VIRY.CZ

Dobrý deň,
posledné týždne ked pracujem z určitými stránkami tak mám sa mi zobrazujú reklamy ktoré by sa nemali kôli adblocku, tak by som chcel poprosiť preventívku na malware že či náhodou nemám nejaký.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Trifon at 2017-03-20 17:24:15
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 102 GB (45%) free of 229 GB
Total RAM: 8131 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:24:17, on 20. 3. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18618)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Trifon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "D:\Deamon tools\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - D:\Deamon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11711 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"D:\Deamon tools\DAEMON Tools Lite\DTAgent.exe" -autorun
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe"
AvastUI.exe /nogui
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"D:\Deamon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 584ea06d-fb53-4877-879b-0f014fa526c2 1
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "2462915531557894449399076609184076811020633408731999065659-1859186393-1837930263
\??\C:\Windows\system32\conhost.exe "292909887201792919766196070073385731-10944133722498564819553152641024307665
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-7af99364-d98c-48d5-a0cf-f655671d807a -SystemEventPortName:HostProcess-4ae1bff7-84a8-4242-9371-32696f7edb70 -IoCancelEventPortName:HostProcess-a77b4fc8-8c08-46e8-9aab-65ff7213d541 -NonStateChangingEventPortName:HostProcess-a655424c-2507-4b50-a8b7-009703d4bf59 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:aa916598-47d0-4f11-b930-8b0d1afda3a6 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"

C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Trifon\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=56.0.2924.87 --initial-client-data=0xf8,0xfc,0x100,0xf4,0x104,0x734a7598,0x734a75bc,0x734a75a4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1440 --on-initialized-event-handle=568 --parent-handle=572 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Combined1B/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/SEI_Experiment4/InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/SaveAsMenuText/default/SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled2/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingLaunched/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,18,19,20,23,40,71 --gpu-vendor-id=0x10de --gpu-device-id=0x05e6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4195 --gpu-driver-date=1-29-2016 --service-request-channel-token=FDA8CAE4FCC4D88363B374E05DD0BCED --mojo-platform-channel-handle=1268 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Combined1B/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/SEI_Experiment4/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/SaveAsMenuText/default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled2/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingLaunched/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --primordial-pipe-token=8362A7A9D72C6E6EF0E658F2080FFCF3 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=8362A7A9D72C6E6EF0E658F2080FFCF3 --renderer-client-id=4 --mojo-platform-channel-handle=2448 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Combined1B/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/SEI_Experiment4/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/SaveAsMenuText/default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled2/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingLaunched/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --primordial-pipe-token=C5DBCBC9633C14CF6A2DBD8FC5D0C655 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=C5DBCBC9633C14CF6A2DBD8FC5D0C655 --renderer-client-id=5 --mojo-platform-channel-handle=2476 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Combined1B/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/SEI_Experiment4/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/SaveAsMenuText/default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled2/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingLaunched/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --primordial-pipe-token=10076CA8BC4747E901CFAE36CF6088C0 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=10076CA8BC4747E901CFAE36CF6088C0 --renderer-client-id=6 --mojo-platform-channel-handle=2500 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Combined1B/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/SEI_Experiment4/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/SaveAsMenuText/default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled2/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingLaunched/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --primordial-pipe-token=E7C7CEF87EB24F2C2EC2DD2C897A0D6A --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=E7C7CEF87EB24F2C2EC2DD2C897A0D6A --renderer-client-id=7 --mojo-platform-channel-handle=2228 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Combined1B/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/SEI_Experiment4/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/SaveAsMenuText/default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled2/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingLaunched/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --primordial-pipe-token=63192C9F3F160BCE6874EC5388FE790C --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=63192C9F3F160BCE6874EC5388FE790C --renderer-client-id=8 --mojo-platform-channel-handle=2528 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Combined1B/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/SEI_Experiment4/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/SaveAsMenuText/default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled2/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingLaunched/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=96A718BD977F4CFB3D1F04C7C5715587 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=96A718BD977F4CFB3D1F04C7C5715587 --renderer-client-id=11 --mojo-platform-channel-handle=5112 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Combined1B/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/Control_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/SEI_Experiment4/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SaveAsMenuText/default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled2/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingLaunched/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=BA82AE0697AA9C7CC7BACA6D523B09F3 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=BA82AE0697AA9C7CC7BACA6D523B09F3 --renderer-client-id=28 --mojo-platform-channel-handle=2384 /prefetch:1
"C:\Users\Trifon\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

=========Mozilla firefox=========

ProfilePath - C:\Users\Trifon\AppData\Roaming\Mozilla\Firefox\Profiles\rk8vrt1e.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.malwarebytes.org/restorebrowser/"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
npwachk.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13 229064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-18 893936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27 255088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-23 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2017-02-23 2351920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13 163528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-18 771816]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27 193136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2014-01-22 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2017-02-23 1743664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27 255088]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27 193136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-10-22 7203032]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-01-29 2585744]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-01-29 1514528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"=D:\Deamon tools\DAEMON Tools Lite\DTAgent.exe [2017-02-07 4701888]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-08-25 293872]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-03-18 205512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-03-18 12:42:19 ----A---- C:\Windows\system32\drivers\aswbuniva.sys
2017-03-18 12:42:19 ----A---- C:\Windows\system32\drivers\aswbloga.sys
2017-03-18 12:42:19 ----A---- C:\Windows\system32\drivers\aswbidsha.sys
2017-03-18 12:42:19 ----A---- C:\Windows\system32\drivers\aswbidsdrivera.sys
2017-03-18 12:42:16 ----A---- C:\Windows\system32\aswBoot.exe
2017-03-18 12:42:09 ----A---- C:\Windows\system32\drivers\aswNetNd6.sys
2017-03-16 17:06:41 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-03-16 17:06:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-03-16 17:06:41 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-03-16 17:06:41 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-03-16 17:06:41 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-03-16 17:06:41 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-03-16 17:06:41 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-03-16 17:06:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-03-16 17:06:41 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-03-16 17:06:41 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-03-16 17:06:41 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-03-16 17:06:41 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-03-16 17:06:41 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-16 17:06:41 ----A---- C:\Windows\system32\inseng.dll
2017-03-16 17:06:41 ----A---- C:\Windows\system32\iertutil.dll
2017-03-16 17:06:41 ----A---- C:\Windows\system32\iernonce.dll
2017-03-16 17:06:41 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-03-16 17:06:41 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-03-16 17:06:41 ----A---- C:\Windows\system32\ie4uinit.exe
2017-03-16 17:06:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-03-16 17:06:40 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-03-16 17:06:40 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-03-16 17:06:40 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-03-16 17:06:40 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-03-16 17:06:40 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-03-16 17:06:40 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-03-16 17:06:40 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-03-16 17:06:40 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-03-16 17:06:40 ----A---- C:\Windows\system32\urlmon.dll
2017-03-16 17:06:40 ----A---- C:\Windows\system32\occache.dll
2017-03-16 17:06:40 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-16 17:06:40 ----A---- C:\Windows\system32\msfeeds.dll
2017-03-16 17:06:40 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-03-16 17:06:40 ----A---- C:\Windows\system32\iedkcs32.dll
2017-03-16 17:06:40 ----A---- C:\Windows\system32\dxtrans.dll
2017-03-16 17:06:39 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-03-16 17:06:39 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-03-16 17:06:39 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-03-16 17:06:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-03-16 17:06:39 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-03-16 17:06:39 ----A---- C:\Windows\system32\vbscript.dll
2017-03-16 17:06:39 ----A---- C:\Windows\system32\iesetup.dll
2017-03-16 17:06:39 ----A---- C:\Windows\system32\ieapfltr.dll
2017-03-16 17:06:38 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-03-16 17:06:38 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-03-16 17:06:38 ----A---- C:\Windows\system32\webcheck.dll
2017-03-16 17:06:38 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-03-16 17:06:38 ----A---- C:\Windows\system32\mshtmled.dll
2017-03-16 17:06:38 ----A---- C:\Windows\system32\jsproxy.dll
2017-03-16 17:06:38 ----A---- C:\Windows\system32\ieUnatt.exe
2017-03-16 17:06:38 ----A---- C:\Windows\system32\ieui.dll
2017-03-16 17:06:38 ----A---- C:\Windows\system32\ieframe.dll
2017-03-16 17:06:38 ----A---- C:\Windows\system32\dxtmsft.dll
2017-03-16 17:06:37 ----A---- C:\Windows\system32\wininet.dll
2017-03-16 17:06:37 ----A---- C:\Windows\system32\msrating.dll
2017-03-16 17:06:37 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-03-16 17:06:37 ----A---- C:\Windows\system32\jscript9diag.dll
2017-03-16 17:06:37 ----A---- C:\Windows\system32\jscript9.dll
2017-03-16 17:06:37 ----A---- C:\Windows\system32\jscript.dll
2017-03-16 17:06:36 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-03-16 17:06:36 ----A---- C:\Windows\system32\mshtml.dll
2017-03-16 17:06:35 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-03-16 17:06:35 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-03-16 17:06:35 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-03-16 17:06:35 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-03-16 17:06:35 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2017-03-16 17:06:35 ----A---- C:\Windows\system32\win32k.sys
2017-03-16 17:06:35 ----A---- C:\Windows\system32\schannel.dll
2017-03-16 17:06:35 ----A---- C:\Windows\system32\rpcrt4.dll
2017-03-16 17:06:35 ----A---- C:\Windows\system32\ntdll.dll
2017-03-16 17:06:35 ----A---- C:\Windows\system32\msxml3.dll
2017-03-16 17:06:35 ----A---- C:\Windows\system32\msv1_0.dll
2017-03-16 17:06:35 ----A---- C:\Windows\system32\lsasrv.dll
2017-03-16 17:06:35 ----A---- C:\Windows\system32\KernelBase.dll
2017-03-16 17:06:35 ----A---- C:\Windows\system32\kerberos.dll
2017-03-16 17:06:35 ----A---- C:\Windows\system32\DWrite.dll
2017-03-16 17:06:35 ----A---- C:\Windows\system32\advapi32.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\usp10.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\mscms.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\icm32.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-03-16 17:06:34 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\wow64win.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\wow64.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\winsrv.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\wdigest.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\usp10.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\TSpkg.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\sspicli.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\srcore.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\smss.exe
2017-03-16 17:06:34 ----A---- C:\Windows\system32\secur32.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\rstrui.exe
2017-03-16 17:06:34 ----A---- C:\Windows\system32\rpchttp.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\quartz.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\ntvdm64.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\ncrypt.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\mscms.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\lsass.exe
2017-03-16 17:06:34 ----A---- C:\Windows\system32\kernel32.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\inetcomm.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\icm32.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\gdi32.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\FntCache.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\drivers\srv.sys
2017-03-16 17:06:34 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-03-16 17:06:34 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-03-16 17:06:34 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-03-16 17:06:34 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-03-16 17:06:34 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-03-16 17:06:34 ----A---- C:\Windows\system32\drivers\appid.sys
2017-03-16 17:06:34 ----A---- C:\Windows\system32\csrsrv.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\cryptbase.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\conhost.exe
2017-03-16 17:06:34 ----A---- C:\Windows\system32\certcli.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\bcrypt.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\auditpol.exe
2017-03-16 17:06:34 ----A---- C:\Windows\system32\appidsvc.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-03-16 17:06:34 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-03-16 17:06:34 ----A---- C:\Windows\system32\appidapi.dll
2017-03-16 17:06:34 ----A---- C:\Windows\system32\adtschema.dll
2017-03-16 17:06:34 ----A---- C:\Windows\HelpPane.exe
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-16 17:06:33 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\WcsPlugInService.dll
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\user.exe
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\INETRES.dll
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-03-16 17:06:33 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-03-16 17:06:33 ----A---- C:\Windows\system32\wow64cpu.dll
2017-03-16 17:06:33 ----A---- C:\Windows\system32\WcsPlugInService.dll
2017-03-16 17:06:33 ----A---- C:\Windows\system32\sspisrv.dll
2017-03-16 17:06:33 ----A---- C:\Windows\system32\srclient.dll
2017-03-16 17:06:33 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-03-16 17:06:33 ----A---- C:\Windows\system32\msxml3r.dll
2017-03-16 17:06:33 ----A---- C:\Windows\system32\msobjs.dll
2017-03-16 17:06:33 ----A---- C:\Windows\system32\msaudite.dll
2017-03-16 17:06:33 ----A---- C:\Windows\system32\INETRES.dll
2017-03-16 17:06:33 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-03-16 17:06:33 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-03-16 17:06:33 ----A---- C:\Windows\system32\credssp.dll
2017-03-16 17:06:33 ----A---- C:\Windows\system32\apisetschema.dll
2017-03-16 17:06:16 ----A---- C:\Windows\system32\invagent.dll
2017-03-16 17:06:16 ----A---- C:\Windows\system32\generaltel.dll
2017-03-16 17:06:16 ----A---- C:\Windows\system32\devinv.dll
2017-03-16 17:06:16 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-03-16 17:06:16 ----A---- C:\Windows\system32\centel.dll
2017-03-16 17:06:16 ----A---- C:\Windows\system32\appraiser.dll
2017-03-16 17:06:16 ----A---- C:\Windows\system32\aepic.dll
2017-03-16 17:06:16 ----A---- C:\Windows\system32\aeinv.dll
2017-03-16 17:06:16 ----A---- C:\Windows\system32\acmigration.dll
2017-03-11 14:12:54 ----D---- C:\Users\Trifon\AppData\Roaming\Ponscripter
2017-02-24 17:51:35 ----A---- C:\Windows\system32\drivers\dtliteusbbus.sys
2017-02-24 17:50:28 ----A---- C:\Windows\system32\drivers\dtlitescsibus.sys
2017-02-24 17:50:15 ----D---- C:\Users\Trifon\AppData\Roaming\DAEMON Tools Lite
2017-02-24 17:49:29 ----D---- C:\ProgramData\DAEMON Tools Lite

======List of files/folders modified in the last 1 month======

2017-03-20 17:24:17 ----D---- C:\Program Files\trend micro
2017-03-20 17:20:25 ----D---- C:\Windows\Temp
2017-03-20 17:15:00 ----D---- C:\Users\Trifon\AppData\Roaming\vlc
2017-03-20 14:01:31 ----D---- C:\Users\Trifon\AppData\Roaming\uTorrent
2017-03-20 09:38:21 ----HD---- C:\ProgramData
2017-03-20 08:43:24 ----D---- C:\Users\Trifon\AppData\Roaming\CDisplayEx
2017-03-20 08:20:33 ----D---- C:\Windows\system32\Tasks
2017-03-20 08:19:01 ----D---- C:\Windows\system32\config
2017-03-20 08:11:13 ----D---- C:\Windows\System32
2017-03-20 08:11:13 ----D---- C:\Windows\inf
2017-03-20 08:11:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-03-20 08:05:17 ----D---- C:\ProgramData\NVIDIA
2017-03-19 17:21:03 ----D---- C:\Windows\system32\drivers
2017-03-19 08:31:53 ----D---- C:\Temp
2017-03-19 08:30:35 ----D---- C:\Windows\winsxs
2017-03-18 22:45:18 ----D---- C:\Program Files (x86)\Steam
2017-03-18 13:21:46 ----D---- C:\Windows\rescache
2017-03-18 12:42:36 ----SHD---- C:\System Volume Information
2017-03-18 12:42:36 ----D---- C:\Windows\system32\DriverStore
2017-03-18 12:42:19 ----D---- C:\ProgramData\AVAST Software
2017-03-17 07:48:40 ----D---- C:\Windows\SYSWOW64\sk-SK
2017-03-17 07:48:40 ----D---- C:\Windows\SYSWOW64\migration
2017-03-17 07:48:40 ----D---- C:\Windows\SYSWOW64\en-US
2017-03-17 07:48:40 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-03-17 07:48:40 ----D---- C:\Windows\SysWOW64
2017-03-17 07:48:40 ----D---- C:\Program Files\Internet Explorer
2017-03-17 07:48:40 ----D---- C:\Program Files\DVD Maker
2017-03-17 07:48:40 ----D---- C:\Program Files (x86)\Internet Explorer
2017-03-17 07:48:39 ----SD---- C:\Windows\system32\CompatTel
2017-03-17 07:48:39 ----D---- C:\Windows\system32\sk-SK
2017-03-17 07:48:39 ----D---- C:\Windows\system32\migration
2017-03-17 07:48:39 ----D---- C:\Windows\system32\en-US
2017-03-17 07:48:39 ----D---- C:\Windows\system32\cs-CZ
2017-03-17 07:48:39 ----D---- C:\Windows\system32\Boot
2017-03-17 07:48:39 ----D---- C:\Windows\system32\appraiser
2017-03-17 07:48:39 ----D---- C:\Windows\AppPatch
2017-03-17 07:48:39 ----D---- C:\Windows
2017-03-16 22:10:21 ----SHD---- C:\Windows\Installer
2017-03-16 22:10:09 ----D---- C:\ProgramData\Microsoft Help
2017-03-16 22:09:52 ----D---- C:\Windows\system32\MRT
2017-03-16 22:08:44 ----AC---- C:\Windows\system32\MRT.exe
2017-03-16 17:04:55 ----D---- C:\Windows\system32\catroot2
2017-03-15 22:42:35 ----RSD---- C:\Windows\assembly
2017-03-12 18:42:10 ----D---- C:\Program Files (x86)\Common Files
2017-03-12 17:44:57 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-03-12 17:42:45 ----D---- C:\Users\Trifon\AppData\Roaming\Nitroplus
2017-03-11 21:25:16 ----D---- C:\Users\Trifon\AppData\Roaming\dvdcss
2017-03-11 12:08:19 ----D---- C:\Users\Trifon\AppData\Roaming\SmartSteamEmu
2017-03-08 13:45:47 ----A---- C:\Windows\NeroDigital.ini
2017-03-04 11:08:08 ----D---- C:\ProgramData\Package Cache
2017-02-23 10:56:32 ----D---- C:\Windows\debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-03-18 189768]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-03-18 334600]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-03-18 48528]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-03-18 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-03-18 337592]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-08-07 644968]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-08-07 28008]
R0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-08-25 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2017-02-24 394296]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2012-08-22 15232]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-03-18 309272]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-03-18 32088]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2017-03-18 461640]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-03-18 100640]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-03-18 993608]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-03-18 548928]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-03-18 126600]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-03-18 162528]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2017-03-18 29432]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2017-02-24 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2017-02-24 47672]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-22 3692632]
R3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-08-25 383984]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-08-25 795120]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-01-29 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-08-18 38032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-12-28 805088]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-03-18 38296]
S3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [2016-01-18 78088]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver; C:\Windows\system32\DRIVERS\ISCTD.sys [2014-04-29 44744]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [2014-06-18 936728]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [2014-06-18 1360016]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-03-18 262736]
R2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-03-18 278784]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-29 1148560]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-29 1706128]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2016-01-29 21833360]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-01-29 932728]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-10-14 76888]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-01-29 426040]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-03-18 7147320]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; D:\Deamon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-07 1471168]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10 144200]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-29 51384]
S3 BRSptStub;BitRaider Mini-Support Service Stub Loader; C:\ProgramData\BitRaider\BRSptStub.exe [2016-01-18 363208]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-12-21 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-04 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-01-17 146888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-01-25 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-08-03 1452320]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-10-16 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]

-----------------EOF-----------------

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.

# AdwCleaner v6.044 - *Logfile created 21/03/2017 *at 08:24:56
# *Updated on 28/02/2017 by Malwarebytes
# *Database : 2017-03-20.1 [*Server]
# *Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# *Username : Trifon - TRIFON-PC
# *Running from : C:\Users\Trifon\Desktop\adwcleaner_6.044.exe
# *Mode: Clean
# *Support : https://www.malwarebytes.com/support



***** [ *Services ] *****



***** [ *Folders ] *****

[-] *Folder deleted: C:\Users\Trifon\AppData\Roaming\chportu


***** [ *Files ] *****

[-] *File deleted: C:\END


***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****



***** [ *Scheduled Tasks ] *****



***** [ *Registry ] *****

[-] *Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] *Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] *Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] *Value deleted: HKU\S-1-5-21-1601266965-4254244799-107981220-1000\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] *Key deleted: HKU\S-1-5-21-1601266965-4254244799-107981220-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2039DD3E-4E72-4C20-90E7-9FD959AA7D06}
[#] *Value deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2039DD3E-4E72-4C20-90E7-9FD959AA7D06}
[#] *Value deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2039DD3E-4E72-4C20-90E7-9FD959AA7D06}


***** [ *Browsers ] *****

[-] [C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] *Deleted: viceice.com
[-] [C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] *Deleted: hxxp://www.viceice.com/
[-] [C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default] [homepage] *Deleted: hxxp://www.viceice.com/


*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2561 *Bytes] - [21/03/2017 08:24:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [2692 *Bytes] - [21/03/2017 08:24:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2709 *Bytes] ##########

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

Počas prvého scanu som zabudol vypnúť antivurus tak som ho dal bežať ešte ráz

ComboFix 17-03-21.01 - Trifon . 03. 2017 16:54:47.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.8131.6368 [GMT 1:00]
Running from: c:\users\Trifon\Desktop\ComboFix.exe
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
FW: Avast Antivirus *Enabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Trifon\AppData\Roaming\Launcher.dat
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2017-02-21 to 2017-03-21 )))))))))))))))))))))))))))))))
.
.
2017-03-21 15:59 . 2017-03-21 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-03-21 07:34 . 2017-03-21 07:34 -------- d-----w- c:\programdata\SWCUTemp
2017-03-21 07:23 . 2017-03-21 07:24 -------- d-----w- C:\AdwCleaner
2017-03-18 11:42 . 2017-03-18 11:42 48528 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-03-18 11:42 . 2017-03-18 11:42 334600 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-03-18 11:42 . 2017-03-18 11:42 309272 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-03-18 11:42 . 2017-03-18 11:42 189768 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-03-18 11:42 . 2017-03-18 11:42 398408 ----a-w- c:\windows\system32\aswBoot.exe
2017-03-18 11:42 . 2017-03-18 11:42 29432 ----a-w- c:\windows\system32\drivers\aswNetNd6.sys
2017-03-11 13:12 . 2017-03-11 13:12 -------- d-----w- c:\users\Trifon\AppData\Roaming\Ponscripter
2017-02-25 16:23 . 2017-02-25 16:23 3310840 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1051\MSOINTL.DLL
2017-02-24 16:58 . 2017-02-24 16:58 -------- d-----w- c:\users\Trifon\AppData\Local\Disc_Soft_Ltd
2017-02-24 16:51 . 2017-02-24 16:51 47672 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys
2017-02-24 16:50 . 2017-02-24 16:51 30264 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2017-02-24 16:50 . 2017-03-21 07:19 -------- d-----w- c:\users\Trifon\AppData\Roaming\DAEMON Tools Lite
2017-02-24 16:49 . 2017-02-24 16:49 -------- d-----w- c:\programdata\DAEMON Tools Lite
2017-02-23 07:34 . 2017-02-23 07:34 26935040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2017-02-23 07:34 . 2017-02-23 07:34 133595904 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2017-02-23 07:29 . 2017-02-23 07:29 37548288 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2017-02-23 07:29 . 2017-02-23 07:29 133595904 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-18 11:42 . 2015-10-10 19:53 337592 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2017-03-18 11:42 . 2015-10-10 19:53 548928 ----a-w- c:\windows\system32\drivers\aswsp.sys
2017-03-18 11:42 . 2015-10-10 19:53 75704 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-03-18 11:42 . 2015-10-10 19:53 162528 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-03-18 11:42 . 2015-10-10 19:53 126600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-03-18 11:42 . 2015-10-10 19:53 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-03-18 11:42 . 2015-10-10 19:53 100640 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-03-18 11:42 . 2015-11-10 17:47 32088 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-03-18 11:42 . 2015-10-10 19:53 993608 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-03-18 11:42 . 2016-02-14 12:46 461640 ----a-w- c:\windows\system32\drivers\aswNetSec.sys
2017-03-16 21:08 . 2015-10-12 07:44 138634176 -c--a-w- c:\windows\system32\MRT.exe
2017-02-24 16:50 . 2015-10-10 19:46 394296 ----a-w- c:\windows\system32\drivers\sptd.sys
2017-02-09 16:32 . 2017-03-16 16:06 345600 ----a-w- c:\windows\system32\schannel.dll
2017-02-09 16:32 . 2017-03-16 16:06 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-02-09 16:14 . 2017-03-16 16:06 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-02-09 16:14 . 2017-03-16 16:06 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-02-09 16:14 . 2017-03-16 16:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-23 07:34 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-23 07:34 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-23 07:34 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="d:\deamon tools\DAEMON Tools Lite\DTAgent.exe" [2017-02-07 4701888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-08-25 293872]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-03-18 205512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys;c:\windows\SYSNATIVE\drivers\aswNetSec.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2015/10/10 21:44];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl;c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall Service;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\aswNetNd6.sys [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;d:\deamon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;d:\deamon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NVSTREAMKMS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-02-06 19:36 1368920 ----a-w- c:\program files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-23 07:29 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-23 07:29 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-23 07:29 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-18 11:42 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-18 11:42 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-10-22 7203032]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-01-29 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-01-29 1514528]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 217.23.254.124 217.23.254.125
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Trifon\AppData\Roaming\Mozilla\Firefox\Profiles\rk8vrt1e.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-03-21 17:01:41
ComboFix-quarantined-files.txt 2017-03-21 16:01
.
Pre-Run: 109 765 058 560 bytes free
Post-Run: 109 231 550 464 bytes free
.
- - End Of File - - 2A4AE54DA5C50116253BDD4F4DEB4D58
C925F0CB3A47C4DEA27DB7B20C7F30FE





ComboFix 17-03-21.01 - Trifon . 03. 2017 17:09:11.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.8131.6213 [GMT 1:00]
Running from: c:\users\Trifon\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
FW: Avast Antivirus *Enabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2017-02-21 to 2017-03-21 )))))))))))))))))))))))))))))))
.
.
2017-03-21 16:12 . 2017-03-21 16:12 -------- d-----w- C:\$AV_ASW
2017-03-21 16:11 . 2017-03-21 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-03-21 07:34 . 2017-03-21 07:34 -------- d-----w- c:\programdata\SWCUTemp
2017-03-21 07:23 . 2017-03-21 07:24 -------- d-----w- C:\AdwCleaner
2017-03-18 11:42 . 2017-03-18 11:42 48528 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-03-18 11:42 . 2017-03-18 11:42 334600 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-03-18 11:42 . 2017-03-18 11:42 309272 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-03-18 11:42 . 2017-03-18 11:42 189768 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-03-18 11:42 . 2017-03-18 11:42 398408 ----a-w- c:\windows\system32\aswBoot.exe
2017-03-18 11:42 . 2017-03-18 11:42 29432 ----a-w- c:\windows\system32\drivers\aswNetNd6.sys
2017-03-11 13:12 . 2017-03-11 13:12 -------- d-----w- c:\users\Trifon\AppData\Roaming\Ponscripter
2017-02-25 16:23 . 2017-02-25 16:23 3310840 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1051\MSOINTL.DLL
2017-02-24 16:58 . 2017-02-24 16:58 -------- d-----w- c:\users\Trifon\AppData\Local\Disc_Soft_Ltd
2017-02-24 16:51 . 2017-02-24 16:51 47672 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys
2017-02-24 16:50 . 2017-02-24 16:51 30264 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2017-02-24 16:50 . 2017-03-21 07:19 -------- d-----w- c:\users\Trifon\AppData\Roaming\DAEMON Tools Lite
2017-02-24 16:49 . 2017-02-24 16:49 -------- d-----w- c:\programdata\DAEMON Tools Lite
2017-02-23 07:34 . 2017-02-23 07:34 26935040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2017-02-23 07:34 . 2017-02-23 07:34 133595904 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2017-02-23 07:29 . 2017-02-23 07:29 37548288 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2017-02-23 07:29 . 2017-02-23 07:29 133595904 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-18 11:42 . 2015-10-10 19:53 337592 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2017-03-18 11:42 . 2015-10-10 19:53 548928 ----a-w- c:\windows\system32\drivers\aswsp.sys
2017-03-18 11:42 . 2015-10-10 19:53 75704 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-03-18 11:42 . 2015-10-10 19:53 162528 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-03-18 11:42 . 2015-10-10 19:53 126600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-03-18 11:42 . 2015-10-10 19:53 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-03-18 11:42 . 2015-10-10 19:53 100640 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-03-18 11:42 . 2015-11-10 17:47 32088 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-03-18 11:42 . 2015-10-10 19:53 993608 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-03-18 11:42 . 2016-02-14 12:46 461640 ----a-w- c:\windows\system32\drivers\aswNetSec.sys
2017-03-16 21:08 . 2015-10-12 07:44 138634176 -c--a-w- c:\windows\system32\MRT.exe
2017-02-24 16:50 . 2015-10-10 19:46 394296 ----a-w- c:\windows\system32\drivers\sptd.sys
2017-02-09 16:32 . 2017-03-16 16:06 345600 ----a-w- c:\windows\system32\schannel.dll
2017-02-09 16:32 . 2017-03-16 16:06 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-02-09 16:14 . 2017-03-16 16:06 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-02-09 16:14 . 2017-03-16 16:06 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-02-09 16:14 . 2017-03-16 16:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-23 07:34 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-23 07:34 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-23 07:34 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="d:\deamon tools\DAEMON Tools Lite\DTAgent.exe" [2017-02-07 4701888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-08-25 293872]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-03-18 205512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys;c:\windows\SYSNATIVE\drivers\aswNetSec.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall Service;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\aswNetNd6.sys [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;d:\deamon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;d:\deamon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NVSTREAMKMS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-02-06 19:36 1368920 ----a-w- c:\program files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-23 07:29 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-23 07:29 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-23 07:29 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-18 11:42 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-18 11:42 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-10-22 7203032]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-01-29 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-01-29 1514528]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 217.23.254.124 217.23.254.125
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Trifon\AppData\Roaming\Mozilla\Firefox\Profiles\rk8vrt1e.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-03-21 17:13:07
ComboFix-quarantined-files.txt 2017-03-21 16:13
ComboFix2.txt 2017-03-21 16:01
.
Pre-Run: 109 293 969 408 bytes free
Post-Run: 108 997 304 320 bytes free
.
- - End Of File - - D8C543268D090D33C5208F6699BCA302
C925F0CB3A47C4DEA27DB7B20C7F30FE

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jak se PC chová.

Vypadá to v poriadku ale v systemových hlaseniach mi ukazuje že "Služba Centrum zabezpečenia systemu Windows" je vypnutá a ked ho chcme zapnuť znova tak mi ukzauje že sa nedá spustiť

Slovak píše:Vypadá to v poriadku ale v systemových hlaseniach mi ukazuje že "Služba Centrum zabezpečenia systemu Windows" je vypnutá a ked ho chcme zapnuť znova tak mi ukzauje že sa nedá spustiť

Stiskni klávesy Windows + R do okna Spustit >> napiš - services.msc >> Enter. Najdi službu :

Centrum zabezpečení

dvojklikem se otevře karta kde službu spusť tlačítkem Spustit a mrkni zda je nastaveno Typ spouštění na Automaticky (Zpožděné spouštění) a klik na OK.

Nebo případně po označení řádku a vlevo nahoře klinutím na Restartovat službu restartuj.

Už to je zapnuté, bolo ho treba reštartovať. Ďakujem za pomoc

Slovak píše:Ďakujem za pomoc

Není zač a