VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vypíná se prohlížeč, restartuje se PC

https://forum.viry.cz:443/viewtopic.php?t=151987

Stránka 1 z 1

Vypíná se prohlížeč, restartuje se PC

Napsal: 27 dub 2017 19:00
od Kalashnikow88
Logfile of random's system information tool 1.14 (written by random/random)
Run by Radek at 2017-04-27 19:50:00
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 35 GB (24%) free of 145 GB
Total RAM: 3993 MB (49% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:50:03, on 27.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Bluestacks\HD-Agent.exe
C:\Users\Radek\AppData\Local\Viber\Viber.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files\trend micro\Radek_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ourluckysites.com/?type=hp&t ... X91E5B1P2B
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ourluckysites.com/?type=hp&t ... X91E5B1P2B
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ourluckysites.com/?type=hp&t ... X91E5B1P2B
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.ourluckysites.com/search/?ty ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ourluckysites.com/search/?ty ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ourluckysites.com/?type=hp&t ... X91E5B1P2B
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Viber] "C:\Users\Radek\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B3B6E01C1938511DBEAEB814D5F967BC] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_A48A36EBB8FD98192D8AFD811E8C3FA1] "C:\Program Files (x86)\Everness\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Plus Android Service (BstHdPlusAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EmbassyService - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Update Service(FirefoxU) (FirefoxU) - Unknown owner - C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\o2flash.exe (file missing)
O23 - Service: O2SDIOAssist - Unknown owner - C:\Windows\SysWOW64\srvany.exe
O23 - Service: Dell PBA x64 Service (PbaDrvSvc_x64) - Dell, Inc. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SI TSS v1.2.1.41 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WvPCR - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 15418 bytes

======Enumerating Processes======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Common Files\SPBA\upeksvr.exe"
C:\Windows\system32\WLANExt.exe 30613520
\??\C:\Windows\system32\conhost.exe "971931801-281220435-298421090-18760290011594609494-386112567-19321999021160371990
C:\Windows\System32\spoolsv.exe
"C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe"
C:\Windows\system32\taskhost.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe"
"C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
C:\Windows\system32\o2flash.exe
"C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
"C:\Windows\System32\igfxtray.exe"
C:\Windows\SysWOW64\srvany.exe
C:\Windows\sysWOW64\SDIOAssist.exe
"C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe"
"C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe"
"C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
"C:\Program Files (x86)\Bluestacks\HD-Agent.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
"C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe"
"C:\Users\Radek\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
C:\Windows\System32\alg.exe
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-0ea44ac3-76c6-4130-b236-42bad251e070 -SystemEventPortName:HostProcess-fa8c47a1-57e1-499b-a244-6c24cf98f490 -IoCancelEventPortName:HostProcess-35f2f532-90e9-4a2a-9aeb-07d9506b468c -NonStateChangingEventPortName:HostProcess-38830570-6ccc-426a-9157-9a434af5a5ba -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:af02de16-16d0-48e5-8b90-e8917a804c8e -DeviceGroupId:
C:\Windows\SysWOW64\svchost.exe -k WerrSvcGroup
C:\Windows\SysWOW64\rundll32.exe
"C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe"
C:\Windows\SysWOW64\ctfmon.exe
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\svchost.exe -k WinSAPSvc
C:\Windows\System32\svchost.exe -k SNARE
C:\Windows\SysWOW64\svchost.exe -k Kitty -s
C:\Windows\system32\taskeng.exe
"C:\Program Files (x86)\Everness\Application\chrome.exe"
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=watcher --main-thread-id=7944 --on-initialized-event-handle=340 --parent-handle=352 /prefetch:6
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=gpu-process --field-trial-handle=1148 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,18,19,20,23,41,61,74 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.3040 --gpu-driver-date=2-22-2013 --service-request-channel-token=00F55BFFD7B062FD2766FA6611FF8973 --mojo-platform-channel-handle=1160 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1148 --primordial-pipe-token=E39C0AA89A3096A4EF6F71C5490273C3 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=E39C0AA89A3096A4EF6F71C5490273C3 --renderer-client-id=4 --mojo-platform-channel-handle=2132 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1148 --primordial-pipe-token=579FBF1D35E9E3E4958870DF1772BC07 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=579FBF1D35E9E3E4958870DF1772BC07 --renderer-client-id=5 --mojo-platform-channel-handle=2036 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1148 --primordial-pipe-token=9D0CD292E9808EACC599317A2AC98696 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=9D0CD292E9808EACC599317A2AC98696 --renderer-client-id=10 --mojo-platform-channel-handle=4120 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1148 --primordial-pipe-token=31590BACEECE048F7CDF5BB9EE60F697 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=31590BACEECE048F7CDF5BB9EE60F697 --renderer-client-id=8 --mojo-platform-channel-handle=4456 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1148 --primordial-pipe-token=6DDE8BD75F9011B3298561B73541CF62 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=6DDE8BD75F9011B3298561B73541CF62 --renderer-client-id=13 --mojo-platform-channel-handle=5244 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1148 --primordial-pipe-token=E30FDF79606B24B37952C977F6E61EA8 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=E30FDF79606B24B37952C977F6E61EA8 --renderer-client-id=9 --mojo-platform-channel-handle=6024 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1148 --primordial-pipe-token=116A9600954C494D48ED313D543F0848 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=116A9600954C494D48ED313D543F0848 --renderer-client-id=16 --mojo-platform-channel-handle=6164 /prefetch:1
"C:\Users\Radek\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-Radek-PC-Radek - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\Awisjipy - "msiexec" /i HtTp://d2buh1bf1g584w.cloudfront.net/ms ... v=20170312 /q
C:\Windows\system32\tasks\CorelUpdateHelperTask - C:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume
C:\Windows\system32\tasks\CorelUpdateHelperTaskCore - c:\Program Files (x86)\Corel\CUH\v2\CUH.exe /t
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Joseck Helper - "C:\Program Files (x86)\Jerjers\hoquther.exe" 4920c815-5ad9-4e5b-af8e-4f40dc5cba6f
C:\Windows\system32\tasks\Milimili - "C:\Program Files (x86)\MIO\MIO.exe" -bindurl http://api.suibianmaimaicom.com/toshiba ... 5b1p2b.dat cmd=
C:\Windows\system32\tasks\Samsung Update - msiexec /i hTtP://D2Buh1bF1G584W.CLouDfRoNT.net/mm ... d=20170426 /q
C:\Windows\system32\tasks\Windows-PG - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\windows\psgo\psgo.ps1
C:\Windows\system32\tasks\WSCEAA - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe -schedule
C:\Windows\system32\tasks\{11C1075B-6CF3-4A17-9521-D064B25C2678} - C:\Users\Radek\AppData\Local\Viber\Viber.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-330345402-810464471-2490009223-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs

=========Google Chrome=========


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"=http://www.ourluckysites.com/search/?ty ... earchTerms}


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"=http://www.ourluckysites.com/search/?ty ... earchTerms}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2017-04-18 189288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2017-04-18 160192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"FreeFallProtection"=C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [2012-09-05 686744]
"IntelPROSet"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2013-07-17 4791024]
"IntelWirelessWiMAX"=C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [2010-11-14 1605632]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-03-14 172016]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-03-14 399856]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-03-14 442352]
"TdmNotify"=C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [2013-03-05 371024]
"DellAccessSystray"=C:\Program Files\Dell\Dell Data Protection\Access\DellAccessSysTray.exe [2013-03-11 101720]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2016-12-14 2776528]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-04-04 213824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"BlueStacks Agent"=C:\Program Files (x86)\Bluestacks\HD-Agent.exe [2016-08-11 978456]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2016-10-06 4557504]
"Viber"=C:\Users\Radek\AppData\Local\Viber\Viber.exe [2017-04-17 30676560]
"GoogleChromeAutoLaunch_B3B6E01C1938511DBEAEB814D5F967BC"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2017-04-19 1144664]
"GoogleChromeAutoLaunch_A48A36EBB8FD98192D8AFD811E8C3FA1"=C:\Program Files (x86)\Everness\Application\chrome.exe [2017-03-09 941912]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2012-08-17 2307944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2CD4F1CA-0597-11E7-9A3A-64006A5CFC35}"=C:\Users\Radek\AppData\Roaming\Gijerwardarement\Ckonagetoperght.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-04-27 19:07:47 ----D---- C:\Users\Radek\AppData\Roaming\Firefox
2017-04-27 19:07:30 ----AD---- C:\Program Files (x86)\Firefox
2017-04-27 19:07:16 ----D---- C:\Program Files (x86)\Everness
2017-04-26 19:18:21 ----D---- C:\Windows\psgo
2017-04-26 19:18:21 ----D---- C:\Program Files (x86)\MIO
2017-04-26 19:18:11 ----D---- C:\Users\Radek\AppData\Roaming\WinSAPSvc
2017-04-26 19:16:20 ----D---- C:\Program Files\MK
2017-04-26 19:16:17 ----D---- C:\Program Files (x86)\Jerjers
2017-04-26 19:16:15 ----D---- C:\Insist
2017-04-26 19:06:38 ----D---- C:\ProgramData\SWCUTemp
2017-04-12 20:37:13 ----D---- C:\Mobil DOOGEE
2017-04-11 20:12:39 ----A---- C:\Windows\system32\mshtml.dll
2017-04-11 20:12:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-04-11 20:12:36 ----A---- C:\Windows\system32\ieframe.dll
2017-04-11 20:12:35 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-04-11 20:12:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-04-11 20:12:34 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-04-11 20:12:34 ----A---- C:\Windows\system32\wuaueng.dll
2017-04-11 20:12:34 ----A---- C:\Windows\system32\wininet.dll
2017-04-11 20:12:34 ----A---- C:\Windows\system32\iertutil.dll
2017-04-11 20:12:33 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-04-11 20:12:33 ----A---- C:\Windows\system32\win32k.sys
2017-04-11 20:12:33 ----A---- C:\Windows\system32\ole32.dll
2017-04-11 20:12:32 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-04-11 20:12:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\wucltux.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\wuapi.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\win32spl.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\urlmon.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\ucrtbase.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\samsrv.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\quartz.dll
2017-04-11 20:12:31 ----A---- C:\Windows\system32\msfeeds.dll
2017-04-11 20:12:31 ----A---- C:\Windows\system32\gdi32.dll
2017-04-11 20:12:31 ----A---- C:\Windows\system32\cdosys.dll
2017-04-11 20:12:31 ----A---- C:\Windows\system32\atmfd.dll
2017-04-11 20:12:30 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-04-11 20:12:30 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-04-11 20:12:30 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-04-11 20:12:30 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-04-11 20:12:30 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-11 20:12:29 ----A---- C:\Windows\system32\iedkcs32.dll
2017-04-11 20:12:29 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-04-11 20:12:29 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 20:12:29 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\jscript.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-11 20:12:27 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-04-11 20:12:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-04-11 20:12:26 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-04-11 20:12:26 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-04-11 20:12:26 ----A---- C:\Windows\system32\samlib.dll
2017-04-11 20:12:26 ----A---- C:\Windows\system32\ntdll.dll
2017-04-11 20:12:26 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-04-11 20:12:26 ----A---- C:\Windows\system32\jscript9.dll
2017-04-11 20:12:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-04-11 20:12:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-04-11 20:12:26 ----A---- C:\Windows\system32\asycfilt.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\wuwebv.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\wups2.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\wups.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\webcheck.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\vbscript.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\srcore.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\rpcrt4.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\ie4uinit.exe
2017-04-11 20:12:25 ----A---- C:\Windows\system32\certcli.dll
2017-04-11 20:12:24 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-04-11 20:12:24 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-04-11 20:12:24 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\wudriver.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\wuauclt.exe
2017-04-11 20:12:24 ----A---- C:\Windows\system32\srclient.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\lsasrv.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\ieui.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\ieapfltr.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\dxtrans.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\dxtmsft.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-04-11 20:12:23 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\smss.exe
2017-04-11 20:12:23 ----A---- C:\Windows\system32\rstrui.exe
2017-04-11 20:12:23 ----A---- C:\Windows\system32\msrating.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\mshtmled.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\kernel32.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\kerberos.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\jscript9diag.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\advapi32.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\wuapp.exe
2017-04-11 20:12:22 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\wow64win.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\wow64.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\winsrv.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\wdigest.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\TSpkg.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\sspicli.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\schannel.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\occache.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\ncrypt.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\msv1_0.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-11 20:12:22 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\KernelBase.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\jsproxy.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\inseng.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\ieUnatt.exe
2017-04-11 20:12:22 ----A---- C:\Windows\system32\iesetup.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-04-11 20:12:22 ----A---- C:\Windows\system32\conhost.exe
2017-04-11 20:12:22 ----A---- C:\Windows\system32\bcrypt.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\wow64cpu.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\sspisrv.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\rpchttp.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\lsass.exe
2017-04-11 20:12:21 ----A---- C:\Windows\system32\lpk.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\iernonce.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-04-11 20:12:21 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-04-11 20:12:21 ----A---- C:\Windows\system32\drivers\appid.sys
2017-04-11 20:12:21 ----A---- C:\Windows\system32\csrsrv.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\cryptbase.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\cdd.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\user.exe
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\tzres.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\secur32.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\ntvdm64.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\fontsub.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\dciman32.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\credssp.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\auditpol.exe
2017-04-11 20:12:20 ----A---- C:\Windows\system32\atmlib.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\appidsvc.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-04-11 20:12:20 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-04-11 20:12:20 ----A---- C:\Windows\system32\appidapi.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\apisetschema.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\adtschema.dll
2017-04-11 20:12:19 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-04-11 20:12:19 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-04-11 20:12:19 ----A---- C:\Windows\system32\msobjs.dll
2017-04-11 20:12:19 ----A---- C:\Windows\system32\msaudite.dll
2017-04-11 20:12:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-04-09 21:16:37 ----D---- C:\Program Files (x86)\Haali
2017-04-09 21:12:47 ----A---- C:\Windows\SYSWOW64\ff_vfw.dll
2017-04-09 21:12:46 ----D---- C:\Program Files (x86)\ffdshow
2017-04-09 20:56:32 ----D---- C:\Users\Radek\AppData\Roaming\dvdcss
2017-04-04 17:21:32 ----A---- C:\Windows\system32\aswBoot.exe

======List of files/folders modified in the last 1 month======

2017-04-27 19:50:02 ----D---- C:\Program Files\trend micro
2017-04-27 19:50:00 ----D---- C:\rsit
2017-04-27 19:49:27 ----D---- C:\Windows\system32\Tasks
2017-04-27 19:48:02 ----SHD---- C:\Windows\Installer
2017-04-27 19:48:02 ----SHD---- C:\Config.Msi
2017-04-27 19:48:02 ----RD---- C:\Program Files (x86)
2017-04-27 19:48:02 ----D---- C:\Windows\Temp
2017-04-27 19:09:40 ----D---- C:\Windows\SysWOW64
2017-04-27 19:07:50 ----D---- C:\Users\Radek\AppData\Roaming\Mozilla
2017-04-27 19:07:24 ----D---- C:\ProgramData\Apple
2017-04-27 19:04:25 ----D---- C:\Windows\system32\drivers
2017-04-27 17:32:35 ----D---- C:\Windows\system32\config
2017-04-27 17:21:11 ----D---- C:\Windows\System32
2017-04-27 17:21:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-27 17:21:10 ----D---- C:\Windows\inf
2017-04-27 17:17:14 ----A---- C:\Windows\SYSWOW64\log.txt
2017-04-27 17:16:55 ----D---- C:\Users\Radek\AppData\Roaming\ViberPC
2017-04-26 19:18:21 ----D---- C:\Windows
2017-04-26 19:16:20 ----RD---- C:\Program Files
2017-04-26 19:06:55 ----D---- C:\Windows\Prefetch
2017-04-26 19:06:38 ----HD---- C:\ProgramData
2017-04-23 19:12:45 ----D---- C:\Program Files (x86)\Common Files
2017-04-23 18:49:31 ----D---- C:\Program Files (x86)\McAfee
2017-04-19 19:26:26 ----HD---- C:\Windows\system32\WLANProfiles
2017-04-13 22:45:22 ----D---- C:\Windows\rescache
2017-04-12 22:37:40 ----D---- C:\Windows\Microsoft.NET
2017-04-12 21:04:24 ----RSD---- C:\Windows\assembly
2017-04-12 20:30:06 ----D---- C:\Windows\winsxs
2017-04-12 20:25:51 ----D---- C:\Program Files\Internet Explorer
2017-04-12 20:25:50 ----D---- C:\Windows\SYSWOW64\en-US
2017-04-12 20:25:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-04-12 20:25:48 ----D---- C:\Windows\system32\cs-CZ
2017-04-12 20:25:47 ----D---- C:\Windows\system32\en-US
2017-04-12 20:25:43 ----D---- C:\Windows\AppPatch
2017-04-12 20:25:43 ----D---- C:\Program Files (x86)\Internet Explorer
2017-04-12 20:25:41 ----D---- C:\Windows\system32\Boot
2017-04-11 22:14:43 ----D---- C:\ProgramData\Microsoft Help
2017-04-11 22:09:56 ----D---- C:\Windows\system32\MRT
2017-04-11 22:05:20 ----AC---- C:\Windows\system32\MRT.exe
2017-04-11 22:01:35 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-04-11 21:58:31 ----SHD---- C:\System Volume Information
2017-04-11 20:07:14 ----D---- C:\Windows\system32\catroot2
2017-04-11 19:51:09 ----D---- C:\Windows\system32\NDF
2017-03-29 18:33:18 ----D---- C:\Windows\system32\wdi

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-04-04 189768]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-04-04 334088]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-04-04 48528]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-04-04 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-04-04 339696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-12-04 213888]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdcfltn.sys [2011-07-15 22128]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-04-04 307736]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-04-04 101152]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-04-04 1005048]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-04-04 556784]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2012-12-04 514560]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\Windows\system32\drivers\mbae64.sys [2017-04-19 77440]
R1 QuickCryptoOTFE;QuickCryptoOTFE; C:\Windows\system32\DRIVERS\QuickCryptoOTFE-x64.sys [2013-11-23 233648]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-04-04 127112]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-04-04 164064]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [2017-01-12 176064]
R3 Acceler;Accelerometer Service; C:\Windows\system32\DRIVERS\accelern.sys [2012-05-23 27760]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator; C:\Windows\system32\DRIVERS\bpenum.sys [2010-10-25 75264]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2016-05-28 349736]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2016-05-28 107560]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2016-05-28 138280]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2016-05-28 39464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2016-05-28 21416]
R3 dcdbas;System Management Driver; C:\Windows\system32\DRIVERS\dcdbas64.sys [2012-09-23 39016]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-11-10 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-11-10 47672]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-02-22 5358016]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-02-27 342528]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2017-04-27 251832]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-01-23 57376]
R3 mfesapsn;McAfee Process Start Notification Service; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2016-06-06 46240]
R3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwsw00.sys [2013-05-29 11524096]
R3 O2MDRRDR;O2MDRRDR; C:\Windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
R3 O2SDJRDR;O2SDJRDR; C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [2011-11-14 84712]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-04-04 38296]
S3 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [2016-08-11 152672]
S3 BstkDrv;BlueStacks Plus Hypervisor; \??\C:\Program Files (x86)\Bluestacks\BstkDrv.sys [2016-07-28 307768]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\DRIVERS\dmvsc.sys [2012-12-04 71168]
S3 MBAMFarflt;MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [2017-01-24 102856]
S3 MBAMProtection;MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [2017-01-24 43968]
S3 MBAMWebProtection;MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [2017-01-24 81696]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2012-12-04 165888]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2012-12-04 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2012-12-04 109056]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2012-12-04 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-12-04 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\DRIVERS\TsUsbGD.sys [2012-12-04 31232]
S3 vmbus;vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [2012-12-04 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2012-12-04 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-02-02 82640]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [2016-08-11 425496]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-10-27 957216]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]
R2 EmbassyService;EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2013-03-11 231792]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2013-07-17 626416]
R2 Kitty;Kitty; C:\Windows\syswow64\svchost.exe [2009-07-14 20992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-01-23 327672]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2016-12-14 4317648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2017-04-18 188264]
R2 O2FLASH;O2FLASH; C:\Windows\system32\o2flash.exe [2011-11-16 244328]
R2 O2SDIOAssist;O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [2003-04-19 8192]
R2 PbaDrvSvc_x64;Dell PBA x64 Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [2013-01-21 21504]
R2 PSI_SVC_2;Corel License Validation Service V2, Powered by arvato; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 277360]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2013-07-17 149744]
R2 SNARE;SNARE; C:\Windows\System32\svchost.exe -k SNARE;"ServiceDll"=C:\Users\Radek\AppData\Local\SNARE\Snare.dll
R2 TdmService;TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2013-03-05 5159760]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-01-23 2595832]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2013-02-26 1773056]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2016-10-06 1468608]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S2 AppleCloudSvc;Apple Cloud Service; %SystemRoot%\System32\svchost.exe -k WerrSvcGroup;"ServiceDll"=C:\ProgramData\Apple\Common\Cloud\WinHelper.dll
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-04-04 261712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-20 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-20 125064]
S2 FirefoxU;Update Service(FirefoxU); C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [2017-04-27 108208]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-10 153752]
S2 tcsd_win32.exe;SI TSS v1.2.1.41 TCS; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [2012-05-11 1643520]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-04-04 7398336]
S3 BstHdAndroidSvc;BlueStacks Android Service ; C:\Program Files (x86)\Bluestacks\HD-Service.exe [2016-08-11 445976]
S3 BstHdPlusAndroidSvc;BlueStacks Plus Android Service ; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [2016-08-11 462360]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-03-14 279024]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2017-03-12 1484080]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [2017-03-12 1074480]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-10 153752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-25 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-07-17 273136]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 SecureStorageService;SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2013-02-01 2215272]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2017-03-12 79360]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\system32\storsvc.dll
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-05-31 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-20 51320]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]

-----------------EOF-----------------

Re: Vypíná se prohlížeč, restartuje se PC

Napsal: 27 dub 2017 19:53
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Vypíná se prohlížeč, restartuje se PC

Napsal: 28 dub 2017 17:58
od Kalashnikow88
# AdwCleaner v6.046 - Log vytvořen 28/04/2017 v 18:52:46
# Aktualizováno dne 24/04/2017 z Malwarebytes
# Databáze : 2017-04-25.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Radek - RADEK-PC
# Spuštěno z : C:\Users\Radek\Desktop\adwcleaner_6.046.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: FirefoxU
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: SNARE
[-] Služba smazána: Kitty


***** [ Složky ] *****

[-] Složka smazána: C:\Users\Radek\AppData\Roaming\WinSAPSvc
[-] Složka smazána: C:\Program Files (x86)\Joseck Helper
[-] Složka smazána: C:\Program Files (x86)\Firefox
[-] Složka smazána: C:\Users\Radek\AppData\Roaming\Firefox
[-] Složka smazána: C:\Users\Radek\AppData\Local\Firefox
[#] Složka smazána po restartu: C:\Users\Radek\AppData\Local\SNARE
[-] Složka smazána: C:\Users\Radek\AppData\Local\Kitty


***** [ Soubory ] *****

[-] Soubor smazán: C:\TOSTACK
[-] Soubor smazán: C:\Users\Radek\AppData\Roaming\Installer.dat
[-] Soubor smazán: C:\Users\Radek\AppData\Roaming\Main.dat
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****

[-] Zástupce vyléčen: C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce vyléčen: C:\Users\Radek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce vyléčen: C:\Users\Radek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk


***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Awisjipy
[-] Úloha smazána: Samsung Update
[-] Úloha smazána: Milimili
[-] Úloha smazána: Joseck Helper
[-] Úloha smazána: Windows-PG


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[-] Klíč smazán: HKU\.DEFAULT\Software\jhdbca
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\jhdbca
[-] Klíč smazán: HKLM\SOFTWARE\trotuxSoftware
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\jhdbca
[-] Klíč smazán: HKLM\SOFTWARE\msServer
[-] Klíč smazán: HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
[-] Klíč smazán: HKLM\SOFTWARE\ourluckysitesSoftware
[-] Klíč smazán: [x64] HKLM\SOFTWARE\jhdbca
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data obnovena: HKU\S-1-5-21-330345402-810464471-2490009223-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKU\S-1-5-21-330345402-810464471-2490009223-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Klíč smazán: HKU\S-1-5-21-330345402-810464471-2490009223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKU\S-1-5-21-330345402-810464471-2490009223-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Data obnovena: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Klíč smazán: HKCU\SOFTWARE\Classes\ChromeHTML


***** [ Prohlížeče ] *****

[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Smazáno: yessearches
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Smazáno: yessearches.com
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Smazáno: piesearch.com
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Smazáno: trotux
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Smazáno: hxxp://www.yessearches.com/?mode=nnnb&ptid=dam ... C34oCHEsA0..
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Smazáno: hxxp://www.trotux.com/?z=0bc2511fbc13bf25d0b87 ... 2B&type=hp
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Smazáno: mppnoffgpafgpgbaigljliadgbnhljfl
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Smazáno: nafaimnnclfjfedmmabolbppcngeolgf
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [homepage] Smazáno: hxxp://www.yessearches.com/?mode=nnnb&ptid=dam ... C34oCHEsA0..


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7742 Bajty] - [28/04/2017 18:52:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [10044 Bajty] - [28/04/2017 18:49:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7889 Bajty] ##########

Re: Vypíná se prohlížeč, restartuje se PC

Napsal: 28 dub 2017 18:19
od Rudy
Dejte nový log RSIT.

Re: Vypíná se prohlížeč, restartuje se PC

Napsal: 28 dub 2017 18:32
od Kalashnikow88
Logfile of random's system information tool 1.14 (written by random/random)
Run by Radek at 2017-04-28 19:31:24
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 34 GB (24%) free of 145 GB
Total RAM: 3993 MB (23% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:31:29, on 28.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Bluestacks\HD-Agent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Users\Radek\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files (x86)\Everness\Application\chrome.exe
C:\Program Files\trend micro\Radek_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Viber] "C:\Users\Radek\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B3B6E01C1938511DBEAEB814D5F967BC] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_A48A36EBB8FD98192D8AFD811E8C3FA1] "C:\Program Files (x86)\Everness\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Plus Android Service (BstHdPlusAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EmbassyService - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\o2flash.exe (file missing)
O23 - Service: O2SDIOAssist - Unknown owner - C:\Windows\SysWOW64\srvany.exe
O23 - Service: Dell PBA x64 Service (PbaDrvSvc_x64) - Dell, Inc. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SI TSS v1.2.1.41 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WvPCR - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 14229 bytes

======Enumerating Processes======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Common Files\SPBA\upeksvr.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 28635104
\??\C:\Windows\system32\conhost.exe "174973917215274341502099520665877378336-19416313911754595090-10005936391347654510
C:\Windows\System32\spoolsv.exe
"C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe"
C:\Windows\system32\taskhost.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe"
C:\Windows\system32\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
"C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe"
C:\Windows\sysWOW64\SDIOAssist.exe
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe"
"C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
C:\Windows\System32\alg.exe
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
"C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe"
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Bluestacks\HD-Agent.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Program Files\AVAST Software\Avast\AvastUI.exe
"C:\Program Files (x86)\Everness\Application\chrome.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Users\Radek\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=watcher --main-thread-id=5300 --on-initialized-event-handle=340 --parent-handle=352 /prefetch:6
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=gpu-process --field-trial-handle=1104 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,18,19,20,23,41,61,74 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.3040 --gpu-driver-date=2-22-2013 --service-request-channel-token=094AC99A3A75C9B68B3926C14D22D388 --mojo-platform-channel-handle=1116 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1104 --primordial-pipe-token=B61B5F539B9CAB2E259C1E325E055B9F --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=B61B5F539B9CAB2E259C1E325E055B9F --renderer-client-id=4 --mojo-platform-channel-handle=2760 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1104 --primordial-pipe-token=9BCCCC35E581C8F0F1F92ABF301E1418 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=9BCCCC35E581C8F0F1F92ABF301E1418 --renderer-client-id=5 --mojo-platform-channel-handle=2376 /prefetch:1
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\SysWOW64\svchost.exe -k WerrSvcGroup
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1104 --primordial-pipe-token=518AA66549A139B9E8E1E67A1D6C7764 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=518AA66549A139B9E8E1E67A1D6C7764 --renderer-client-id=16 --mojo-platform-channel-handle=4084 /prefetch:1
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1104 --primordial-pipe-token=C4F13ADC5A7341A0F946BBF001A3A08B --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=C4F13ADC5A7341A0F946BBF001A3A08B --renderer-client-id=37 --mojo-platform-channel-handle=5376 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1104 --primordial-pipe-token=5CD64DB2BAE540E60F06B7349EB709D4 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=5CD64DB2BAE540E60F06B7349EB709D4 --renderer-client-id=40 --mojo-platform-channel-handle=4184 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1104 --primordial-pipe-token=AD3510A046B5F9A5BCEC648EA5631021 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=AD3510A046B5F9A5BCEC648EA5631021 --renderer-client-id=56 --mojo-platform-channel-handle=6300 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1104 --primordial-pipe-token=4CFCEC89DAC44BAB3F904F8833E53113 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=4CFCEC89DAC44BAB3F904F8833E53113 --renderer-client-id=63 --mojo-platform-channel-handle=7764 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1104 --primordial-pipe-token=B6F5EDEAFEEB02A11F5403CA5463CB8C --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=B6F5EDEAFEEB02A11F5403CA5463CB8C --renderer-client-id=68 --mojo-platform-channel-handle=5744 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1104 --primordial-pipe-token=ED5B8246EBAE0EB88021C151295D7BB4 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=ED5B8246EBAE0EB88021C151295D7BB4 --renderer-client-id=83 --mojo-platform-channel-handle=7756 /prefetch:1
"C:\Program Files (x86)\Everness\Application\chrome.exe" --type=renderer --field-trial-handle=1104 --primordial-pipe-token=D4940DD242FBAE8FCAF2763232A7F6A3 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-experimental-extension-apis --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=D4940DD242FBAE8FCAF2763232A7F6A3 --renderer-client-id=92 --mojo-platform-channel-handle=8228 /prefetch:1
"C:\Users\Radek\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-Radek-PC-Radek - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CorelUpdateHelperTask - C:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume
C:\Windows\system32\tasks\CorelUpdateHelperTaskCore - c:\Program Files (x86)\Corel\CUH\v2\CUH.exe /t
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\WSCEAA - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe -schedule
C:\Windows\system32\tasks\{11C1075B-6CF3-4A17-9521-D064B25C2678} - C:\Users\Radek\AppData\Local\Viber\Viber.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-330345402-810464471-2490009223-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs

=========Google Chrome=========


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2017-04-18 189288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2017-04-18 160192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"FreeFallProtection"=C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [2012-09-05 686744]
"IntelPROSet"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2013-07-17 4791024]
"IntelWirelessWiMAX"=C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [2010-11-14 1605632]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-03-14 172016]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-03-14 399856]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-03-14 442352]
"TdmNotify"=C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [2013-03-05 371024]
"DellAccessSystray"=C:\Program Files\Dell\Dell Data Protection\Access\DellAccessSysTray.exe [2013-03-11 101720]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2016-12-14 2776528]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-04-04 213824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"BlueStacks Agent"=C:\Program Files (x86)\Bluestacks\HD-Agent.exe [2016-08-11 978456]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2016-10-06 4557504]
"Viber"=C:\Users\Radek\AppData\Local\Viber\Viber.exe [2017-04-17 30676560]
"GoogleChromeAutoLaunch_B3B6E01C1938511DBEAEB814D5F967BC"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2017-04-19 1144664]
"GoogleChromeAutoLaunch_A48A36EBB8FD98192D8AFD811E8C3FA1"=C:\Program Files (x86)\Everness\Application\chrome.exe [2017-03-09 941912]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2012-08-17 2307944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2CD4F1CA-0597-11E7-9A3A-64006A5CFC35}"=C:\Users\Radek\AppData\Roaming\Gijerwardarement\Ckonagetoperght.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-04-28 18:47:53 ----D---- C:\Alitkojck
2017-04-27 19:07:16 ----D---- C:\Program Files (x86)\Everness
2017-04-26 19:18:21 ----D---- C:\Windows\psgo
2017-04-26 19:18:21 ----D---- C:\Program Files (x86)\MIO
2017-04-26 19:16:20 ----D---- C:\Program Files\MK
2017-04-26 19:16:17 ----D---- C:\Program Files (x86)\Jerjers
2017-04-26 19:16:15 ----D---- C:\Insist
2017-04-26 19:06:38 ----D---- C:\ProgramData\SWCUTemp
2017-04-12 20:37:13 ----D---- C:\Mobil DOOGEE
2017-04-11 20:12:39 ----A---- C:\Windows\system32\mshtml.dll
2017-04-11 20:12:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-04-11 20:12:36 ----A---- C:\Windows\system32\ieframe.dll
2017-04-11 20:12:35 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-04-11 20:12:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-04-11 20:12:34 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-04-11 20:12:34 ----A---- C:\Windows\system32\wuaueng.dll
2017-04-11 20:12:34 ----A---- C:\Windows\system32\wininet.dll
2017-04-11 20:12:34 ----A---- C:\Windows\system32\iertutil.dll
2017-04-11 20:12:33 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-04-11 20:12:33 ----A---- C:\Windows\system32\win32k.sys
2017-04-11 20:12:33 ----A---- C:\Windows\system32\ole32.dll
2017-04-11 20:12:32 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-04-11 20:12:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\wucltux.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\wuapi.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\win32spl.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\urlmon.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\ucrtbase.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\samsrv.dll
2017-04-11 20:12:32 ----A---- C:\Windows\system32\quartz.dll
2017-04-11 20:12:31 ----A---- C:\Windows\system32\msfeeds.dll
2017-04-11 20:12:31 ----A---- C:\Windows\system32\gdi32.dll
2017-04-11 20:12:31 ----A---- C:\Windows\system32\cdosys.dll
2017-04-11 20:12:31 ----A---- C:\Windows\system32\atmfd.dll
2017-04-11 20:12:30 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-04-11 20:12:30 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-04-11 20:12:30 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-04-11 20:12:30 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-04-11 20:12:30 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 20:12:29 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-11 20:12:29 ----A---- C:\Windows\system32\iedkcs32.dll
2017-04-11 20:12:29 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-04-11 20:12:29 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 20:12:29 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\jscript.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 20:12:28 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-11 20:12:27 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-04-11 20:12:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-04-11 20:12:26 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-04-11 20:12:26 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-04-11 20:12:26 ----A---- C:\Windows\system32\samlib.dll
2017-04-11 20:12:26 ----A---- C:\Windows\system32\ntdll.dll
2017-04-11 20:12:26 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-04-11 20:12:26 ----A---- C:\Windows\system32\jscript9.dll
2017-04-11 20:12:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-04-11 20:12:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-04-11 20:12:26 ----A---- C:\Windows\system32\asycfilt.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-04-11 20:12:25 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\wuwebv.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\wups2.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\wups.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\webcheck.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\vbscript.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\srcore.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\rpcrt4.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-04-11 20:12:25 ----A---- C:\Windows\system32\ie4uinit.exe
2017-04-11 20:12:25 ----A---- C:\Windows\system32\certcli.dll
2017-04-11 20:12:24 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-04-11 20:12:24 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-04-11 20:12:24 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\wudriver.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\wuauclt.exe
2017-04-11 20:12:24 ----A---- C:\Windows\system32\srclient.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\lsasrv.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\ieui.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\ieapfltr.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\dxtrans.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\dxtmsft.dll
2017-04-11 20:12:24 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-04-11 20:12:23 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\smss.exe
2017-04-11 20:12:23 ----A---- C:\Windows\system32\rstrui.exe
2017-04-11 20:12:23 ----A---- C:\Windows\system32\msrating.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\mshtmled.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\kernel32.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\kerberos.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\jscript9diag.dll
2017-04-11 20:12:23 ----A---- C:\Windows\system32\advapi32.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-04-11 20:12:22 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\wuapp.exe
2017-04-11 20:12:22 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\wow64win.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\wow64.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\winsrv.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\wdigest.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\TSpkg.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\sspicli.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\schannel.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\occache.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\ncrypt.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\msv1_0.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-11 20:12:22 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\KernelBase.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\jsproxy.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\inseng.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\ieUnatt.exe
2017-04-11 20:12:22 ----A---- C:\Windows\system32\iesetup.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-04-11 20:12:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-04-11 20:12:22 ----A---- C:\Windows\system32\conhost.exe
2017-04-11 20:12:22 ----A---- C:\Windows\system32\bcrypt.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-04-11 20:12:21 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\wow64cpu.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\sspisrv.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\rpchttp.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\lsass.exe
2017-04-11 20:12:21 ----A---- C:\Windows\system32\lpk.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\iernonce.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-04-11 20:12:21 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-04-11 20:12:21 ----A---- C:\Windows\system32\drivers\appid.sys
2017-04-11 20:12:21 ----A---- C:\Windows\system32\csrsrv.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\cryptbase.dll
2017-04-11 20:12:21 ----A---- C:\Windows\system32\cdd.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 20:12:20 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\user.exe
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-04-11 20:12:20 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\tzres.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\secur32.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\ntvdm64.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\fontsub.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\dciman32.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\credssp.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\auditpol.exe
2017-04-11 20:12:20 ----A---- C:\Windows\system32\atmlib.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\appidsvc.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-04-11 20:12:20 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-04-11 20:12:20 ----A---- C:\Windows\system32\appidapi.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\apisetschema.dll
2017-04-11 20:12:20 ----A---- C:\Windows\system32\adtschema.dll
2017-04-11 20:12:19 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-04-11 20:12:19 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-04-11 20:12:19 ----A---- C:\Windows\system32\msobjs.dll
2017-04-11 20:12:19 ----A---- C:\Windows\system32\msaudite.dll
2017-04-11 20:12:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-04-09 21:16:37 ----D---- C:\Program Files (x86)\Haali
2017-04-09 21:12:47 ----A---- C:\Windows\SYSWOW64\ff_vfw.dll
2017-04-09 21:12:46 ----D---- C:\Program Files (x86)\ffdshow
2017-04-09 20:56:32 ----D---- C:\Users\Radek\AppData\Roaming\dvdcss
2017-04-04 17:21:32 ----A---- C:\Windows\system32\aswBoot.exe

======List of files/folders modified in the last 1 month======

2017-04-28 19:31:26 ----D---- C:\Program Files\trend micro
2017-04-28 19:25:26 ----D---- C:\Windows\Temp
2017-04-28 19:25:04 ----D---- C:\Windows\system32\Tasks
2017-04-28 19:10:11 ----D---- C:\Windows\system32\config
2017-04-28 19:02:42 ----D---- C:\Windows\system32\drivers
2017-04-28 19:00:36 ----D---- C:\Windows\System32
2017-04-28 19:00:36 ----D---- C:\Windows\inf
2017-04-28 19:00:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-28 18:58:15 ----D---- C:\Users\Radek\AppData\Roaming\ViberPC
2017-04-28 18:57:28 ----A---- C:\Windows\SYSWOW64\log.txt
2017-04-28 18:54:15 ----SHD---- C:\Config.Msi
2017-04-28 18:52:46 ----D---- C:\AdwCleaner
2017-04-28 18:52:10 ----RD---- C:\Program Files (x86)
2017-04-28 18:48:15 ----SHD---- C:\Windows\Installer
2017-04-28 18:42:21 ----D---- C:\Windows\system32\NDF
2017-04-27 19:50:11 ----D---- C:\rsit
2017-04-27 19:09:40 ----D---- C:\Windows\SysWOW64
2017-04-27 19:07:50 ----D---- C:\Users\Radek\AppData\Roaming\Mozilla
2017-04-27 19:07:24 ----D---- C:\ProgramData\Apple
2017-04-26 19:18:21 ----D---- C:\Windows
2017-04-26 19:16:20 ----RD---- C:\Program Files
2017-04-26 19:06:55 ----D---- C:\Windows\Prefetch
2017-04-26 19:06:38 ----HD---- C:\ProgramData
2017-04-23 19:12:45 ----D---- C:\Program Files (x86)\Common Files
2017-04-23 18:49:31 ----D---- C:\Program Files (x86)\McAfee
2017-04-19 19:26:26 ----HD---- C:\Windows\system32\WLANProfiles
2017-04-13 22:45:22 ----D---- C:\Windows\rescache
2017-04-12 22:37:40 ----D---- C:\Windows\Microsoft.NET
2017-04-12 21:04:24 ----RSD---- C:\Windows\assembly
2017-04-12 20:30:06 ----D---- C:\Windows\winsxs
2017-04-12 20:25:51 ----D---- C:\Program Files\Internet Explorer
2017-04-12 20:25:50 ----D---- C:\Windows\SYSWOW64\en-US
2017-04-12 20:25:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-04-12 20:25:48 ----D---- C:\Windows\system32\cs-CZ
2017-04-12 20:25:47 ----D---- C:\Windows\system32\en-US
2017-04-12 20:25:43 ----D---- C:\Windows\AppPatch
2017-04-12 20:25:43 ----D---- C:\Program Files (x86)\Internet Explorer
2017-04-12 20:25:41 ----D---- C:\Windows\system32\Boot
2017-04-11 22:14:43 ----D---- C:\ProgramData\Microsoft Help
2017-04-11 22:09:56 ----D---- C:\Windows\system32\MRT
2017-04-11 22:05:20 ----AC---- C:\Windows\system32\MRT.exe
2017-04-11 22:01:35 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-04-11 21:58:31 ----SHD---- C:\System Volume Information
2017-04-11 20:07:14 ----D---- C:\Windows\system32\catroot2
2017-03-29 18:33:18 ----D---- C:\Windows\system32\wdi

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-04-04 189768]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-04-04 334088]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-04-04 48528]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-04-04 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-04-04 339696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-12-04 213888]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdcfltn.sys [2011-07-15 22128]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-04-04 307736]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-04-04 101152]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-04-04 1005048]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-04-28 556784]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2012-12-04 514560]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\Windows\system32\drivers\mbae64.sys [2017-04-19 77440]
R1 QuickCryptoOTFE;QuickCryptoOTFE; C:\Windows\system32\DRIVERS\QuickCryptoOTFE-x64.sys [2013-11-23 233648]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-04-28 128648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-04-04 164064]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [2017-01-12 176064]
R3 Acceler;Accelerometer Service; C:\Windows\system32\DRIVERS\accelern.sys [2012-05-23 27760]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator; C:\Windows\system32\DRIVERS\bpenum.sys [2010-10-25 75264]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2016-05-28 349736]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2016-05-28 107560]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2016-05-28 138280]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2016-05-28 39464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2016-05-28 21416]
R3 dcdbas;System Management Driver; C:\Windows\system32\DRIVERS\dcdbas64.sys [2012-09-23 39016]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-11-10 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-11-10 47672]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-02-22 5358016]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-02-27 342528]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2017-04-28 251832]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-01-23 57376]
R3 mfesapsn;McAfee Process Start Notification Service; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2016-06-06 46240]
R3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwsw00.sys [2013-05-29 11524096]
R3 O2MDRRDR;O2MDRRDR; C:\Windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
R3 O2SDJRDR;O2SDJRDR; C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [2011-11-14 84712]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-04-04 38296]
S3 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [2016-08-11 152672]
S3 BstkDrv;BlueStacks Plus Hypervisor; \??\C:\Program Files (x86)\Bluestacks\BstkDrv.sys [2016-07-28 307768]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\DRIVERS\dmvsc.sys [2012-12-04 71168]
S3 MBAMFarflt;MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [2017-01-24 102856]
S3 MBAMProtection;MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [2017-01-24 43968]
S3 MBAMWebProtection;MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [2017-01-24 81696]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2012-12-04 165888]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2012-12-04 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2012-12-04 109056]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2012-12-04 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-12-04 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\DRIVERS\TsUsbGD.sys [2012-12-04 31232]
S3 vmbus;vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [2012-12-04 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2012-12-04 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-02-02 82640]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-04-04 261712]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [2016-08-11 425496]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-10-27 957216]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]
R2 EmbassyService;EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2013-03-11 231792]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2013-07-17 626416]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-01-23 327672]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2016-12-14 4317648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2017-04-18 188264]
R2 O2FLASH;O2FLASH; C:\Windows\system32\o2flash.exe [2011-11-16 244328]
R2 O2SDIOAssist;O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [2003-04-19 8192]
R2 PbaDrvSvc_x64;Dell PBA x64 Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [2013-01-21 21504]
R2 PSI_SVC_2;Corel License Validation Service V2, Powered by arvato; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 277360]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2013-07-17 149744]
R2 TdmService;TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2013-03-05 5159760]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-01-23 2595832]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2013-02-26 1773056]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-04-04 7398336]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2016-10-06 1468608]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S2 AppleCloudSvc;Apple Cloud Service; %SystemRoot%\System32\svchost.exe -k WerrSvcGroup;"ServiceDll"=C:\ProgramData\Apple\Common\Cloud\WinHelper.dll
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-20 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-20 125064]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-10 153752]
S2 tcsd_win32.exe;SI TSS v1.2.1.41 TCS; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [2012-05-11 1643520]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 BstHdAndroidSvc;BlueStacks Android Service ; C:\Program Files (x86)\Bluestacks\HD-Service.exe [2016-08-11 445976]
S3 BstHdPlusAndroidSvc;BlueStacks Plus Android Service ; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [2016-08-11 462360]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-03-14 279024]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2017-03-12 1484080]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [2017-03-12 1074480]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-10 153752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-25 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-07-17 273136]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 SecureStorageService;SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2013-02-01 2215272]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2017-03-12 79360]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\system32\storsvc.dll
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-05-31 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-20 51320]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]

-----------------EOF-----------------

Re: Vypíná se prohlížeč, restartuje se PC

Napsal: 28 dub 2017 19:11
od Rudy
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
C:\Program Files (x86)\Jerjers

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.

Re: Vypíná se prohlížeč, restartuje se PC

Napsal: 28 dub 2017 19:38
od Kalashnikow88
All processes killed
========== FILES ==========
File/Folder C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore not found.
File/Folder C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA not found.
C:\Program Files (x86)\Jerjers\_ALLOWDEL_57c7950 folder moved successfully.
C:\Program Files (x86)\Jerjers\_ALLOWDEL_57c41fb folder moved successfully.
C:\Program Files (x86)\Jerjers folder moved successfully.
========== REGISTRY ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Radek
->Temp folder emptied: 178554895 bytes
->Temporary Internet Files folder emptied: 96476508 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41726559 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11817088 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 69269 bytes

Total Files Cleaned = 313,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Radek
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 04282017_201912

Files moved on Reboot...
C:\Users\Radek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Radek\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Re: Vypíná se prohlížeč, restartuje se PC

Napsal: 28 dub 2017 19:56
od Rudy
Smazáno. Nastala nějaká změna?

Re: Vypíná se prohlížeč, restartuje se PC

Napsal: 28 dub 2017 19:57
od Kalashnikow88
zatim vsechno v poradku. dekuji moc. co bylo za problem prosim?

Re: Vypíná se prohlížeč, restartuje se PC

Napsal: 28 dub 2017 20:01
od Rudy
Byl tam troják. Dál už jen pár zbytečností. Smazali jsme.

Re: Vypíná se prohlížeč, restartuje se PC

Napsal: 28 dub 2017 20:02
od Kalashnikow88
Diky

Re: Vypíná se prohlížeč, restartuje se PC

Napsal: 28 dub 2017 21:01
od Rudy
Nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz