---- C:\windows\inf
2016-12-24 16:07:23 ----RD---- C:\Program Files
2016-12-24 15:38:47 ----SHD---- C:\windows\Installer
2016-12-24 15:38:45 ----SHD---- C:\System Volume Information
2016-12-24 15:34:25 ----D---- C:\Users\ProBook\AppData\Roaming\TeamViewer
2016-12-24 15:34:25 ----D---- C:\Program Files (x86)\TeamViewer
2016-12-24 15:30:46 ----D---- C:\windows\system32\Tasks
2016-12-24 15:30:36 ----RD---- C:\Program Files (x86)
2016-12-24 15:30:33 ----D---- C:\Program Files\Google
2016-12-24 15:30:33 ----D---- C:\Program Files (x86)\Google
2016-12-24 15:30:32 ----SHD---- C:\Config.Msi
2016-12-24 15:30:05 ----D---- C:\ProgramData\WinZip
2016-12-24 15:27:19 ----D---- C:\Program Files (x86)\IObit
2016-12-24 15:26:32 ----D---- C:\windows\system32\drivers
2016-12-24 15:09:45 ----D---- C:\swsetup
2016-12-23 21:13:54 ----D---- C:\windows\winsxs
2016-12-23 21:11:00 ----D---- C:\windows\system32\catroot2
2016-12-23 20:58:13 ----SHD---- C:\boot
2016-12-23 20:48:49 ----D---- C:\windows\Tasks
2016-12-23 20:39:31 ----D---- C:\Users\ProBook\AppData\Roaming\IObit
2016-12-23 20:35:31 ----D---- C:\windows\Minidump
2016-12-23 19:29:21 ----D---- C:\ProgramData\ProductData
2016-12-22 15:07:13 ----D---- C:\Users\ProBook\AppData\Roaming\SoftGrid Client
2016-12-21 20:16:11 ----D---- C:\windows\debug
2016-12-16 18:30:05 ----D---- C:\windows\rescache
2016-12-16 08:37:42 ----D---- C:\windows\Microsoft.NET
2016-12-16 08:03:19 ----RSD---- C:\windows\assembly
2016-12-16 07:44:47 ----D---- C:\Program Files\Internet Explorer
2016-12-16 07:44:45 ----D---- C:\windows\SYSWOW64\en-US
2016-12-16 07:44:45 ----D---- C:\windows\SYSWOW64\cs-CZ
2016-12-16 07:44:45 ----D---- C:\Program Files (x86)\Internet Explorer
2016-12-16 07:44:44 ----D---- C:\windows\SysWOW64
2016-12-16 07:44:42 ----D---- C:\windows\system32\cs-CZ
2016-12-16 07:44:41 ----D---- C:\windows\system32\en-US
2016-12-16 07:44:41 ----D---- C:\windows\System32
2016-12-15 23:32:58 ----D---- C:\windows\system32\MRT
2016-12-15 23:29:55 ----AC---- C:\windows\system32\MRT.exe
2016-12-15 23:28:09 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2016-12-15 23:27:58 ----A---- C:\windows\system32\PerfStringBackup.INI
2016-12-15 09:26:16 ----D---- C:\ProgramData\IObit
2016-12-13 00:39:09 ----D---- C:\Users\ProBook\AppData\Roaming\WinTrack
2016-12-07 09:32:47 ----A---- C:\windows\SYSWOW64\libeay32.dll
2016-12-01 18:46:12 ----A---- C:\windows\SYSWOW64\ssleay32.dll
2016-12-01 16:49:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-11-30 10:45:09 ----D---- C:\windows\ModemLogs
2016-11-30 09:34:38 ----D---- C:\windows\system32\catroot
2016-11-30 09:34:12 ----D---- C:\Program Files\Microsoft Security Client
2016-11-30 09:34:11 ----D---- C:\Program Files (x86)\Microsoft Security Client
2016-11-27 08:54:11 ----D---- C:\windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\windows\system32\DRIVERS\amdkmpfd.sys [2012-03-20 32896]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2012-09-07 31040]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\drivers\iaStor.sys [2012-02-02 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
R0 MfeEpeOpal;MfeEpeOpal; C:\windows\system32\drivers\MfeEpeOpal.sys [2013-03-27 91432]
R0 MfeEpePc;MfeEpePc; C:\windows\system32\drivers\MfeEpePc.sys [2013-03-27 158760]
R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-03-18 26528]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2012-09-07 43328]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2014-12-10 16752640]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2014-12-10 584192]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2012-02-03 42816]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2013-09-25 89800]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2012-12-20 3837440]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2013-09-25 338120]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service; C:\windows\system32\drivers\btath_avdt.sys [2013-09-25 116424]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus; C:\windows\system32\DRIVERS\btath_bus.sys [2013-09-25 34384]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\windows\system32\DRIVERS\btath_hcrp.sys [2013-09-25 179432]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2013-09-25 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\windows\system32\DRIVERS\btath_rcp.sys [2013-09-25 137928]
R3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2013-09-25 590024]
R3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2012-04-17 80384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2011-07-18 25912]
R3 huawei_enumerator;huawei_enumerator; C:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 90112]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-03-26 14748416]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2013-11-20 176880]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2013-11-06 62784]
R3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2013-06-12 708200]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2014-10-08 766632]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2014-10-08 273576]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2014-10-08 29352]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2014-10-08 23208]
R3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\SPUVCbv_x64.sys [2013-06-12 1064184]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\windows\system32\DRIVERS\stwrt64.sys [2013-06-12 543744]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2013-12-18 549104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 MBAMChameleon;MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys []
S3 BthMtpEnum;Modul pro výčet zařízení Bluetooth MTP; C:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 64512]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2012-01-31 64312]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\windows\system32\DRIVERS\ewdcsc.sys [2010-10-08 32768]
S3 huawei_cdcacm;huawei_cdcacm; C:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 30720]
S3 huawei_wwanecm;huawei_wwanecm; C:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-04-23 238080]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2011-12-31 225920]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\windows\system32\DRIVERS\ewusbdev.sys []
S3 intelkmd;intelkmd; C:\windows\system32\DRIVERS\igdpmd64.sys [2012-03-26 14748416]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3hub.sys [2013-06-12 358456]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\windows\system32\DRIVERS\iusb3xhc.sys [2013-06-12 791608]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2014-12-10 239616]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-09-25 312448]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-03-18 822496]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-04-28 493904]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
R2 HPFSService;File Sanitizer for HP ProtectTools; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-08-07 378488]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2013-10-16 681760]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2012-09-07 33600]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-08-15 29728]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-03-01 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-11-06 131032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-11-06 165336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-11-06 279000]
R2 MbnExt;Mobile Broadband Extension Service; C:\windows\system32\svchost.exe [2009-07-14 27136]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2013-03-27 1327104]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-07-18 1143432]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-08 534184]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2013-06-12 327680]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-09-20 7500048]
R2 uArcCapture;ArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2012-02-03 498352]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-11-06 366040]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2012-03-20 2694224]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2015-04-28 1102472]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-08 211104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05 154440]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-10-09 2934048]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09 270016]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-29 51384]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-26 276248]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\windows\SysWOW64\flcdlock.exe [2012-04-27 477056]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05 154440]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-12-24 194032]
S3 hpCMSrv;HP Connection Manager 4 Service; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2013-10-31 1421112]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2016-11-12 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-23 146888]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]

-----------------EOF-----------------

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Program Files (x86)\Google\Google Toolbar

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]/64

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Tady je nový log RSIT. Notebook už nabíhá OK ale stále se ještě objevuje toto okno viz. dole...

Logfile of random's system information tool 1.10 (written by random/random)
Run by ProBook at 2016-12-24 22:11:44
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 488 GB (71%) free of 692 GB
Total RAM: 3978 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:11:55, on 24.12.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\ProBook.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O4 - HKCU\..\Run: [T-Mobile CManager] "c:\program files (x86)\t-mobile\web'n'walk manager\manager.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{280D6BC2-1899-4FFD-8BB6-1D8D62E96030}: NameServer =
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\windows\SysWOW64\flcdlock.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 11312 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
"C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"

C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
atieclxx
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 5278656
\??\C:\windows\system32\conhost.exe "1456771028-181546681316166183301568457747107885765280854786-264541321745000780
"C:\windows\system32\Dwm.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\spoolsv.exe
taskeng.exe {B85A7DF5-1F15-428D-B6DD-8C1A8801F13C}
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"taskhost.exe"
C:\windows\System32\svchost.exe -k utcsvc
"c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\windows\SysWOW64\svchost.exe -k MbnExt
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\windows\system32\UI0Detect.exe
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\servicing\TrustedInstaller.exe
"C:\windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-536f8570-c695-4740-bebe-243bfd701d55 -SystemEventPortName:HostProcess-e37cf1a7-9922-45cd-8524-8d73b7367dd5 -IoCancelEventPortName:HostProcess-bd52096e-1622-4fcb-836e-b951b3c20b59 -NonStateChangingEventPortName:HostProcess-5624ef37-9b89-49c1-b7c8-2492949e2d1c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3c68a4c0-9285-4e2e-b299-f97be5cbd620 -DeviceGroupId:
"C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\windows\notepad.exe" C:\_OTM\MovedFiles\12242016_220518.log
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
taskeng.exe {E24E7CD6-FDBB-4607-B8BF-CCD4FB65AA51}
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\ProBook\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\ProBook\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=55.0.2883.87 --handshake-handle=0xa4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4668 --on-initialized-event-handle=340 --parent-handle=344 /prefetch:6
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/Html5ByDefault/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Control/SignInPasswordPromo/ExEnable2/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_76/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=6,14,16,17,18,21,37,54,65 --gpu-vendor-id=0x1002 --gpu-device-id=0x0000 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=14.301.1003.1003 --gpu-driver-date=12-3-2014 --gpu-secondary-vendor-ids=0x8086 --gpu-secondary-device-ids=0x0166 --gpu-active-vendor-id=0x8086 --gpu-active-device-id=0x0166 --service-request-channel-token=E32F4310CA5CA56D8709734A6340646E --mojo-platform-channel-handle=1064 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Control/SignInPasswordPromo/ExEnable2/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_76/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=50E44990C3B7F9006AEDC11A2C31D02D --lang=cs --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=50E44990C3B7F9006AEDC11A2C31D02D --mojo-platform-channel-handle=1772 /prefetch:1
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/*Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Control/SignInPasswordPromo/ExEnable2/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_76/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=A229B8C7772D9C4485E91B78138D9268 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=A229B8C7772D9C4485E91B78138D9268 --mojo-platform-channel-handle=2852 /prefetch:1
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /taskrestart
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/*Html5ByDefault/Default/*InstanceID/Enabled/MaterialDesignDownloads/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityWarningIconUpdate/Control/SignInPasswordPromo/ExEnable2/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_76/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=58789426646E2037BE10566BCECFED5A --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=58789426646E2037BE10566BCECFED5A --mojo-platform-channel-handle=4084 /prefetch:1
"C:\Users\ProBook\Downloads\RSITx64.exe"
"C:\windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528

=========Mozilla firefox=========

ProfilePath - C:\Users\ProBook\AppData\Roaming\Mozilla\Firefox\Profiles\yz0xthzp.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.205 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.77.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.205 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll


C:\Users\ProBook\AppData\Roaming\Mozilla\Firefox\Profiles\yz0xthzp.default\extensions\
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-05 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [2012-03-30 636032]
"QLBController"=c:\program files (x86)\hewlett-packard\hp hotkey support\qlbcontroller.exe [2013-10-16 337184]
"Persistence"=c:\windows\system32\igfxpers.exe [2012-03-26 439064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-09-25 132736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile CManager"=c:\program files (x86)\t-mobile\web'n'walk manager\manager.exe [2015-08-06 2162152]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-12-06 9288408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
c:\program files (x86)\intel\intel(r) rapid storage technology\iastoriconlaunch.exe [2012-03-01 56088]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-09-25 132736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-03-26 434688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"midi3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi5"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-12-24 22:05:18 ----D---- C:\_OTM
2016-12-24 20:58:49 ----D---- C:\AdwCleaner
2016-12-24 16:07:23 ----D---- C:\rsit
2016-12-24 16:07:23 ----D---- C:\Program Files\trend micro
2016-12-24 16:04:54 ----A---- C:\windows\ntbtlog.txt
2016-12-24 15:30:37 ----D---- C:\Program Files\CCleaner
2016-12-24 15:30:22 ----D---- C:\ProgramData\Google
2016-12-15 20:14:29 ----A---- C:\windows\system32\mshtml.dll
2016-12-15 20:14:28 ----A---- C:\windows\SYSWOW64\mshtml.dll
2016-12-15 20:14:24 ----A---- C:\windows\system32\ieframe.dll
2016-12-15 20:14:23 ----A---- C:\windows\SYSWOW64\ieframe.dll
2016-12-15 20:14:22 ----A---- C:\windows\system32\jscript9.dll
2016-12-15 20:14:21 ----A---- C:\windows\SYSWOW64\jscript9.dll
2016-12-15 20:14:20 ----A---- C:\windows\SYSWOW64\wininet.dll
2016-12-15 20:14:20 ----A---- C:\windows\system32\wininet.dll
2016-12-15 20:14:20 ----A---- C:\windows\system32\win32k.sys
2016-12-15 20:14:20 ----A---- C:\windows\system32\msi.dll
2016-12-15 20:14:19 ----A---- C:\windows\SYSWOW64\msi.dll
2016-12-15 20:14:19 ----A---- C:\windows\system32\drivers\cng.sys
2016-12-15 20:14:19 ----A---- C:\windows\system32\clfs.sys
2016-12-15 20:14:18 ----A---- C:\windows\SYSWOW64\urlmon.dll
2016-12-15 20:14:18 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2016-12-15 20:14:18 ----A---- C:\windows\SYSWOW64\bcrypt.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\usp10.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\user32.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\iedkcs32.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\gdi32.dll
2016-12-15 20:14:18 ----A---- C:\windows\system32\consent.exe
2016-12-15 20:14:18 ----A---- C:\windows\system32\bcrypt.dll
2016-12-15 20:14:17 ----A---- C:\windows\SYSWOW64\usp10.dll
2016-12-15 20:14:17 ----A---- C:\windows\system32\urlmon.dll
2016-12-15 20:14:17 ----A---- C:\windows\system32\hlink.dll
2016-12-15 20:14:17 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2016-12-15 20:14:17 ----A---- C:\windows\system32\drivers\ksecdd.sys
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\user32.dll
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\hlink.dll
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\gdi32.dll
2016-12-15 20:14:16 ----A---- C:\windows\SYSWOW64\certcli.dll
2016-12-15 20:14:16 ----A---- C:\windows\system32\mshtmlmedia.dll
2016-12-15 20:14:16 ----A---- C:\windows\system32\certcli.dll
2016-12-15 20:14:15 ----A---- C:\windows\SYSWOW64\jscript.dll
2016-12-15 20:14:15 ----A---- C:\windows\system32\vbscript.dll
2016-12-15 20:14:15 ----A---- C:\windows\system32\msfeeds.dll
2016-12-15 20:14:15 ----A---- C:\windows\system32\jscript.dll
2016-12-15 20:14:15 ----A---- C:\windows\system32\iertutil.dll
2016-12-15 20:14:14 ----A---- C:\windows\SYSWOW64\vbscript.dll
2016-12-15 20:14:14 ----A---- C:\windows\SYSWOW64\iertutil.dll
2016-12-15 20:14:14 ----A---- C:\windows\system32\rpcrt4.dll
2016-12-15 20:14:14 ----A---- C:\windows\system32\ieapfltr.dll
2016-12-15 20:14:13 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2016-12-15 20:14:13 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2016-12-15 20:14:13 ----A---- C:\windows\system32\msiexec.exe
2016-12-15 20:14:13 ----A---- C:\windows\system32\ieui.dll
2016-12-15 20:14:13 ----A---- C:\windows\system32\authui.dll
2016-12-15 20:14:12 ----A---- C:\windows\SYSWOW64\msiexec.exe
2016-12-15 20:14:12 ----A---- C:\windows\system32\msihnd.dll
2016-12-15 20:14:12 ----A---- C:\windows\system32\lsasrv.dll
2016-12-15 20:14:12 ----A---- C:\windows\system32\dxtmsft.dll
2016-12-15 20:14:11 ----A---- C:\windows\SYSWOW64\rpcrt4.dll
2016-12-15 20:14:11 ----A---- C:\windows\system32\webcheck.dll
2016-12-15 20:14:11 ----A---- C:\windows\system32\msrating.dll
2016-12-15 20:14:11 ----A---- C:\windows\system32\mshtmled.dll
2016-12-15 20:14:11 ----A---- C:\windows\system32\dxtrans.dll
2016-12-15 20:14:10 ----A---- C:\windows\SYSWOW64\ieui.dll
2016-12-15 20:14:10 ----A---- C:\windows\SYSWOW64\authui.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\occache.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2016-12-15 20:14:10 ----A---- C:\windows\system32\kerberos.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\jsproxy.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\jscript9diag.dll
2016-12-15 20:14:10 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2016-12-15 20:14:10 ----A---- C:\windows\system32\appinfo.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\webcheck.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\msihnd.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2016-12-15 20:14:09 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2016-12-15 20:14:09 ----A---- C:\windows\system32\schannel.dll
2016-12-15 20:14:09 ----A---- C:\windows\system32\inseng.dll
2016-12-15 20:14:09 ----A---- C:\windows\system32\ieUnatt.exe
2016-12-15 20:14:08 ----A---- C:\windows\SYSWOW64\sspicli.dll
2016-12-15 20:14:08 ----A---- C:\windows\SYSWOW64\occache.dll
2016-12-15 20:14:08 ----A---- C:\windows\SYSWOW64\msrating.dll
2016-12-15 20:14:08 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2016-12-15 20:14:08 ----A---- C:\windows\system32\ncrypt.dll
2016-12-15 20:14:08 ----A---- C:\windows\system32\ieetwproxystub.dll
2016-12-15 20:14:07 ----A---- C:\windows\SYSWOW64\kerberos.dll
2016-12-15 20:14:07 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2016-12-15 20:14:07 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2016-12-15 20:14:07 ----A---- C:\windows\system32\TSpkg.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\msv1_0.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\MshtmlDac.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\iesetup.dll
2016-12-15 20:14:07 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2016-12-15 20:14:06 ----A---- C:\windows\system32\ie4uinit.exe
2016-12-15 20:14:05 ----A---- C:\windows\SYSWOW64\msv1_0.dll
2016-12-15 20:14:05 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2016-12-15 20:14:05 ----A---- C:\windows\system32\wdigest.dll
2016-12-15 20:14:05 ----A---- C:\windows\system32\sspicli.dll
2016-12-15 20:14:04 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2016-12-15 20:14:04 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-12-15 20:14:04 ----A---- C:\windows\system32\rpchttp.dll
2016-12-15 20:14:03 ----A---- C:\windows\SYSWOW64\inseng.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\wdigest.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\schannel.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\rpchttp.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\iesetup.dll
2016-12-15 20:14:02 ----A---- C:\windows\SYSWOW64\iernonce.dll
2016-12-15 20:14:02 ----A---- C:\windows\system32\sspisrv.dll
2016-12-15 20:14:02 ----A---- C:\windows\system32\iernonce.dll
2016-12-15 20:14:02 ----A---- C:\windows\system32\ieetwcollector.exe
2016-12-15 20:14:02 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2016-12-15 20:14:02 ----A---- C:\windows\system32\cryptbase.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\secur32.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\cryptbase.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\credssp.dll
2016-12-15 20:14:01 ----A---- C:\windows\SYSWOW64\auditpol.exe
2016-12-15 20:14:01 ----A---- C:\windows\system32\secur32.dll
2016-12-15 20:14:01 ----A---- C:\windows\system32\lsass.exe
2016-12-15 20:14:01 ----A---- C:\windows\system32\credssp.dll
2016-12-15 20:14:01 ----A---- C:\windows\system32\auditpol.exe
2016-12-15 20:14:00 ----A---- C:\windows\SYSWOW64\msimsg.dll
2016-12-15 20:14:00 ----A---- C:\windows\SYSWOW64\msaudite.dll
2016-12-15 20:14:00 ----A---- C:\windows\SYSWOW64\adtschema.dll
2016-12-15 20:14:00 ----A---- C:\windows\system32\msimsg.dll
2016-12-15 20:14:00 ----A---- C:\windows\system32\msaudite.dll
2016-12-15 20:14:00 ----A---- C:\windows\system32\adtschema.dll
2016-12-15 20:13:59 ----A---- C:\windows\SYSWOW64\msobjs.dll
2016-12-15 20:13:59 ----A---- C:\windows\system32\msobjs.dll
2016-12-15 20:13:59 ----A---- C:\windows\system32\ieetwcollectorres.dll
2016-12-15 20:13:58 ----A---- C:\windows\SYSWOW64\tzres.dll
2016-12-15 20:13:58 ----A---- C:\windows\system32\tzres.dll
2016-12-06 08:17:39 ----D---- C:\windows\IObit
2016-12-01 18:46:12 ----A---- C:\windows\SYSWOW64\ssinstall-uninstall.bat
2016-12-01 18:46:08 ----A---- C:\windows\SYSWOW64\ssins.exe
2016-11-29 22:34:16 ----A---- C:\windows\SYSWOW64\msvcr110_clr0400.dll
2016-11-29 22:34:16 ----A---- C:\windows\SYSWOW64\msvcr100_clr0400.dll
2016-11-29 22:34:16 ----A---- C:\windows\SYSWOW64\msvcp110_clr0400.dll
2016-11-29 22:34:16 ----A---- C:\windows\SYSWOW64\aspnet_counters.dll
2016-11-29 22:27:48 ----A---- C:\windows\system32\msvcr110_clr0400.dll
2016-11-29 22:27:48 ----A---- C:\windows\system32\msvcr100_clr0400.dll
2016-11-29 22:27:48 ----A---- C:\windows\system32\msvcp110_clr0400.dll
2016-11-29 22:27:48 ----A---- C:\windows\system32\aspnet_counters.dll

======List of files/folders modified in the last 1 month======

2016-12-24 22:11:53 ----D---- C:\windows\Prefetch
2016-12-24 22:11:40 ----D---- C:\windows\Temp
2016-12-24 22:11:03 ----A---- C:\windows\SYSWOW64\log.txt
2016-12-24 22:08:01 ----D---- C:\windows\system32\config
2016-12-24 22:07:24 ----D---- C:\ProgramData\PDFC
2016-12-24 22:05:33 ----D---- C:\windows\SysWOW64
2016-12-24 22:05:20 ----D---- C:\Program Files (x86)\Google
2016-12-24 21:11:56 ----D---- C:\windows\SoftwareDistribution
2016-12-24 21:01:33 ----D---- C:\Windows
2016-12-24 21:00:38 ----HD---- C:\ProgramData
2016-12-24 16:38:10 ----D---- C:\windows\inf
2016-12-24 16:07:23 ----RD---- C:\Program Files
2016-12-24 15:38:47 ----SHD---- C:\windows\Installer
2016-12-24 15:38:45 ----SHD---- C:\System Volume Information
2016-12-24 15:34:25 ----D---- C:\Users\ProBook\AppData\Roaming\TeamViewer
2016-12-24 15:34:25 ----D---- C:\Program Files (x86)\TeamViewer
2016-12-24 15:30:46 ----D---- C:\windows\system32\Tasks
2016-12-24 15:30:36 ----RD---- C:\Program Files (x86)
2016-12-24 15:30:33 ----D---- C:\Program Files\Google
2016-12-24 15:30:32 ----SHD---- C:\Config.Msi
2016-12-24 15:30:05 ----D---- C:\ProgramData\WinZip
2016-12-24 15:27:19 ----D---- C:\Program Files (x86)\IObit
2016-12-24 15:26:32 ----D---- C:\windows\system32\drivers
2016-12-24 15:09:45 ----D---- C:\swsetup
2016-12-23 21:13:54 ----D---- C:\windows\winsxs
2016-12-23 21:11:00 ----D---- C:\windows\system32\catroot2
2016-12-23 20:58:13 ----SHD---- C:\boot
2016-12-23 20:48:49 ----D---- C:\windows\Tasks
2016-12-23 20:39:31 ----D---- C:\Users\ProBook\AppData\Roaming\IObit
2016-12-23 20:35:31 ----D---- C:\windows\Minidump
2016-12-23 19:29:21 ----D---- C:\ProgramData\ProductData
2016-12-22 15:07:13 ----D---- C:\Users\ProBook\AppData\Roaming\SoftGrid Client
2016-12-21 20:16:11 ----D---- C:\windows\debug
2016-12-16 18:30:05 ----D---- C:\windows\rescache
2016-12-16 08:37:42 ----D---- C:\windows\Microsoft.NET
2016-12-16 08:03:19 ----RSD---- C:\windows\assembly
2016-12-16 07:44:47 ----D---- C:\Program Files\Internet Explorer
2016-12-16 07:44:45 ----D---- C:\windows\SYSWOW64\en-US
2016-12-16 07:44:45 ----D---- C:\windows\SYSWOW64\cs-CZ
2016-12-16 07:44:45 ----D---- C:\Program Files (x86)\Internet Explorer
2016-12-16 07:44:42 ----D---- C:\windows\system32\cs-CZ
2016-12-16 07:44:41 ----D---- C:\windows\system32\en-US
2016-12-16 07:44:41 ----D---- C:\windows\System32
2016-12-15 23:32:58 ----D---- C:\windows\system32\MRT
2016-12-15 23:29:55 ----AC---- C:\windows\system32\MRT.exe
2016-12-15 23:28:09 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2016-12-15 23:27:58 ----A---- C:\windows\system32\PerfStringBackup.INI
2016-12-15 09:26:16 ----D---- C:\ProgramData\IObit
2016-12-13 00:39:09 ----D---- C:\Users\ProBook\AppData\Roaming\WinTrack
2016-12-07 09:32:47 ----A---- C:\windows\SYSWOW64\libeay32.dll
2016-12-01 18:46:12 ----A---- C:\windows\SYSWOW64\ssleay32.dll
2016-12-01 16:49:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-11-30 10:45:09 ----D---- C:\windows\ModemLogs
2016-11-30 09:34:38 ----D---- C:\windows\system32\catroot
2016-11-30 09:34:12 ----D---- C:\Program Files\Microsoft Security Client
2016-11-30 09:34:11 ----D---- C:\Program Files (x86)\Microsoft Security Client
2016-11-27 08:54:11 ----D---- C:\windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\windows\system32\DRIVERS\amdkmpfd.sys [2012-03-20 32896]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2012-09-07 31040]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\drivers\iaStor.sys [2012-02-02 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
R0 MfeEpeOpal;MfeEpeOpal; C:\windows\system32\drivers\MfeEpeOpal.sys [2013-03-27 91432]
R0 MfeEpePc;MfeEpePc; C:\windows\system32\drivers\MfeEpePc.sys [2013-03-27 158760]
R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-03-18 26528]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2012-09-07 43328]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2014-12-10 16752640]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2014-12-10 584192]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2012-02-03 42816]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2013-09-25 89800]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2012-12-20 3837440]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2013-09-25 338120]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service; C:\windows\system32\drivers\btath_avdt.sys [2013-09-25 116424]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus; C:\windows\system32\DRIVERS\btath_bus.sys [2013-09-25 34384]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\windows\system32\DRIVERS\btath_hcrp.sys [2013-09-25 179432]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2013-09-25 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\windows\system32\DRIVERS\btath_rcp.sys [2013-09-25 137928]
R3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2013-09-25 590024]
R3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2012-04-17 80384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2011-07-18 25912]
R3 huawei_enumerator;huawei_enumerator; C:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 90112]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-03-26 14748416]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2013-11-20 176880]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2013-11-06 62784]
R3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2013-06-12 708200]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2014-10-08 766632]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2014-10-08 273576]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2014-10-08 29352]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2014-10-08 23208]
R3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\SPUVCbv_x64.sys [2013-06-12 1064184]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\windows\system32\DRIVERS\stwrt64.sys [2013-06-12 543744]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2013-12-18 549104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 MBAMChameleon;MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys []
S3 BthMtpEnum;Modul pro výčet zařízení Bluetooth MTP; C:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 64512]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2012-01-31 64312]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\windows\system32\DRIVERS\ewdcsc.sys [2010-10-08 32768]
S3 huawei_cdcacm;huawei_cdcacm; C:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 30720]
S3 huawei_wwanecm;huawei_wwanecm; C:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-04-23 238080]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2011-12-31 225920]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\windows\system32\DRIVERS\ewusbdev.sys []
S3 intelkmd;intelkmd; C:\windows\system32\DRIVERS\igdpmd64.sys [2012-03-26 14748416]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3hub.sys [2013-06-12 358456]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\windows\system32\DRIVERS\iusb3xhc.sys [2013-06-12 791608]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2014-12-10 239616]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-09-25 312448]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-03-18 822496]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-04-28 493904]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
R2 HPFSService;File Sanitizer for HP ProtectTools; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-08-07 378488]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2013-10-16 681760]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2012-09-07 33600]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-03-01 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-11-06 131032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-11-06 165336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-11-06 279000]
R2 MbnExt;Mobile Broadband Extension Service; C:\windows\system32\svchost.exe [2009-07-14 27136]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2013-03-27 1327104]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-07-18 1143432]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-08 534184]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2013-06-12 327680]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-09-20 7500048]
R2 uArcCapture;ArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2012-02-03 498352]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-11-06 366040]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2012-03-20 2694224]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2015-04-28 1102472]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-08 211104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05 154440]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-08-15 29728]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-10-09 2934048]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09 270016]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-29 51384]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-26 276248]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\windows\SysWOW64\flcdlock.exe [2012-04-27 477056]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05 154440]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-12-24 194032]
S3 hpCMSrv;HP Connection Manager 4 Service; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2013-10-31 1421112]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2016-11-12 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-23 146888]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]

-----------------EOF-----------------

Smazáno. Nevím, o který program se jedná. Co se zobrazí, když kliknete na "Zobrazit zprávu"?

Právě že nic otevře se jen prázdné okno s nápisem "vrátit změny" které se hned zavře...

Zkuste obnovu systému k datu, kdy korketně fungoval.

Zkusím. Děkuji moc za pomoc. Pěkné svátky....

Hezký zbytek svátků i vám a nemáte zač!