snaživý svchost.exe
Napsal: 14 úno 2017 22:39
Dobrý den,
mám podezření, že bych nemusel mít PC úplně čistý. Firewall Esetu (který jsem nainstaloval teprve před nedávnem) pravidelně zachycuje velké množství žádostí programu svchost.exe.
Nejprve jsem to nechal projet pomocí Malwarebytes, kdy jsem kromě obvyklé kontroly zaškrtl i kontrolu rootkitů a vybral složku C:/Window/System32, log je zde:
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 14.02.2017
Čas skenování: 16:06
Protokol: mbmlog.txt
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2017.02.14.05
Databáze rootkitů: v2017.02.11.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: tomas
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 466235
Uplynulý čas: 18 min, 17 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 1
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe, 4816, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1]
Moduly: 1
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\UnifiedLogger.dll, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1],
Klíče registru: 3
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9676A6CD-6712-4070-BECB-096F161A0DAB}, Smazat při restartu, [7c6141615553db5b6fe0b6c4bf4158a8],
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SlimDrivers Startup, Smazat při restartu, [a934534f8f19b680c84b88f4cb35b44c],
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SlimWare Utilities, Inc.\DriverApp, Do karantény, [f8e581211d8bc96dc7096e0e8a76d42c],
Hodnoty registru: 1
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9676A6CD-6712-4070-BECB-096F161A0DAB}|Path, \SlimDrivers Startup, Smazat při restartu, [7c6141615553db5b6fe0b6c4bf4158a8]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 5
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers, Do karantény, [75686240a701979fc02a086d53ad32ce],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
Soubory: 26
PUP.Optional.DriverUpdate, C:\WINDOWS\SYSTEM32\drivers\SWDUMon.sys, Smazat při restartu, [98e8c921f7f17f113aaa128ec7310213],
PUP.Optional.SlimCleanerPlus, C:\Windows\Tasks\SlimDrivers Startup.job, Do karantény, [7d60c9d975331d19b3e814602dd33bc5],
PUP.Optional.SlimCleanerPlus, C:\Users\Public\Desktop\SlimDrivers.lnk, Do karantény, [12cbe7bbfdabec4a0e176b0b6e9206fa],
PUP.Optional.SlimCleanerPlus, C:\Windows\System32\Tasks\SlimDrivers Startup, Do karantény, [14c9564c7137fd393a6ed8a1f20ee21e],
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\Open-Source Licenses.txt, Do karantény, [8f4e554dbfe976c0eef4c2b2b0502fd1],
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1],
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\UnifiedLogger.dll, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers Help.lnk, Do karantény, [75686240a701979fc02a086d53ad32ce],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers.lnk, Do karantény, [75686240a701979fc02a086d53ad32ce],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\005BB5BBF7F552BFFBF52AF02E37C660200000000000345FCC.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00141FE31BF8001641E89EEB133ED9FA4800000000163A2080.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\001B1CDE8B777AABB630BC736144897F4E0000000006A1A0F6.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\002A07541DF4F606752FE30D7EF177C8900000000000483C71.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\002B0A103B66DEC69F4F7040C4BF8F054B00000000002ED18F.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\003B29C80AD8A0AA794582B026DB4FE73C0000000005EDB76C.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\0056DEB266A2ECC8EA232D69FB17CA5C40000000000C9BC44C.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\005CA653BA87097751073CDDAD564807AC0000000000B857FD.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00678166AB5A2F988B408CFE131B205DFB00000000003EAC01.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\007858BFCCC5799FD10783669CD4EA0912000000000DC39135.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\007D6016313FCE26C9F8C6F93F3576C2420000000000FD146D.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\0086337436C211BF368CB05A518E99F12400000000004F9189.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\008B6597F5E4682AA9AC883E66EA474A230000000000D63F18.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00B3E9AE34D73D900EFEB1240DFECD31E700000000004D02B1.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00BD94D85BC811AB9CF71734F43105C92B0000000005F06037.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00C336C3A8AA2885ED8A16528E4CC989F90000000000C4F2EC.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00E0CDBC3FC3F99D0553C655A2B543810C000000000082BF4D.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Program Slim Drivers by neměl být nebezpečný, ale radši jsem nechal vše vymazat, aby další výsledky byly přehlednější. Dále jsem spustil CCleaner, ve kterém jsem nechal nejprve analyzovat a spustil cleaner ve Windows a Aplikacích a dále jsem analyzoval a nechal opravit všechny chyby v registrech. Nakonec jsem to nechal ještě projet programem RSIT, log jsem rozdělil do dvou zpráv:
Logfile of random's system information tool 1.14 (written by random/random)
Run by tomas at 2017-02-14 21:58:14
Microsoft Windows 10 Education
System drive C: has 243 GB (56%) free of 436 GB
Total RAM: 8098 MB (38% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:58:15, on 14.02.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0726)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files\trend micro\tomas_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 14.0 Helper - {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-21-3629950189-3343636212-1747802599-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-21-3629950189-3343636212-1747802599-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDrive] "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3629950189-3343636212-1747802599-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [Uninstall C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64" (User '?')
O4 - HKUS\S-1-5-21-3629950189-3343636212-1747802599-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDrive] "C:\Users\Fanda\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = upce.cz,wifi-net.upce.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = upce.cz,wifi-net.upce.cz
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Xamarin Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Developer Tools Service (DeveloperToolsService) - Unknown owner - C:\Windows\System32\DeveloperToolsSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @oem73.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
--
End of file - 14719 bytes
======Enumerating Processes======
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4bc3c2ae-807a-4909-bb9d-c7371ab57d62 -SystemEventPortName:HostProcess-6fd68ab8-cd35-46a5-88f2-fd28df9f6cfd -IoCancelEventPortName:HostProcess-5dd72a78-5f43-472b-ac55-1ceb81cf6712 -NonStateChangingEventPortName:HostProcess-7b26ec88-deae-469a-a5a8-7ec9775b2c5e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8753b429-c0fb-403a-ab5e-a30dcaebc97d -DeviceGroupId:WudfDefaultDevicePool
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\WLANExt.exe 2827392367616
C:\Windows\System32\spoolsv.exe
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\system32\ibtsiva.exe
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\Windows\system32\svchost.exe -k SshBrokerGroup
C:\Windows\system32\svchost.exe -k appmodel
C:\Windows\system32\svchost.exe -k SshProxyGroup
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\system32\sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\taskhostw.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
"C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=gpu-process --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,19,23,40,59,71 --gpu-vendor-id=0x8086 --gpu-device-id=0x1616 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=20.19.15.4568 --gpu-driver-date=12-16-2016 --gpu-secondary-vendor-ids=0x10de --gpu-secondary-device-ids=0x1299 --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --service-request-channel-token=09AABA458274C7D3FD40092AC429840F --mojo-platform-channel-handle=1504 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=9D708145FBB58FE39E90BBA98354E2CF --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=9D708145FBB58FE39E90BBA98354E2CF --renderer-client-id=3 --mojo-platform-channel-handle=2096 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=89A82D8C6FBB0D2B25E0E3BC51905C56 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=89A82D8C6FBB0D2B25E0E3BC51905C56 --renderer-client-id=4 --mojo-platform-channel-handle=2112 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=F80D306EFA86864C0D12DB7C52F51E1C --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=F80D306EFA86864C0D12DB7C52F51E1C --renderer-client-id=5 --mojo-platform-channel-handle=2096 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=09170BA0A3B3F427C143F6F278620226 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=09170BA0A3B3F427C143F6F278620226 --renderer-client-id=6 --mojo-platform-channel-handle=2244 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=0029EF49944E0E0934A54E87D9DCAF8A --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=0029EF49944E0E0934A54E87D9DCAF8A --renderer-client-id=7 --mojo-platform-channel-handle=2252 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=3DA901ADA932F518F430E1B098249C5D --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=3DA901ADA932F518F430E1B098249C5D --renderer-client-id=8 --mojo-platform-channel-handle=2916 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=7AA6B8E99AE93C0798FB6B5DB1C55430 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=7AA6B8E99AE93C0798FB6B5DB1C55430 --renderer-client-id=11 --mojo-platform-channel-handle=3080 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=0307EACB8A40D4D7EE72CF932B903E7A --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=0307EACB8A40D4D7EE72CF932B903E7A --renderer-client-id=12 --mojo-platform-channel-handle=5964 /prefetch:1
C:\Windows\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
C:\Windows\system32\fontdrvhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=8064013FEB52155489A95994AC9D0B69 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=8064013FEB52155489A95994AC9D0B69 --renderer-client-id=29 --mojo-platform-channel-handle=9644 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=A2FEC230F70A95EA278151D75B1A9AEE --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=A2FEC230F70A95EA278151D75B1A9AEE --renderer-client-id=30 --mojo-platform-channel-handle=9876 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=53AB1D2E044ED9BB44BEDF093E7777BD --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=53AB1D2E044ED9BB44BEDF093E7777BD --renderer-client-id=31 --mojo-platform-channel-handle=10124 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=B72110798D5D3142B0251C32BFAA665B --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=B72110798D5D3142B0251C32BFAA665B --renderer-client-id=32 --mojo-platform-channel-handle=8524 /prefetch:1
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=518BB47A38C4F1D5DF59E28EAD7F7729 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=518BB47A38C4F1D5DF59E28EAD7F7729 --renderer-client-id=43 --mojo-platform-channel-handle=11792 /prefetch:1
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.202.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7912.40507.0_x64__8wekyb3d8bbwe\HxMail.exe" -ServerName:microsoft.windowslive.mail.AppX7fgs1v31b27fq9zen50wdw83aappcatm.mca
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7912.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\system32\taskhostw.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
C:\Windows\System32\smartscreen.exe -Embedding
C:\Windows\system32\AUDIODG.EXE 0x474
"C:\Users\tomas\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\update-S-1-5-21-3629950189-3343636212-1747802599-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Windows\system32\tasks\Opera scheduled Autoupdate 1474730951 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\update-S-1-5-21-3629950189-3343636212-1747802599-1001 - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\update-sys - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\{09CD85D6-0074-4140-9175-386AE26D4228} - C:\Windows\system32\pcalua.exe -a "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ\Setup.exe" -d "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ"
C:\Windows\system32\tasks\{61E897AF-4C88-4762-8343-6C659AA2C83A} - C:\Windows\system32\pcalua.exe -a "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ\Game.exe" -d "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ"
C:\Windows\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\Windows\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\Windows\system32\tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate - %comspec% /c start "AptPackageIndexUpdate" /min %windir%\System32\LxRun.exe /update
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\Windows\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - %systemroot%\system32\MusNotification.exe Display
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - %systemroot%\system32\MusNotification.exe ReadyToReboot
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\Windows\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\Windows\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\Windows\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\Windows\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\applicationdata\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\Windows\system32\tasks\Microsoft\Windows\applicationdata\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\Windows\system32\tasks\Microsoft\Windows\applicationdata\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\applicationdata\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\VisualStudio\VSIX Auto Update 14 - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
C:\Windows\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\Windows\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService
C:\Windows\system32\tasks\Microsoft\Office\Office Subscription Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload
=========Mozilla firefox=========
ProfilePath - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default\addons.json
SQLite Manager - extension - SQLiteManager@mrinalkant.blogspot.com
C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default\extensions.json
SQLite Manager - extension - SQLiteManager@mrinalkant.blogspot.com - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default\pluginreg.dat
Plugin - VLC Web Plugin - 2.2.4.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
Plugin - Google Update - 1.3.32.7 - C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - NVIDIA 3D VISION - 7.17.13.7654 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Plugin - NVIDIA 3D Vision - 7.17.13.7654 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
Plugin - Microsoft Office 2016 - 16.0.7571.7095 - C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
Plugin - Silverlight Plug-In - 5.1.20513.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
Plugin - Microsoft Office 2016 - 16.0.7571.7095 - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
Plugin - Java(TM) Platform SE 8 U121 - 11.121.2.13 - C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
Plugin - Java Deployment Toolkit 8.0.1210.13 - 11.121.2.13 - C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npdeployJava1.dll
Plugin - Foxit Reader Plugin for Mozilla - 2.2.5.1228 - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
=========Google Chrome=========
C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension bfojhefgpnccghohpddmflkacblipkka
Extension binjiceocgbfooocmheaenmmcominbpe
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension boeajhmfdjldchidhphikilcgdacljfm 0 Facebook 1.0.3
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.12.4
Extension ebjecbnjnlpimkjjbejpkpnnaikidkfn
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efgpgbcidmnhkoeceikdacelidndbfgl
Extension ejjicmeblgpmajnghnpcppodonldlgfn 0 Kalendář Google 4.5.10
Extension elioihkkcdgakfbahdoddophfngopipi 1 Photo Zoom for Facebook 1.1428.5.3
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension galfofdpepkcahkfobimileafiobdplb
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 2 Dokumenty Google offline 1.4
Extension hafdlehgocfcodbgjnpecfajgkeejnaa 1 NetBeans Connector 1.1.5
Extension hgdddaddoobhekenhpjbmfdbfbgdikid 1 Settings 1.1
Extension hijbjhjjipenfibfbleadidijdimlpmk
Extension ibiiaimghkbhffgkkdogldehnidojjga 1 History 1.0.5
Extension icppfcnhkcmnfdhfhphakoifcfokfdhg 0 Google Play Music 5.5
Extension ihmgiclibbndffejedjimfjmfoabpcke 1 Instant Translate: Select and Translate 3.1.3
Extension jfchnphgogjhineanplmfkofljiagjfb 1 Downloads 2
Extension jpnjjlbngpejmmhgcaagljaomgnginml 0 IP adresa 8.0
Extension kchdfagjljmhgapoonapmfngpadcjkhk 1 Viewport Dimensions 0.0.7
Extension khkndikhbnfgibpkpdgdnmdlcfpkichc
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lneaknkopdijkpnocmklfnjbeapigfbh 0 Mapy Google 5.4.1
Extension mafbdhjdkjnoafhfelkjpchpaepjknad 1 Morpheon Dark 3.1
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mfpkkoiibimbkkchgekkjcadbmjkmaia
Extension mgndgikekgjfcpckkfioiadnlibdjbkf
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension ndjpnladcallmjemlbaebfadecfhkepb 1 Office Online 1.5.0
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension niloccemoadcdkdjlinkgdfekeahmflj 1 Save to Pocket 2.1.17
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension ocahflfncldbecinbclgfbkgenbdpjjh
Extension odklcfojpedohplkimfdpcamkjnhanaj 0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: http://www.google.com
default_search_provider.search_url:
C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28 214208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22 571456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28 2888896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22 234560]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28 151232]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3}]
Microsoft Web Test Recorder 14.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-06 75104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28 1955528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22 186944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg_LENOVO_DOLBYDRAGON"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-09 1467400]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15 2398776]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2015-11-24 71168]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-03 3944136]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-09-09 16696832]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-09 1467400]
"RtHDVBg_LENOVO_MICPKEY"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-09 1467400]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-01-20 1517280]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-02-08 9363672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"=C:\Windows\system32\cmd.exe [2016-07-16 232960]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"=C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2016-07-11 225944]
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2015-10-23 708496]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
mám podezření, že bych nemusel mít PC úplně čistý. Firewall Esetu (který jsem nainstaloval teprve před nedávnem) pravidelně zachycuje velké množství žádostí programu svchost.exe.
Nejprve jsem to nechal projet pomocí Malwarebytes, kdy jsem kromě obvyklé kontroly zaškrtl i kontrolu rootkitů a vybral složku C:/Window/System32, log je zde:
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 14.02.2017
Čas skenování: 16:06
Protokol: mbmlog.txt
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2017.02.14.05
Databáze rootkitů: v2017.02.11.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: tomas
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 466235
Uplynulý čas: 18 min, 17 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 1
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe, 4816, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1]
Moduly: 1
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\UnifiedLogger.dll, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1],
Klíče registru: 3
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9676A6CD-6712-4070-BECB-096F161A0DAB}, Smazat při restartu, [7c6141615553db5b6fe0b6c4bf4158a8],
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SlimDrivers Startup, Smazat při restartu, [a934534f8f19b680c84b88f4cb35b44c],
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SlimWare Utilities, Inc.\DriverApp, Do karantény, [f8e581211d8bc96dc7096e0e8a76d42c],
Hodnoty registru: 1
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9676A6CD-6712-4070-BECB-096F161A0DAB}|Path, \SlimDrivers Startup, Smazat při restartu, [7c6141615553db5b6fe0b6c4bf4158a8]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 5
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers, Do karantény, [75686240a701979fc02a086d53ad32ce],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
Soubory: 26
PUP.Optional.DriverUpdate, C:\WINDOWS\SYSTEM32\drivers\SWDUMon.sys, Smazat při restartu, [98e8c921f7f17f113aaa128ec7310213],
PUP.Optional.SlimCleanerPlus, C:\Windows\Tasks\SlimDrivers Startup.job, Do karantény, [7d60c9d975331d19b3e814602dd33bc5],
PUP.Optional.SlimCleanerPlus, C:\Users\Public\Desktop\SlimDrivers.lnk, Do karantény, [12cbe7bbfdabec4a0e176b0b6e9206fa],
PUP.Optional.SlimCleanerPlus, C:\Windows\System32\Tasks\SlimDrivers Startup, Do karantény, [14c9564c7137fd393a6ed8a1f20ee21e],
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\Open-Source Licenses.txt, Do karantény, [8f4e554dbfe976c0eef4c2b2b0502fd1],
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1],
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\UnifiedLogger.dll, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers Help.lnk, Do karantény, [75686240a701979fc02a086d53ad32ce],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers.lnk, Do karantény, [75686240a701979fc02a086d53ad32ce],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\005BB5BBF7F552BFFBF52AF02E37C660200000000000345FCC.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00141FE31BF8001641E89EEB133ED9FA4800000000163A2080.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\001B1CDE8B777AABB630BC736144897F4E0000000006A1A0F6.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\002A07541DF4F606752FE30D7EF177C8900000000000483C71.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\002B0A103B66DEC69F4F7040C4BF8F054B00000000002ED18F.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\003B29C80AD8A0AA794582B026DB4FE73C0000000005EDB76C.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\0056DEB266A2ECC8EA232D69FB17CA5C40000000000C9BC44C.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\005CA653BA87097751073CDDAD564807AC0000000000B857FD.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00678166AB5A2F988B408CFE131B205DFB00000000003EAC01.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\007858BFCCC5799FD10783669CD4EA0912000000000DC39135.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\007D6016313FCE26C9F8C6F93F3576C2420000000000FD146D.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\0086337436C211BF368CB05A518E99F12400000000004F9189.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\008B6597F5E4682AA9AC883E66EA474A230000000000D63F18.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00B3E9AE34D73D900EFEB1240DFECD31E700000000004D02B1.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00BD94D85BC811AB9CF71734F43105C92B0000000005F06037.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00C336C3A8AA2885ED8A16528E4CC989F90000000000C4F2EC.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00E0CDBC3FC3F99D0553C655A2B543810C000000000082BF4D.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Program Slim Drivers by neměl být nebezpečný, ale radši jsem nechal vše vymazat, aby další výsledky byly přehlednější. Dále jsem spustil CCleaner, ve kterém jsem nechal nejprve analyzovat a spustil cleaner ve Windows a Aplikacích a dále jsem analyzoval a nechal opravit všechny chyby v registrech. Nakonec jsem to nechal ještě projet programem RSIT, log jsem rozdělil do dvou zpráv:
Logfile of random's system information tool 1.14 (written by random/random)
Run by tomas at 2017-02-14 21:58:14
Microsoft Windows 10 Education
System drive C: has 243 GB (56%) free of 436 GB
Total RAM: 8098 MB (38% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:58:15, on 14.02.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0726)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files\trend micro\tomas_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 14.0 Helper - {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-21-3629950189-3343636212-1747802599-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-21-3629950189-3343636212-1747802599-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDrive] "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3629950189-3343636212-1747802599-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [Uninstall C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64" (User '?')
O4 - HKUS\S-1-5-21-3629950189-3343636212-1747802599-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDrive] "C:\Users\Fanda\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = upce.cz,wifi-net.upce.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = upce.cz,wifi-net.upce.cz
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Xamarin Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Developer Tools Service (DeveloperToolsService) - Unknown owner - C:\Windows\System32\DeveloperToolsSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @oem73.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
--
End of file - 14719 bytes
======Enumerating Processes======
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4bc3c2ae-807a-4909-bb9d-c7371ab57d62 -SystemEventPortName:HostProcess-6fd68ab8-cd35-46a5-88f2-fd28df9f6cfd -IoCancelEventPortName:HostProcess-5dd72a78-5f43-472b-ac55-1ceb81cf6712 -NonStateChangingEventPortName:HostProcess-7b26ec88-deae-469a-a5a8-7ec9775b2c5e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8753b429-c0fb-403a-ab5e-a30dcaebc97d -DeviceGroupId:WudfDefaultDevicePool
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\WLANExt.exe 2827392367616
C:\Windows\System32\spoolsv.exe
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\system32\ibtsiva.exe
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\Windows\system32\svchost.exe -k SshBrokerGroup
C:\Windows\system32\svchost.exe -k appmodel
C:\Windows\system32\svchost.exe -k SshProxyGroup
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\system32\sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\taskhostw.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
"C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=gpu-process --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,19,23,40,59,71 --gpu-vendor-id=0x8086 --gpu-device-id=0x1616 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=20.19.15.4568 --gpu-driver-date=12-16-2016 --gpu-secondary-vendor-ids=0x10de --gpu-secondary-device-ids=0x1299 --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --service-request-channel-token=09AABA458274C7D3FD40092AC429840F --mojo-platform-channel-handle=1504 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=9D708145FBB58FE39E90BBA98354E2CF --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=9D708145FBB58FE39E90BBA98354E2CF --renderer-client-id=3 --mojo-platform-channel-handle=2096 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=89A82D8C6FBB0D2B25E0E3BC51905C56 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=89A82D8C6FBB0D2B25E0E3BC51905C56 --renderer-client-id=4 --mojo-platform-channel-handle=2112 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=F80D306EFA86864C0D12DB7C52F51E1C --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=F80D306EFA86864C0D12DB7C52F51E1C --renderer-client-id=5 --mojo-platform-channel-handle=2096 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=09170BA0A3B3F427C143F6F278620226 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=09170BA0A3B3F427C143F6F278620226 --renderer-client-id=6 --mojo-platform-channel-handle=2244 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=0029EF49944E0E0934A54E87D9DCAF8A --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=0029EF49944E0E0934A54E87D9DCAF8A --renderer-client-id=7 --mojo-platform-channel-handle=2252 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=3DA901ADA932F518F430E1B098249C5D --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=3DA901ADA932F518F430E1B098249C5D --renderer-client-id=8 --mojo-platform-channel-handle=2916 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=7AA6B8E99AE93C0798FB6B5DB1C55430 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=7AA6B8E99AE93C0798FB6B5DB1C55430 --renderer-client-id=11 --mojo-platform-channel-handle=3080 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=0307EACB8A40D4D7EE72CF932B903E7A --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=0307EACB8A40D4D7EE72CF932B903E7A --renderer-client-id=12 --mojo-platform-channel-handle=5964 /prefetch:1
C:\Windows\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
C:\Windows\system32\fontdrvhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=8064013FEB52155489A95994AC9D0B69 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=8064013FEB52155489A95994AC9D0B69 --renderer-client-id=29 --mojo-platform-channel-handle=9644 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=A2FEC230F70A95EA278151D75B1A9AEE --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=A2FEC230F70A95EA278151D75B1A9AEE --renderer-client-id=30 --mojo-platform-channel-handle=9876 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=53AB1D2E044ED9BB44BEDF093E7777BD --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=53AB1D2E044ED9BB44BEDF093E7777BD --renderer-client-id=31 --mojo-platform-channel-handle=10124 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=B72110798D5D3142B0251C32BFAA665B --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=B72110798D5D3142B0251C32BFAA665B --renderer-client-id=32 --mojo-platform-channel-handle=8524 /prefetch:1
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=518BB47A38C4F1D5DF59E28EAD7F7729 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=518BB47A38C4F1D5DF59E28EAD7F7729 --renderer-client-id=43 --mojo-platform-channel-handle=11792 /prefetch:1
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.202.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7912.40507.0_x64__8wekyb3d8bbwe\HxMail.exe" -ServerName:microsoft.windowslive.mail.AppX7fgs1v31b27fq9zen50wdw83aappcatm.mca
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7912.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\system32\taskhostw.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
C:\Windows\System32\smartscreen.exe -Embedding
C:\Windows\system32\AUDIODG.EXE 0x474
"C:\Users\tomas\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\update-S-1-5-21-3629950189-3343636212-1747802599-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Windows\system32\tasks\Opera scheduled Autoupdate 1474730951 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\update-S-1-5-21-3629950189-3343636212-1747802599-1001 - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\update-sys - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\{09CD85D6-0074-4140-9175-386AE26D4228} - C:\Windows\system32\pcalua.exe -a "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ\Setup.exe" -d "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ"
C:\Windows\system32\tasks\{61E897AF-4C88-4762-8343-6C659AA2C83A} - C:\Windows\system32\pcalua.exe -a "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ\Game.exe" -d "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ"
C:\Windows\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\Windows\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\Windows\system32\tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate - %comspec% /c start "AptPackageIndexUpdate" /min %windir%\System32\LxRun.exe /update
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\Windows\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - %systemroot%\system32\MusNotification.exe Display
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - %systemroot%\system32\MusNotification.exe ReadyToReboot
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\Windows\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\Windows\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\Windows\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\Windows\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\applicationdata\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\Windows\system32\tasks\Microsoft\Windows\applicationdata\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\Windows\system32\tasks\Microsoft\Windows\applicationdata\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\applicationdata\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\VisualStudio\VSIX Auto Update 14 - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
C:\Windows\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\Windows\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService
C:\Windows\system32\tasks\Microsoft\Office\Office Subscription Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload
=========Mozilla firefox=========
ProfilePath - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default\addons.json
SQLite Manager - extension - SQLiteManager@mrinalkant.blogspot.com
C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default\extensions.json
SQLite Manager - extension - SQLiteManager@mrinalkant.blogspot.com - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default\pluginreg.dat
Plugin - VLC Web Plugin - 2.2.4.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
Plugin - Google Update - 1.3.32.7 - C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - NVIDIA 3D VISION - 7.17.13.7654 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Plugin - NVIDIA 3D Vision - 7.17.13.7654 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
Plugin - Microsoft Office 2016 - 16.0.7571.7095 - C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
Plugin - Silverlight Plug-In - 5.1.20513.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
Plugin - Microsoft Office 2016 - 16.0.7571.7095 - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
Plugin - Java(TM) Platform SE 8 U121 - 11.121.2.13 - C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
Plugin - Java Deployment Toolkit 8.0.1210.13 - 11.121.2.13 - C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npdeployJava1.dll
Plugin - Foxit Reader Plugin for Mozilla - 2.2.5.1228 - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
=========Google Chrome=========
C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension bfojhefgpnccghohpddmflkacblipkka
Extension binjiceocgbfooocmheaenmmcominbpe
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension boeajhmfdjldchidhphikilcgdacljfm 0 Facebook 1.0.3
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.12.4
Extension ebjecbnjnlpimkjjbejpkpnnaikidkfn
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efgpgbcidmnhkoeceikdacelidndbfgl
Extension ejjicmeblgpmajnghnpcppodonldlgfn 0 Kalendář Google 4.5.10
Extension elioihkkcdgakfbahdoddophfngopipi 1 Photo Zoom for Facebook 1.1428.5.3
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension galfofdpepkcahkfobimileafiobdplb
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 2 Dokumenty Google offline 1.4
Extension hafdlehgocfcodbgjnpecfajgkeejnaa 1 NetBeans Connector 1.1.5
Extension hgdddaddoobhekenhpjbmfdbfbgdikid 1 Settings 1.1
Extension hijbjhjjipenfibfbleadidijdimlpmk
Extension ibiiaimghkbhffgkkdogldehnidojjga 1 History 1.0.5
Extension icppfcnhkcmnfdhfhphakoifcfokfdhg 0 Google Play Music 5.5
Extension ihmgiclibbndffejedjimfjmfoabpcke 1 Instant Translate: Select and Translate 3.1.3
Extension jfchnphgogjhineanplmfkofljiagjfb 1 Downloads 2
Extension jpnjjlbngpejmmhgcaagljaomgnginml 0 IP adresa 8.0
Extension kchdfagjljmhgapoonapmfngpadcjkhk 1 Viewport Dimensions 0.0.7
Extension khkndikhbnfgibpkpdgdnmdlcfpkichc
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lneaknkopdijkpnocmklfnjbeapigfbh 0 Mapy Google 5.4.1
Extension mafbdhjdkjnoafhfelkjpchpaepjknad 1 Morpheon Dark 3.1
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mfpkkoiibimbkkchgekkjcadbmjkmaia
Extension mgndgikekgjfcpckkfioiadnlibdjbkf
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension ndjpnladcallmjemlbaebfadecfhkepb 1 Office Online 1.5.0
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension niloccemoadcdkdjlinkgdfekeahmflj 1 Save to Pocket 2.1.17
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension ocahflfncldbecinbclgfbkgenbdpjjh
Extension odklcfojpedohplkimfdpcamkjnhanaj 0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: http://www.google.com
default_search_provider.search_url:
C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28 214208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22 571456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28 2888896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22 234560]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28 151232]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3}]
Microsoft Web Test Recorder 14.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-06 75104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28 1955528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22 186944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg_LENOVO_DOLBYDRAGON"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-09 1467400]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15 2398776]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2015-11-24 71168]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-03 3944136]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-09-09 16696832]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-09 1467400]
"RtHDVBg_LENOVO_MICPKEY"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-09 1467400]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-01-20 1517280]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-02-08 9363672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"=C:\Windows\system32\cmd.exe [2016-07-16 232960]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"=C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2016-07-11 225944]
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2015-10-23 708496]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*