VIRY.CZ

Zdravim potreboval by som poradit alebo vyliecit pc.. kolega tam nemal antivirak a zacalo mu v prehliadaci hadzat webovu stranku qtipr + sa preukazalo spomalenie... Pripajam log z RSIT . Vdaka za odpoved

Logfile of random's system information tool 1.10 (written by random/random)
Run by Andrej at 2017-01-12 18:53:37
Microsoft Windows 8.1
System drive C: has 113 GB (74%) free of 152 GB
Total RAM: 2551 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:53:42, on 12.1.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16384)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Andrej.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKCU\..\Run: [Google Update] C:\Users\Andrej\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [Advanced SystemCare 9] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [svchost0] "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: Odoslanie do programu OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Advanced SystemCare Service 9 (AdvancedSystemCareService9) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6673 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe"
"dwm.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskhostex.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe" /Task
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide
C:\Windows\Explorer.EXE
dashost.exe {ece32dee-19a1-43cf-9bdbfdba67ebce15}
taskeng.exe {903E3ABF-65E9-47E2-9628-F6E3C8AC739C}
"C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
"C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe" 1 38
"C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe" 1 36
"C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe" 1 37
C:\Windows\SysWOW64\svchost.exe -k LocalMediaService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe"
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
taskhost.exe $(Arg0)
"C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe" 1 13
"C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe" 1 11
"C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.18471_x64__8wekyb3d8bbwe\glcnd.exe" -ServerName:Microsoft.Reader.AppXtszmc7avrx02s7n8gch63tzwg517wd9k.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-032687be-bc2e-4050-b3b5-33c616d8c4a9 -SystemEventPortName:HostProcess-31024118-e5ca-4b02-b3d2-9eaf275b0185 -IoCancelEventPortName:HostProcess-c38dec95-d2c7-4518-8799-5fc3f8c54643 -NonStateChangingEventPortName:HostProcess-3785d47b-31eb-48d6-8c61-75682ac9a4cc -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5c7090cc-bcad-42e9-9e62-c92f262d6a09 -DeviceGroupId:WpdFsGroup
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\Andrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://qtipr.com/
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe --type=crashpad-handler /prefetch:7 "--database=C:\Users\Andrej\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Andrej\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=55.0.2883.87 --handshake-handle=0x1a0
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3696 --on-initialized-event-handle=604 --parent-handle=432 /prefetch:6
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-databases --primordial-pipe-token=B0D26D62266A578F7436AAF5EF7F994D --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=B0D26D62266A578F7436AAF5EF7F994D --mojo-platform-channel-handle=3324 /prefetch:1
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-databases --primordial-pipe-token=9045FEE4ADB4C13242A87035FCB45367 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=9045FEE4ADB4C13242A87035FCB45367 --mojo-platform-channel-handle=2696 /prefetch:1
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-d3d11 --disable-direct-composition --use-gl=swiftshader --supports-dual-gpus=false --swiftshader-path="C:\Users\Andrej\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1" --gpu-driver-bug-workarounds=6,14,16,17,18,21,37,54,65 --gpu-vendor-id=0x8086 --gpu-device-id=0x2972 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2697 --gpu-driver-date=10-1-2012 --service-request-channel-token=360541D0D5562A1444D398941C895B5D --mojo-platform-channel-handle=3508 --ignored=" --type=renderer " /prefetch:2
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-databases --primordial-pipe-token=E824A3314AE99DA656219BD3F34A1F04 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=E824A3314AE99DA656219BD3F34A1F04 --mojo-platform-channel-handle=5760 /prefetch:1
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-databases --primordial-pipe-token=F19609B317BC46BCDE107E472BF5C561 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=F19609B317BC46BCDE107E472BF5C561 --mojo-platform-channel-handle=6356 /prefetch:1
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-databases --primordial-pipe-token=9AE1389B20E561EFADFAAB428029C1E9 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=9AE1389B20E561EFADFAAB428029C1E9 --mojo-platform-channel-handle=7072 /prefetch:1
"C:\Users\Andrej\Downloads\FRST64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-databases --primordial-pipe-token=CF928CA3BD83268D3BC92EEAE0B0EB7B --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=CF928CA3BD83268D3BC92EEAE0B0EB7B --mojo-platform-channel-handle=4128 /prefetch:1
"C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe" 1 12
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe13_ Global\UsGthrCtrlFltPipeMssGthrPipe13 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 568 572 580 65536 576
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-databases --primordial-pipe-token=45629697C0F28D67F7D54DDA927E6E30 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=45629697C0F28D67F7D54DDA927E6E30 --mojo-platform-channel-handle=3756 /prefetch:1

"C:\Users\Andrej\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\ASC9_SkipUac_Andrej.job - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac
C:\Windows\tasks\Traffic Exchange Updater.job - C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe /silentall -nofreqcheck
C:\Windows\tasks\Traffic Exchange v2 Guard.job - C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe 1 37
C:\Windows\tasks\Traffic Exchange v2 Guardian.job - C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe 1 38
C:\Windows\tasks\Traffic Exchange v2.job - C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe 1 36
C:\Windows\tasks\Uninstaller_SkipUac_Andrej.job - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12 2472224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Andrej\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [2016-12-20 601752]
"Advanced SystemCare 9"=C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2016-01-11 2019616]
"svchost0"=C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe\UUC0789.exe []

C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odoslanie do programu OneNote.lnk - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A52449C2-D3F5-11E6-8EE3-64006A5CFC35}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-12 18:53:37 ----D---- C:\rsit
2017-01-12 18:53:37 ----D---- C:\Program Files\trend micro
2017-01-12 18:38:12 ----D---- C:\FRST
2017-01-12 17:37:27 ----D---- C:\ProgramData\Emsisoft
2017-01-12 17:35:32 ----D---- C:\Program Files\Emsisoft Anti-Malware
2017-01-11 22:27:02 ----D---- C:\ProgramData\ESET
2017-01-11 22:27:02 ----D---- C:\Program Files\ESET
2017-01-11 20:34:26 ----N---- C:\Windows\system32\MpSigStub.exe
2017-01-11 20:27:41 ----D---- C:\Users\Andrej\AppData\Roaming\Identities
2017-01-11 19:42:51 ----D---- C:\Windows\AutoKMS
2017-01-11 19:10:03 ----D---- C:\Program Files (x86)\ContentPush
2017-01-11 19:08:09 ----D---- C:\Program Files\SaFiPlayer
2017-01-11 19:07:05 ----A---- C:\Windows\system32\drivers\KuaiZipDrive.sys
2017-01-11 19:07:04 ----D---- C:\Users\Andrej\AppData\Roaming\Softlink
2017-01-11 19:07:04 ----D---- C:\Users\Andrej\AppData\Roaming\KuaiZip
2017-01-11 19:07:02 ----D---- C:\ProgramData\Microleaves
2017-01-11 19:06:51 ----D---- C:\Program Files\żěŃą
2017-01-11 19:04:30 ----D---- C:\Program Files (x86)\Microleaves
2017-01-11 19:03:49 ----D---- C:\Users\Andrej\AppData\Roaming\Microleaves
2017-01-11 19:03:48 ----D---- C:\ProgramData\Avira
2017-01-11 19:03:48 ----D---- C:\ProgramData\Avg
2017-01-11 19:03:48 ----D---- C:\ProgramData\AVAST Software
2017-01-11 19:03:39 ----D---- C:\Program Files (x86)\Hutghckapy Community
2017-01-11 19:03:16 ----D---- C:\Users\Andrej\AppData\Roaming\Prernck
2017-01-11 19:03:14 ----D---- C:\Users\Andrej\AppData\Roaming\Profiles
2017-01-11 19:03:12 ----D---- C:\Program Files (x86)\Thoqerpyjokither
2016-12-13 17:11:08 ----A---- C:\Windows\system32\drivers\epfwwfpr.sys
2016-12-13 17:11:08 ----A---- C:\Windows\system32\drivers\ehdrv.sys
2016-12-13 17:11:08 ----A---- C:\Windows\system32\drivers\eelam.sys
2016-12-13 17:11:08 ----A---- C:\Windows\system32\drivers\eamonm.sys

======List of files/folders modified in the last 1 month======

2017-01-12 18:53:37 ----RD---- C:\Program Files
2017-01-12 18:53:31 ----D---- C:\Windows\Temp
2017-01-12 18:52:05 ----RD---- C:\Windows\System32
2017-01-12 18:52:05 ----A---- C:\Windows\SYSWOW64\slmgr.vbs
2017-01-12 18:52:05 ----A---- C:\Windows\system32\slmgr.vbs
2017-01-12 18:50:25 ----D---- C:\Windows\Prefetch
2017-01-12 18:42:46 ----D---- C:\Windows
2017-01-12 18:39:18 ----SD---- C:\Users\Andrej\AppData\Roaming\Microsoft
2017-01-12 18:35:11 ----D---- C:\Windows\system32\Tasks
2017-01-12 18:34:52 ----D---- C:\Windows\Tasks
2017-01-12 18:33:08 ----D---- C:\Windows\Inf
2017-01-12 18:33:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-12 18:24:01 ----D---- C:\Windows\Microsoft.NET
2017-01-12 18:00:03 ----D---- C:\Windows\system32\sru
2017-01-12 17:50:38 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-01-12 17:37:27 ----HD---- C:\ProgramData
2017-01-11 22:28:22 ----SHD---- C:\Windows\Installer
2017-01-11 22:28:22 ----D---- C:\Windows\system32\DriverStore
2017-01-11 22:28:22 ----AD---- C:\Windows\system32\drivers
2017-01-11 22:28:08 ----HD---- C:\Windows\ELAMBKUP
2017-01-11 22:25:28 ----SHD---- C:\System Volume Information
2017-01-11 22:25:28 ----D---- C:\Windows\Logs
2017-01-11 20:30:56 ----D---- C:\Windows\SoftwareDistribution
2017-01-11 20:27:08 ----D---- C:\Windows\system32\catroot2
2017-01-11 20:26:35 ----D---- C:\Windows\debug
2017-01-11 20:26:23 ----RD---- C:\Program Files (x86)
2017-01-11 20:08:33 ----SD---- C:\ProgramData\Microsoft
2017-01-11 19:13:08 ----D---- C:\Windows\system32\config
2017-01-11 19:11:41 ----SHD---- C:\$Recycle.Bin
2017-01-11 19:11:41 ----D---- C:\Windows\SysWOW64
2017-01-11 19:11:23 ----D---- C:\Windows\system32\GroupPolicy
2017-01-11 19:03:48 ----D---- C:\Program Files (x86)\IObit
2017-01-11 19:03:48 ----D---- C:\Program Files (x86)\Common Files
2017-01-10 18:49:52 ----D---- C:\ProgramData\ProductData
2016-12-23 14:22:19 ----D---- C:\Windows\AppReadiness

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-12-13 132272]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-12-13 180544]
R1 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2016-12-13 70960]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 KuaiZipDrive;KuaiZipDrive; \??\C:\Windows\system32\drivers\KuaiZipDrive.sys [2017-01-11 92832]
R3 AtcL001;@netl160a.inf,%AtcL001.Service.DispName%;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x64.sys [2013-06-18 65024]
R3 athr;@netathrx.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athwnx.sys [2013-06-18 3680256]
R3 dtldrvhelp;dtldrvhelp; \??\c:\program files\safiplayer\dtldrvhelp64.sys [2016-12-29 58960]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-03-23 6192640]
R3 MTsensor;@oem3.inf,%ASACPI.DisplayName%;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2013-05-17 17280]
R3 WUDFSensorLP;@locationprovider.inf,%WudfLocationProviderDisplayName%;UMDF Reflector service for LocationProvider; C:\Windows\system32\DRIVERS\WUDFRd.sys [2013-08-22 230912]
R3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2013-08-22 230912]
R3 WUDFWpdMtp;WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [2013-08-22 230912]
S0 eelam;eelam; C:\Windows\system32\DRIVERS\eelam.sys [2016-12-13 15488]
S1 ucdrv;ucdrv; \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys []
S3 cpuz138;cpuz138; \??\C:\Users\Andrej\AppData\Local\Temp\cpuz138\cpuz138_x64.sys []
S3 dot4;@oem6.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2012-10-19 151968]
S3 Dot4Print;@oem7.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\Windows\System32\drivers\Dot4Prt.sys [2012-10-19 27040]
S3 dot4usb;@oem6.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2012-10-19 49056]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-08-22 121088]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-08-22 44544]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2013-08-22 78848]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService9;Advanced SystemCare Service 9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [2016-01-05 446240]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2016-12-14 2836296]
R2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2016-01-14 2945312]
R2 SaFiSvc;Local Media Service; C:\Windows\System32\svchost.exe [2013-08-22 37768]
S2 KuaizipUpdateChecker;KuaizipUpdateChecker; C:\Windows\System32\svchost.exe [2013-08-22 37768]
S2 Staoty;Staoty; C:\Windows\system32\svchost.exe [2013-08-22 37768]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-01-25 178760]

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Posielam log z adw


# AdwCleaner v6.042 - *Logfile created 12/01/2017 *at 19:14:11
# *Updated on 06/01/2017 by Malwarebytes
# *Database : 2017-01-11.1 [*Server]
# *Operating System : Windows 8.1 (X64)
# *Username : Andrej - ANDY
# *Running from : C:\Users\Andrej\Desktop\adwcleaner_6.042.exe
# *Mode: Clean
# *Support : https://www.malwarebytes.com/support



***** [ *Services ] *****

[-] *Service deleted: KuaiZipDrive
[-] *Service deleted: KuaizipUpdateChecker
[-] *Service deleted: ucdrv
[-] *Service deleted: SaFiSvc
[-] *Service deleted: dtldrvhelp


***** [ *Folders ] *****

[-] *Folder deleted: C:\Users\Andrej\AppData\Roaming\Kuaizip
[-] *Folder deleted: C:\Users\Andrej\AppData\Roaming\Softlink
[-] *Folder deleted: C:\Users\Andrej\AppData\Roaming\Microleaves
[-] *Folder deleted: C:\Program Files\SaFiPlayer
[-] *Folder deleted: C:\ProgramData\Microleaves
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\Microleaves
[-] *Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaFiPlayer
[-] *Folder deleted: C:\Program Files (x86)\ContentPush
[#] *Folder deleted on reboot: C:\Program Files (x86)\Microleaves


***** [ *Files ] *****

[-] *File deleted: C:\Windows\SysNative\drivers\KuaiZipDrive.sys


***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****

[-] *Shortcut disinfected: C:\Users\Andrej\Desktop\Google Chrome.lnk
[-] *Shortcut disinfected: C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] *Shortcut disinfected: C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] *Shortcut disinfected: C:\Users\Andrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] *Shortcut disinfected: C:\Users\Andrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] *Shortcut disinfected: C:\Users\Andrej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk


***** [ *Scheduled Tasks ] *****

[-] *Task deleted: PPI Update
[-] *Task deleted: Traffic Exchange Guardian
[-] *Task deleted: Traffic Exchange v2
[-] *Task deleted: Traffic Exchange Updater
[-] *Task deleted: Traffic Exchange
[-] *Task deleted: Traffic Exchange v2 Guard
[-] *Task deleted: Traffic Exchange v2 Guardian
[-] *Task deleted: Traffic Exchange Guard


***** [ *Registry ] *****

[-] *Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.001
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.002
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.003
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.004
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.005
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.006
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.007
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.008
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.009
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.01
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.010
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.011
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.012
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.013
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.014
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.015
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.016
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.017
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.018
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.019
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.02
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.020
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.021
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.022
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.023
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.024
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.025
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.026
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.027
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.028
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.029
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.03
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.030
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.031
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.032
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.033
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.034
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.035
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.036
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.037
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.038
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.039
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.04
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.040
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.041
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.042
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.043
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.044
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.045
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.046
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.047
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.048
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.049
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.05
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.050
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.051
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.052
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.053
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.054
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.055
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.056
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.057
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.058
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.059
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.06
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.060
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.061
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.062
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.063
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.064
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.065
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.066
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.067
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.068
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.069
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.07
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.070
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.071
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.072
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.073
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.074
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.075
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.076
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.077
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.078
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.079
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.08
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.080
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.081
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.082
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.083
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.084
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.085
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.086
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.087
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.088
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.089
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.09
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.090
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.091
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.092
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.093
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.094
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.095
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.096
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.097
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.098
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.099
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.7z
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.arj
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.bz2
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.cab
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.gz
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.gzip
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.jar
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.kz
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.lzh
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.mou
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.rar
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.rpm
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tar
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tbz
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tgz
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.wim
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.z
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.zip
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.001
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.002
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.003
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.004
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.005
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.006
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.007
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.008
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.009
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.01
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.010
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.011
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.012
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.013
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.014
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.015
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.016
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.017
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.018
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.019
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.02
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.020
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.021
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.022
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.023
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.024
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.025
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.026
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.027
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.028
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.029
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.03
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.030
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.031
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.032
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.033
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.034
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.035
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.036
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.037
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.038
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.039
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.04
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.040
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.041
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.042
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.043
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.044
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.045
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.046
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.047
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.048
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.049
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.05
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.050
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.051
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.052
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.053
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.054
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.055
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.056
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.057
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.058
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.059
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.06
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.060
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.061
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.062
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.063
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.064
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.065
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.066
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.067
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.068
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.069
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.07
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.070
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.071
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.072
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.073
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.074
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.075
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.076
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.077
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.078
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.079
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.08
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.080
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.081
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.082
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.083
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.084
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.085
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.086
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.087
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.088
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.089
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.09
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.090
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.091
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.092
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.093
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.094
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.095
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.096
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.097
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.098
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.099
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.7z
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.arj
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.bz2
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.cab
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gz
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gzip
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.jar
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.kz
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.lzh
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.mou
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rar
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rpm
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tar
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tbz
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tgz
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.wim
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.z
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.zip
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
[-] *Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}
[-] *Key deleted: HKU\.DEFAULT\Software\b`nl{y
[-] *Key deleted: HKU\S-1-5-21-3774827667-4058204309-1119026378-1001\Software\Installer
[-] *Key deleted: HKU\S-1-5-21-3774827667-4058204309-1119026378-1001\Software\UCBrowserPID
[-] *Key deleted: HKU\S-1-5-21-3774827667-4058204309-1119026378-1001\Software\AutoTime
[-] *Key deleted: HKU\S-1-5-21-3774827667-4058204309-1119026378-1001\Software\KuaiZip
[-] *Key deleted: HKU\S-1-5-21-3774827667-4058204309-1119026378-1001\Software\SNDA
[-] *Key deleted: HKU\S-1-5-21-3774827667-4058204309-1119026378-1001\Software\KuaiZipSFX
[-] *Key deleted: HKU\S-1-5-21-3774827667-4058204309-1119026378-1001\Software\SaFiPlayer
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\b`nl{y
[#] *Key deleted on reboot: HKCU\Software\Installer
[#] *Key deleted on reboot: HKCU\Software\UCBrowserPID
[#] *Key deleted on reboot: HKCU\Software\AutoTime
[#] *Key deleted on reboot: HKCU\Software\KuaiZip
[#] *Key deleted on reboot: HKCU\Software\SNDA
[#] *Key deleted on reboot: HKCU\Software\KuaiZipSFX
[#] *Key deleted on reboot: HKCU\Software\SaFiPlayer
[-] *Key deleted: HKLM\SOFTWARE\UCBrowserPID
[-] *Key deleted: HKLM\SOFTWARE\youndooSoftware
[-] *Key deleted: HKLM\SOFTWARE\b`nl{y
[-] *Key deleted: HKLM\SOFTWARE\Microleaves
[-] *Key deleted: HKLM\SOFTWARE\SaFiPlayer
[#] *Key deleted on reboot: [x64] HKCU\Software\Installer
[#] *Key deleted on reboot: [x64] HKCU\Software\UCBrowserPID
[#] *Key deleted on reboot: [x64] HKCU\Software\AutoTime
[#] *Key deleted on reboot: [x64] HKCU\Software\KuaiZip
[#] *Key deleted on reboot: [x64] HKCU\Software\SNDA
[#] *Key deleted on reboot: [x64] HKCU\Software\KuaiZipSFX
[#] *Key deleted on reboot: [x64] HKCU\Software\SaFiPlayer
[-] *Key deleted: [x64] HKLM\SOFTWARE\UCBrowser
[-] *Key deleted: [x64] HKLM\SOFTWARE\b`nl{y
[-] *Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[-] *Value deleted: HKU\S-1-5-21-3774827667-4058204309-1119026378-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [msiql]
[-] *Value deleted: HKU\S-1-5-21-3774827667-4058204309-1119026378-1001\Software\Microsoft\Windows\CurrentVersion\Run [svchost0]
[-] *Value deleted: HKU\S-1-5-21-3774827667-4058204309-1119026378-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [svchost0]
[#] *Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [svchost0]
[#] *Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [svchost0]
[-] *Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] *Key deleted: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] *Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] *Key deleted: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
[-] *Key deleted: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt


***** [ *Browsers ] *****



*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [23973 *Bytes] - [12/01/2017 19:14:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [21383 *Bytes] - [12/01/2017 19:12:05]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [24123 *Bytes] ##########

Dejte nový log RSIT.

Novy log z rsit

Logfile of random's system information tool 1.10 (written by random/random)
Run by Andrej at 2017-01-15 17:40:44
Microsoft Windows 8.1
System drive C: has 112 GB (73%) free of 152 GB
Total RAM: 2551 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:40:47, on 15.1.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16384)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\trend micro\Andrej.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL
O4 - HKCU\..\Run: [Google Update] C:\Users\Andrej\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [Advanced SystemCare 9] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: Odoslanie do programu OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Advanced SystemCare Service 9 (AdvancedSystemCareService9) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6510 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe"
"dwm.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
dashost.exe {cefe0ddc-eb1e-4401-98a598809fef36e1}
"C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe" /Task
taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe"
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\Andrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://qtipr.com/
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe --type=crashpad-handler /prefetch:7 "--database=C:\Users\Andrej\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Andrej\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=55.0.2883.87 --handshake-handle=0x12c
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1624 --on-initialized-event-handle=504 --parent-handle=500 /prefetch:6
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/*DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-databases --primordial-pipe-token=322A7B8BA852839525EA970E610F3F57 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=322A7B8BA852839525EA970E610F3F57 --mojo-platform-channel-handle=3016 /prefetch:1
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/*DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-d3d11 --disable-direct-composition --use-gl=swiftshader --supports-dual-gpus=false --swiftshader-path="C:\Users\Andrej\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1" --gpu-driver-bug-workarounds=6,14,16,17,18,21,37,54,65 --gpu-vendor-id=0x8086 --gpu-device-id=0x2972 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2697 --gpu-driver-date=10-1-2012 --service-request-channel-token=E46BC8546B35B3EE9939DC67D9EA6DA8 --mojo-platform-channel-handle=5216 --ignored=" --type=renderer " /prefetch:2
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/*DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-databases --primordial-pipe-token=B9E088721C79C6CD04D6EAAFFDDF6270 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=B9E088721C79C6CD04D6EAAFFDDF6270 --mojo-platform-channel-handle=4140 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 568 572 580 65536 576
taskhost.exe $(Arg0)

C:\Windows\WinStore\WSHost.exe -Embedding
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Andrej\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\ASC9_SkipUac_Andrej.job - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac
C:\Windows\tasks\Uninstaller_SkipUac_Andrej.job - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12 2472224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Andrej\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [2016-12-20 601752]
"Advanced SystemCare 9"=C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2016-01-11 2019616]

C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odoslanie do programu OneNote.lnk - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A52449C2-D3F5-11E6-8EE3-64006A5CFC35}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-15 17:25:41 ----ASH---- C:\pagefile.sys
2017-01-12 19:53:24 ----D---- C:\Windows\PCHEALTH
2017-01-12 19:51:11 ----D---- C:\Program Files\Microsoft Office
2017-01-12 19:50:57 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2017-01-12 19:50:21 ----D---- C:\Program Files (x86)\Microsoft Office
2017-01-12 19:50:11 ----RHD---- C:\MSOCache
2017-01-12 19:43:10 ----SHD---- C:\Config.Msi
2017-01-12 19:09:23 ----D---- C:\AdwCleaner
2017-01-12 19:02:11 ----D---- C:\Users\Andrej\AppData\Roaming\Macromedia
2017-01-12 18:53:37 ----D---- C:\rsit
2017-01-12 18:53:37 ----D---- C:\Program Files\trend micro
2017-01-12 17:37:27 ----D---- C:\ProgramData\Emsisoft
2017-01-12 17:35:32 ----D---- C:\Program Files\Emsisoft Anti-Malware
2017-01-11 22:27:02 ----D---- C:\ProgramData\ESET
2017-01-11 22:27:02 ----D---- C:\Program Files\ESET
2017-01-11 20:34:26 ----N---- C:\Windows\system32\MpSigStub.exe
2017-01-11 20:27:41 ----D---- C:\Users\Andrej\AppData\Roaming\Identities
2017-01-11 19:42:51 ----D---- C:\Windows\AutoKMS
2017-01-11 19:06:51 ----D---- C:\Program Files\żěŃą
2017-01-11 19:04:30 ----D---- C:\Program Files (x86)\Microleaves
2017-01-11 19:03:48 ----D---- C:\ProgramData\Avira
2017-01-11 19:03:48 ----D---- C:\ProgramData\Avg
2017-01-11 19:03:48 ----D---- C:\ProgramData\AVAST Software
2017-01-11 19:03:16 ----D---- C:\Users\Andrej\AppData\Roaming\Prernck
2017-01-11 19:03:14 ----D---- C:\Users\Andrej\AppData\Roaming\Profiles

======List of files/folders modified in the last 1 month======

2017-01-15 17:40:29 ----D---- C:\Windows\Prefetch
2017-01-15 17:39:40 ----RD---- C:\Windows\System32
2017-01-15 17:39:40 ----D---- C:\Windows\Inf
2017-01-15 17:39:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-15 17:36:05 ----D---- C:\Windows\system32\config
2017-01-15 17:35:58 ----A---- C:\Windows\SYSWOW64\slmgr.vbs
2017-01-15 17:35:58 ----A---- C:\Windows\system32\slmgr.vbs
2017-01-15 17:34:07 ----D---- C:\Windows\Temp
2017-01-15 17:25:40 ----D---- C:\Windows
2017-01-15 17:15:10 ----D---- C:\Windows\system32\sru
2017-01-12 20:12:42 ----RD---- C:\Program Files (x86)
2017-01-12 20:06:17 ----SHD---- C:\Windows\Installer
2017-01-12 20:06:10 ----RD---- C:\Windows\assembly
2017-01-12 20:05:16 ----D---- C:\Windows\ShellNew
2017-01-12 20:05:14 ----D---- C:\ProgramData\Microsoft Help
2017-01-12 20:01:08 ----SHD---- C:\System Volume Information
2017-01-12 19:55:48 ----D---- C:\Windows\WinSxS
2017-01-12 19:54:51 ----D---- C:\Windows\SysWOW64
2017-01-12 19:54:36 ----RSD---- C:\Windows\Fonts
2017-01-12 19:54:11 ----D---- C:\Program Files (x86)\Common Files
2017-01-12 19:53:24 ----D---- C:\Program Files (x86)\Microsoft.NET
2017-01-12 19:52:25 ----D---- C:\Windows\system32\Tasks
2017-01-12 19:52:05 ----D---- C:\Program Files\Common Files\microsoft shared
2017-01-12 19:52:03 ----SD---- C:\ProgramData\Microsoft
2017-01-12 19:51:11 ----RD---- C:\Program Files
2017-01-12 19:51:08 ----A---- C:\Windows\win.ini
2017-01-12 19:48:05 ----D---- C:\Windows\Microsoft.NET
2017-01-12 19:46:56 ----D---- C:\Program Files\Common Files
2017-01-12 19:46:54 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2017-01-12 19:44:29 ----D---- C:\Program Files\Common Files\System
2017-01-12 19:40:45 ----D---- C:\Windows\Tasks
2017-01-12 19:13:12 ----AD---- C:\Windows\system32\drivers
2017-01-12 19:13:09 ----HD---- C:\ProgramData
2017-01-12 18:39:18 ----SD---- C:\Users\Andrej\AppData\Roaming\Microsoft
2017-01-11 22:28:22 ----D---- C:\Windows\system32\DriverStore
2017-01-11 22:28:08 ----HD---- C:\Windows\ELAMBKUP
2017-01-11 22:25:28 ----D---- C:\Windows\Logs
2017-01-11 20:30:56 ----D---- C:\Windows\SoftwareDistribution
2017-01-11 20:27:08 ----D---- C:\Windows\system32\catroot2
2017-01-11 20:26:35 ----D---- C:\Windows\debug
2017-01-11 19:11:41 ----SHD---- C:\$Recycle.Bin
2017-01-11 19:11:23 ----D---- C:\Windows\system32\GroupPolicy
2017-01-11 19:03:48 ----D---- C:\Program Files (x86)\IObit
2017-01-10 18:49:52 ----D---- C:\ProgramData\ProductData
2016-12-23 14:22:19 ----D---- C:\Windows\AppReadiness

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-12-13 132272]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-12-13 180544]
R1 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2016-12-13 70960]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R3 AtcL001;@netl160a.inf,%AtcL001.Service.DispName%;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x64.sys [2013-06-18 65024]
R3 athr;@netathrx.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athwnx.sys [2013-06-18 3680256]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-03-23 6192640]
R3 MTsensor;@oem3.inf,%ASACPI.DisplayName%;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2013-05-17 17280]
S0 eelam;eelam; C:\Windows\system32\DRIVERS\eelam.sys [2016-12-13 15488]
S3 cpuz138;cpuz138; \??\C:\Users\Andrej\AppData\Local\Temp\cpuz138\cpuz138_x64.sys []
S3 dot4;@oem6.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2012-10-19 151968]
S3 Dot4Print;@oem7.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\Windows\System32\drivers\Dot4Prt.sys [2012-10-19 27040]
S3 dot4usb;@oem6.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2012-10-19 49056]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-08-22 121088]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-08-22 44544]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2013-08-22 78848]
S3 WUDFSensorLP;@locationprovider.inf,%WudfLocationProviderDisplayName%;UMDF Reflector service for LocationProvider; C:\Windows\system32\DRIVERS\WUDFRd.sys [2013-08-22 230912]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2013-08-22 230912]
S3 WUDFWpdMtp;WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [2013-08-22 230912]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService9;Advanced SystemCare Service 9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [2016-01-05 446240]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2016-12-14 2836296]
R2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2016-01-14 2945312]
S2 Staoty;Staoty; C:\Windows\system32\svchost.exe [2013-08-22 37768]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

-----------------EOF-----------------

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Windows\AutoKMS

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A52449C2-D3F5-11E6-8EE3-64006A5CFC35}"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Andrej at 2017-01-15 19:49:10
Microsoft Windows 8.1
System drive C: has 109 GB (72%) free of 152 GB
Total RAM: 2551 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:49:13, on 15.1.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16384)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Andrej.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL
O4 - HKCU\..\Run: [Google Update] C:\Users\Andrej\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [Advanced SystemCare 9] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: Odoslanie do programu OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Advanced SystemCare Service 9 (AdvancedSystemCareService9) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6522 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe"
"dwm.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
taskhostex.exe
dashost.exe {4abf0b60-e26e-41b2-a08c6c0174d24b4d}
"C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe" /Task
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe"

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
notepad "C:\Users\Andrej\Desktop\FRST.txt"
notepad "C:\Users\Andrej\Desktop\Addition.txt"
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\Andrej\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://qtipr.com/
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe --type=crashpad-handler /prefetch:7 "--database=C:\Users\Andrej\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Andrej\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=55.0.2883.87 --handshake-handle=0x130
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2252 --on-initialized-event-handle=316 --parent-handle=484 /prefetch:6
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=79313AB8CFF667992EF25A222469A3DA --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --service-request-channel-token=79313AB8CFF667992EF25A222469A3DA --mojo-platform-channel-handle=2480 /prefetch:1
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-databases --primordial-pipe-token=AFA27D76CEA0FD8F0E39F9868F00C865 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=AFA27D76CEA0FD8F0E39F9868F00C865 --mojo-platform-channel-handle=5040 /prefetch:1
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-databases --primordial-pipe-token=A30088A6B49F028E30B837898488A393 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=A30088A6B49F028E30B837898488A393 --mojo-platform-channel-handle=5808 /prefetch:1
"C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledBandwidthResumption/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_40/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --disable-d3d11 --disable-direct-composition --use-gl=swiftshader --supports-dual-gpus=false --swiftshader-path="C:\Users\Andrej\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1" --gpu-driver-bug-workarounds=6,14,16,17,18,21,37,54,65 --gpu-vendor-id=0x8086 --gpu-device-id=0x2972 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2697 --gpu-driver-date=10-1-2012 --service-request-channel-token=FEAA79B457F5311DCA65706937008980 --mojo-platform-channel-handle=5440 --ignored=" --type=renderer " /prefetch:2
taskhost.exe $(Arg0)

C:\Windows\WinStore\WSHost.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Andrej\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\ASC9_SkipUac_Andrej.job - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac
C:\Windows\tasks\Uninstaller_SkipUac_Andrej.job - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12 2472224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Andrej\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [2016-12-20 601752]
"Advanced SystemCare 9"=C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2016-01-11 2019616]

C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odoslanie do programu OneNote.lnk - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A52449C2-D3F5-11E6-8EE3-64006A5CFC35}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-15 19:42:08 ----D---- C:\FRST
2017-01-15 19:39:39 ----D---- C:\_OTM
2017-01-15 17:25:41 ----ASH---- C:\pagefile.sys
2017-01-12 19:53:24 ----D---- C:\Windows\PCHEALTH
2017-01-12 19:51:11 ----D---- C:\Program Files\Microsoft Office
2017-01-12 19:50:57 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2017-01-12 19:50:21 ----D---- C:\Program Files (x86)\Microsoft Office
2017-01-12 19:50:11 ----RHD---- C:\MSOCache
2017-01-12 19:43:10 ----SHD---- C:\Config.Msi
2017-01-12 19:09:23 ----D---- C:\AdwCleaner
2017-01-12 19:02:11 ----D---- C:\Users\Andrej\AppData\Roaming\Macromedia
2017-01-12 18:53:37 ----D---- C:\rsit
2017-01-12 18:53:37 ----D---- C:\Program Files\trend micro
2017-01-12 17:37:27 ----D---- C:\ProgramData\Emsisoft
2017-01-12 17:35:32 ----D---- C:\Program Files\Emsisoft Anti-Malware
2017-01-11 22:27:02 ----D---- C:\ProgramData\ESET
2017-01-11 22:27:02 ----D---- C:\Program Files\ESET
2017-01-11 20:34:26 ----N---- C:\Windows\system32\MpSigStub.exe
2017-01-11 20:27:41 ----D---- C:\Users\Andrej\AppData\Roaming\Identities
2017-01-11 19:06:51 ----D---- C:\Program Files\żěŃą
2017-01-11 19:04:30 ----D---- C:\Program Files (x86)\Microleaves
2017-01-11 19:03:48 ----D---- C:\ProgramData\Avira
2017-01-11 19:03:48 ----D---- C:\ProgramData\Avg
2017-01-11 19:03:48 ----D---- C:\ProgramData\AVAST Software
2017-01-11 19:03:16 ----D---- C:\Users\Andrej\AppData\Roaming\Prernck
2017-01-11 19:03:14 ----D---- C:\Users\Andrej\AppData\Roaming\Profiles

======List of files/folders modified in the last 1 month======

2017-01-15 19:44:44 ----RD---- C:\Windows\System32
2017-01-15 19:44:44 ----D---- C:\Windows\Inf
2017-01-15 19:44:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-15 19:44:25 ----D---- C:\Windows\Temp
2017-01-15 19:44:25 ----D---- C:\Windows\Prefetch
2017-01-15 19:44:07 ----D---- C:\Windows
2017-01-15 19:41:11 ----A---- C:\Windows\system32\slmgr.vbs
2017-01-15 19:41:10 ----A---- C:\Windows\SYSWOW64\slmgr.vbs
2017-01-15 19:02:00 ----D---- C:\Windows\system32\sru
2017-01-15 18:00:09 ----D---- C:\Windows\Microsoft.NET
2017-01-15 17:38:20 ----D---- C:\Windows\system32\config
2017-01-12 20:12:42 ----RD---- C:\Program Files (x86)
2017-01-12 20:06:17 ----SHD---- C:\Windows\Installer
2017-01-12 20:06:10 ----RD---- C:\Windows\assembly
2017-01-12 20:05:16 ----D---- C:\Windows\ShellNew
2017-01-12 20:05:14 ----D---- C:\ProgramData\Microsoft Help
2017-01-12 20:01:08 ----SHD---- C:\System Volume Information
2017-01-12 19:55:48 ----D---- C:\Windows\WinSxS
2017-01-12 19:54:51 ----D---- C:\Windows\SysWOW64
2017-01-12 19:54:36 ----RSD---- C:\Windows\Fonts
2017-01-12 19:54:11 ----D---- C:\Program Files (x86)\Common Files
2017-01-12 19:53:24 ----D---- C:\Program Files (x86)\Microsoft.NET
2017-01-12 19:52:25 ----D---- C:\Windows\system32\Tasks
2017-01-12 19:52:05 ----D---- C:\Program Files\Common Files\microsoft shared
2017-01-12 19:52:03 ----SD---- C:\ProgramData\Microsoft
2017-01-12 19:51:11 ----RD---- C:\Program Files
2017-01-12 19:51:08 ----A---- C:\Windows\win.ini
2017-01-12 19:46:56 ----D---- C:\Program Files\Common Files
2017-01-12 19:46:54 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2017-01-12 19:44:29 ----D---- C:\Program Files\Common Files\System
2017-01-12 19:40:45 ----D---- C:\Windows\Tasks
2017-01-12 19:13:12 ----AD---- C:\Windows\system32\drivers
2017-01-12 19:13:09 ----HD---- C:\ProgramData
2017-01-12 18:39:18 ----SD---- C:\Users\Andrej\AppData\Roaming\Microsoft
2017-01-11 22:28:22 ----D---- C:\Windows\system32\DriverStore
2017-01-11 22:28:08 ----HD---- C:\Windows\ELAMBKUP
2017-01-11 22:25:28 ----D---- C:\Windows\Logs
2017-01-11 20:30:56 ----D---- C:\Windows\SoftwareDistribution
2017-01-11 20:27:08 ----D---- C:\Windows\system32\catroot2
2017-01-11 20:26:35 ----D---- C:\Windows\debug
2017-01-11 19:11:41 ----SHD---- C:\$Recycle.Bin
2017-01-11 19:11:23 ----D---- C:\Windows\system32\GroupPolicy
2017-01-11 19:03:48 ----D---- C:\Program Files (x86)\IObit
2017-01-10 18:49:52 ----D---- C:\ProgramData\ProductData
2016-12-23 14:22:19 ----D---- C:\Windows\AppReadiness

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-12-13 132272]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-12-13 180544]
R1 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2016-12-13 70960]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R3 AtcL001;@netl160a.inf,%AtcL001.Service.DispName%;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x64.sys [2013-06-18 65024]
R3 athr;@netathrx.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athwnx.sys [2013-06-18 3680256]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-03-23 6192640]
R3 MTsensor;@oem3.inf,%ASACPI.DisplayName%;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2013-05-17 17280]
S0 eelam;eelam; C:\Windows\system32\DRIVERS\eelam.sys [2016-12-13 15488]
S3 cpuz138;cpuz138; \??\C:\Users\Andrej\AppData\Local\Temp\cpuz138\cpuz138_x64.sys []
S3 dot4;@oem6.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2012-10-19 151968]
S3 Dot4Print;@oem7.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\Windows\System32\drivers\Dot4Prt.sys [2012-10-19 27040]
S3 dot4usb;@oem6.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2012-10-19 49056]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-08-22 121088]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-08-22 44544]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2013-08-22 78848]
S3 WUDFSensorLP;@locationprovider.inf,%WudfLocationProviderDisplayName%;UMDF Reflector service for LocationProvider; C:\Windows\system32\DRIVERS\WUDFRd.sys [2013-08-22 230912]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2013-08-22 230912]
S3 WUDFWpdMtp;WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [2013-08-22 230912]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService9;Advanced SystemCare Service 9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [2016-01-05 446240]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2016-12-14 2836296]
R2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2016-01-14 2945312]
S2 Staoty;Staoty; C:\Windows\system32\svchost.exe [2013-08-22 37768]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

-----------------EOF-----------------

Smazáno. Nastala nějaká změna?

zdravim, pc ide pohode, aj rychlost webu a samostatnych aplikacii ale zmena nastane az ked sa vypne. Pri opetovnom zapnuti znova vyhodi stranku qtipr.com.

Zkusíme ještě tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Zdravim, posielam logy...
ZOEK

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Andrej on ut 17.01.2017 at 0:05:23,55.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Andrej\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

17.1.2017 0:06:32 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} deleted successfully
C:\Users\Andrej\AppData\Roaming\Prernck deleted successfully
C:\Users\Andrej\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} not found
C:\Users\Andrej\AppData\Roaming\ProductData deleted
C:\PROGRA~3\ProductData deleted
C:\Users\Andrej\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\tasks\ASC9_PerformanceMonitor deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted

==== Orphaned Tasks deleted from Registry ======================

ASC9_PerformanceMonitor deleted
AutoKMS deleted

==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

C:\Users\Andrej\AppData\Local\UCBrowser\User Data\Default\Preferences was reset successfully
C:\Users\Andrej\AppData\Local\UCBrowser\User Data\Default\Secure Preferences was reset successfully
C:\Users\Andrej\AppData\Local\UCBrowser\User Data\Default\Web Data.65 was reset successfully
C:\Users\Andrej\AppData\Local\UCBrowser\User Data\Default\Web Data.65-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Andrej\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Andrej\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Andrej\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Andrej\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Andrej\AppData\Local\UCBrowser\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=8 folders=9 33508 bytes)

==== Empty Temp Folders ======================

C:\Users\Andrej\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Andrej\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ut 17.01.2017 at 0:29:21,04 ======================


JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 8.1 x64
Ran by Andrej (Administrator) on ut 17.01.2017 at 0:31:22,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Andrej\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_Andrej (Task)
Successfully deleted: C:\Windows\Tasks\Uninstaller_SkipUac_Andrej.job (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ut 17.01.2017 at 0:33:29,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Změnilo se něco nyní?

zdravim, nie stale to iste nevidim ziadnu zmenu...

Který prohlížeč to dělá?

Pouziva tu google chrome a momentalne to zas hadze na tento web fanli90.cn/