Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola - keylogger/hw
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Ve dnech 5.9. - 7.9.2025 budou někteří z nás na každoročním srazu teamu našeho fóra. V této době se může stát, že budete o něco déle čekat na naší odezvu. Děkujeme a omlouváme se.
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Ve dnech 5.9. - 7.9.2025 budou někteří z nás na každoročním srazu teamu našeho fóra. V této době se může stát, že budete o něco déle čekat na naší odezvu. Děkujeme a omlouváme se.
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola - keylogger/hw
Ještě jednou totéž. Spusťte tuto utilitu:
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola - keylogger/hw
# AdwCleaner v6.042 - Log vytvořen 08/01/2017 v 18:05:04
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-06.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Haswell - HASWELL-PC
# Spuštěno z : C:\Users\Haswell\Downloads\adwcleaner_6.042.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Nebyly nalezeny žádné škodlivé služby.
***** [ Složky ] *****
Nebyly nalezeny žádné škodlivé složky.
***** [ Soubory ] *****
Nebyly nalezeny žádné škodlivé soubory.
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Nebyly nalezeny žádné škodlivé položky registru.
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [1386 Bajty] - [08/01/2017 18:05:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1459 Bajty] ##########
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-06.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Haswell - HASWELL-PC
# Spuštěno z : C:\Users\Haswell\Downloads\adwcleaner_6.042.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Nebyly nalezeny žádné škodlivé služby.
***** [ Složky ] *****
Nebyly nalezeny žádné škodlivé složky.
***** [ Soubory ] *****
Nebyly nalezeny žádné škodlivé soubory.
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Nebyly nalezeny žádné škodlivé položky registru.
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [1386 Bajty] - [08/01/2017 18:05:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1459 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola - keylogger/hw
Toto je OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
Proč spouštíte ComboFix, profi utilitu určenou pouze profesionálům? Laik si jím může poškodit systém. V tomto případě mohl CF smazat všechny stopy po případné nákaze a log RSIT daný po jeho použtí je pak neprůkazný.
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.:commands
[Purity]
[Emptytemp]
[Emptyflash]
Proč spouštíte ComboFix, profi utilitu určenou pouze profesionálům? Laik si jím může poškodit systém. V tomto případě mohl CF smazat všechny stopy po případné nákaze a log RSIT daný po jeho použtí je pak neprůkazný.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola - keylogger/hw
Skoro vždy než začnu psát se mi objeví tento znak -> ¨
Logfile of random's system information tool 1.10 (written by random/random)
Run by Haswell at 2017-01-08 19:16:36
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 62 GB (51%) free of 122 GB
Total RAM: 8131 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:37, on 8.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal
Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
D:\Steam\Steam.exe
G:\uTorrent\uTorrent.exe
D:\Origin\Origin.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
D:\Origin\QtWebEngineProcess.exe
D:\Origin\QtWebEngineProcess.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Haswell.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "G:\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [EADM] "D:\Origin\Origin.exe" -AutoStart
O4 - Startup: Poslat do aplikace OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.hola.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{677885F4-F7EF-437C-A424-151D8DAEEC4D}: NameServer = 8.8.8.8,8.8.8.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{677885F4-F7EF-437C-A424-151D8DAEEC4D}: NameServer = 8.8.8.8,8.8.8.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{677885F4-F7EF-437C-A424-151D8DAEEC4D}: NameServer = 8.8.8.8,8.8.8.1
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - D:\Origin\OriginWebHelperService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9508 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
C:\Windows\system32\IProsetMonitor.exe
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"taskhost.exe"
taskeng.exe {1C5F1AAD-7573-4E78-A8AD-B99D794A5AA8}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {A9FA4AAB-9BC0-4DD9-8F67-199502551D8B}
"C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1215584058-34288579-138449901964802962-1620895435-1596163932-9416271581990792374
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\01082017_191003.log
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 868 872 880 65536 876
"D:\Steam\Steam.exe" -silent
"G:\uTorrent\uTorrent.exe"
"D:\Origin\Origin.exe" -AutoStart
"C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
D:\Steam\bin\cef\cef.win7\steamwebhelper.exe "-cachedir=C:\Users\Haswell\AppData\Local\Steam\htmlcache" "-steampid=3212" "-buildid=1482202200" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --disable-spell-checking --disable-out-of-process-pac --disable-smooth-scrolling --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
D:\Steam\bin\cef\cef.win7\steamwebhelper.exe --type=crashpad-handler /prefetch:7 "--database=C:\Users\Haswell\AppData\Local\Chromium\User Data\Crashpad" "--metrics-dir=C:\Users\Haswell\AppData\Local\Chromium\User Data" --annotation=channel= --annotation=plat=Win32 --annotation=prod= --annotation=ver=01.00.00.01-devel --handshake-handle=0x2e8
"C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --alertsUI
"D:\Origin\OriginWebHelperService.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"D:\Origin\QtWebEngineProcess.exe" --type=renderer --enable-threaded-compositing --no-sandbox --disable-databases --lang=en --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="1084.4.521417460\413935992" /prefetch:673131151
"D:\Origin\QtWebEngineProcess.exe" --type=renderer --enable-threaded-compositing --no-sandbox --lang=en --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="1084.8.738840572\882010733" /prefetch:673131151
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
consent.exe 716 364 0000000004BB6810
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Haswell\Desktop\junk\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Haswell\AppData\Roaming\Mozilla\Firefox\Profiles\xi4h5w5l.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.186 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.186 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-30 214216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-10-30 683808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30 2850608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-30 438048]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27 1610936]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-10-02 2398776]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-06-15 1767760]
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2016-12-31 2776528]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Steam\steam.exe [2016-12-20 2876704]
"uTorrent"=G:\uTorrent\uTorrent.exe [2015-08-23 328568]
"EADM"=D:\Origin\Origin.exe [2016-12-06 3044848]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2016-12-22 25779624]
C:\Users\Haswell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Poslat do aplikace OneNote.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x00000000
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
Logfile of random's system information tool 1.10 (written by random/random)
Run by Haswell at 2017-01-08 19:16:36
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 62 GB (51%) free of 122 GB
Total RAM: 8131 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:37, on 8.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal
Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
D:\Steam\Steam.exe
G:\uTorrent\uTorrent.exe
D:\Origin\Origin.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
D:\Origin\QtWebEngineProcess.exe
D:\Origin\QtWebEngineProcess.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Haswell.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "G:\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [EADM] "D:\Origin\Origin.exe" -AutoStart
O4 - Startup: Poslat do aplikace OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.hola.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{677885F4-F7EF-437C-A424-151D8DAEEC4D}: NameServer = 8.8.8.8,8.8.8.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{677885F4-F7EF-437C-A424-151D8DAEEC4D}: NameServer = 8.8.8.8,8.8.8.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{677885F4-F7EF-437C-A424-151D8DAEEC4D}: NameServer = 8.8.8.8,8.8.8.1
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - D:\Origin\OriginWebHelperService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9508 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
C:\Windows\system32\IProsetMonitor.exe
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"taskhost.exe"
taskeng.exe {1C5F1AAD-7573-4E78-A8AD-B99D794A5AA8}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {A9FA4AAB-9BC0-4DD9-8F67-199502551D8B}
"C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1215584058-34288579-138449901964802962-1620895435-1596163932-9416271581990792374
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\01082017_191003.log
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 868 872 880 65536 876
"D:\Steam\Steam.exe" -silent
"G:\uTorrent\uTorrent.exe"
"D:\Origin\Origin.exe" -AutoStart
"C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
D:\Steam\bin\cef\cef.win7\steamwebhelper.exe "-cachedir=C:\Users\Haswell\AppData\Local\Steam\htmlcache" "-steampid=3212" "-buildid=1482202200" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --disable-spell-checking --disable-out-of-process-pac --disable-smooth-scrolling --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
D:\Steam\bin\cef\cef.win7\steamwebhelper.exe --type=crashpad-handler /prefetch:7 "--database=C:\Users\Haswell\AppData\Local\Chromium\User Data\Crashpad" "--metrics-dir=C:\Users\Haswell\AppData\Local\Chromium\User Data" --annotation=channel= --annotation=plat=Win32 --annotation=prod= --annotation=ver=01.00.00.01-devel --handshake-handle=0x2e8
"C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --alertsUI
"D:\Origin\OriginWebHelperService.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"D:\Origin\QtWebEngineProcess.exe" --type=renderer --enable-threaded-compositing --no-sandbox --disable-databases --lang=en --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="1084.4.521417460\413935992" /prefetch:673131151
"D:\Origin\QtWebEngineProcess.exe" --type=renderer --enable-threaded-compositing --no-sandbox --lang=en --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="1084.8.738840572\882010733" /prefetch:673131151
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
consent.exe 716 364 0000000004BB6810
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Haswell\Desktop\junk\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Haswell\AppData\Roaming\Mozilla\Firefox\Profiles\xi4h5w5l.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.186 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.186 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-30 214216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-10-30 683808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30 2850608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-30 438048]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27 1610936]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-10-02 2398776]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-06-15 1767760]
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2016-12-31 2776528]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Steam\steam.exe [2016-12-20 2876704]
"uTorrent"=G:\uTorrent\uTorrent.exe [2015-08-23 328568]
"EADM"=D:\Origin\Origin.exe [2016-12-06 3044848]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2016-12-22 25779624]
C:\Users\Haswell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Poslat do aplikace OneNote.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x00000000
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
Re: kontrola - keylogger/hw
======List of files/folders created in the last 1 month======
2017-01-08 19:10:03 ----D---- C:\_OTM
2017-01-08 17:40:34 ----D---- C:\rsit
2017-01-08 17:40:34 ----D---- C:\Program Files\trend micro
2017-01-04 20:38:35 ----SHD---- C:\$RECYCLE.BIN
2017-01-04 20:38:26 ----A---- C:\ComboFix.txt
2017-01-04 20:27:04 ----A---- C:\Windows\zip.exe
2017-01-04 20:27:04 ----A---- C:\Windows\SWSC.exe
2017-01-04 20:27:04 ----A---- C:\Windows\SWREG.exe
2017-01-04 20:27:04 ----A---- C:\Windows\sed.exe
2017-01-04 20:27:04 ----A---- C:\Windows\PEV.exe
2017-01-04 20:27:04 ----A---- C:\Windows\NIRCMD.exe
2017-01-04 20:27:04 ----A---- C:\Windows\MBR.exe
2017-01-04 20:27:04 ----A---- C:\Windows\grep.exe
2017-01-04 20:25:04 ----D---- C:\Qoobox
2017-01-04 20:24:31 ----D---- C:\Windows\erdnt
2017-01-04 20:11:15 ----D---- C:\FRST
2017-01-04 19:56:15 ----D---- C:\AdwCleaner
2017-01-04 14:58:51 ----D---- C:\KVRT_Data
2016-12-31 10:52:58 ----A---- C:\Windows\system32\drivers\MBAMChameleon.sys
2016-12-31 10:52:42 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-12-31 10:52:42 ----A---- C:\Windows\system32\drivers\farflt.sys
2016-12-31 10:52:40 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-12-31 10:52:32 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-12-31 10:52:27 ----A---- C:\Windows\system32\drivers\mbae64.sys
2016-12-31 10:52:25 ----D---- C:\Program Files\Malwarebytes
2016-12-27 10:34:31 ----D---- C:\Users\Haswell\AppData\Roaming\NVIDIA
2016-12-21 19:15:36 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2016-12-21 19:15:36 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2016-12-21 19:15:36 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2016-12-21 19:15:36 ----A---- C:\Windows\system32\DbxSvc.exe
2016-12-14 23:08:31 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-12-14 23:08:31 ----A---- C:\Windows\system32\mshtml.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\msi.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\wintrust.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\winload.exe
2016-12-14 23:08:30 ----A---- C:\Windows\system32\wininet.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\win32k.sys
2016-12-14 23:08:30 ----A---- C:\Windows\system32\usp10.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\user32.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-12-14 23:08:30 ----A---- C:\Windows\system32\msi.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\jscript9.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\ieframe.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\iedkcs32.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\gdi32.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\drivers\cng.sys
2016-12-14 23:08:30 ----A---- C:\Windows\system32\crypt32.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\consent.exe
2016-12-14 23:08:30 ----A---- C:\Windows\system32\clfs.sys
2016-12-14 23:08:30 ----A---- C:\Windows\system32\bcrypt.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\bcdedit.exe
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\usp10.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\user32.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\nlsbres.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\hlink.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\authui.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\wow64win.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\winsrv.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\webcheck.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\vbscript.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\urlmon.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\TSpkg.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\srcore.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\smss.exe
2016-12-14 23:08:29 ----A---- C:\Windows\system32\schannel.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\rpcrt4.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\occache.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\ntdll.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\nlsbres.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\ncrypt.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\msv1_0.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 23:08:29 ----A---- C:\Windows\system32\msrating.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\msihnd.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\msiexec.exe
2016-12-14 23:08:29 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\mshtmled.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\msfeeds.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\lsasrv.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\KernelBase.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\kernel32.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\kerberos.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\jsproxy.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\jscript9diag.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\jscript.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\inseng.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\ieUnatt.exe
2016-12-14 23:08:29 ----A---- C:\Windows\system32\ieui.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\iesetup.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\iertutil.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\ieapfltr.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\hlink.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\dxtrans.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\dxtmsft.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-12-14 23:08:29 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-12-14 23:08:29 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-12-14 23:08:29 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-12-14 23:08:29 ----A---- C:\Windows\system32\cryptsvc.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\cryptnet.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\certcli.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\authui.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\appinfo.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\advapi32.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\user.exe
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\wow64cpu.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\wow64.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\wdigest.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\tzres.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\sspisrv.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\sspicli.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\srclient.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\secur32.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\rstrui.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\rpchttp.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\ntvdm64.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\msobjs.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\msimsg.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\msaudite.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\lsass.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\iernonce.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\ie4uinit.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-12-14 23:08:28 ----A---- C:\Windows\system32\drivers\appid.sys
2016-12-14 23:08:28 ----A---- C:\Windows\system32\csrsrv.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\cryptbase.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\credssp.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\conhost.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\auditpol.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\appidsvc.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\appidapi.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\apisetschema.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\adtschema.dll
2016-12-11 19:47:34 ----D---- C:\Program Files\7-Zip
======List of files/folders modified in the last 1 month======
2017-01-08 19:16:37 ----D---- C:\Windows\Temp
2017-01-08 19:15:32 ----D---- C:\Users\Haswell\AppData\Roaming\Origin
2017-01-08 19:15:31 ----D---- C:\Users\Haswell\AppData\Roaming\uTorrent
2017-01-08 19:15:11 ----D---- C:\ProgramData\Origin
2017-01-08 19:13:21 ----D---- C:\Windows\system32\config
2017-01-08 19:13:17 ----D---- C:\Users\Haswell\AppData\Roaming\TS3Client
2017-01-08 17:40:34 ----RD---- C:\Program Files
2017-01-07 10:39:21 ----D---- C:\Program Files (x86)\Battle.net
2017-01-07 08:59:40 ----D---- C:\Windows\System32
2017-01-07 08:59:40 ----D---- C:\Windows\inf
2017-01-07 08:59:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-06 17:08:28 ----SHD---- C:\System Volume Information
2017-01-05 15:27:37 ----D---- C:\KMPlayer
2017-01-05 15:03:08 ----D---- C:\Users\Haswell\AppData\Roaming\avidemux
2017-01-04 20:35:48 ----D---- C:\Windows
2017-01-04 20:35:48 ----A---- C:\Windows\system.ini
2017-01-04 20:31:54 ----D---- C:\Windows\SYSWOW64\drivers
2017-01-04 20:31:54 ----D---- C:\Windows\SysWOW64
2017-01-04 20:31:54 ----D---- C:\Windows\AppPatch
2017-01-04 20:31:53 ----D---- C:\Program Files (x86)\Common Files
2017-01-04 20:25:06 ----D---- C:\Windows\system32\drivers
2017-01-04 20:24:26 ----A---- C:\Windows\SWXCACLS.exe
2017-01-04 20:02:10 ----RD---- C:\Program Files (x86)
2017-01-03 13:49:27 ----D---- C:\ProgramData\NVIDIA Corporation
2016-12-31 10:52:25 ----D---- C:\ProgramData\Malwarebytes
2016-12-22 07:04:17 ----D---- C:\Program Files (x86)\Dropbox
2016-12-21 20:25:29 ----D---- C:\Windows\system32\NDF
2016-12-16 23:09:19 ----SHD---- C:\Windows\Installer
2016-12-16 23:04:01 ----D---- C:\Windows\Tasks
2016-12-15 16:28:34 ----D---- C:\Windows\rescache
2016-12-15 15:58:56 ----D---- C:\Windows\Microsoft.NET
2016-12-15 15:58:06 ----RSD---- C:\Windows\assembly
2016-12-15 07:40:59 ----D---- C:\Windows\winsxs
2016-12-15 07:40:12 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-15 07:40:12 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-12-14 23:30:40 ----D---- C:\Windows\SYSWOW64\en-US
2016-12-14 23:30:40 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-12-14 23:30:40 ----D---- C:\Windows\system32\en-US
2016-12-14 23:30:40 ----D---- C:\Windows\system32\cs-CZ
2016-12-14 23:30:40 ----D---- C:\Program Files\Internet Explorer
2016-12-14 23:30:40 ----D---- C:\Program Files (x86)\Internet Explorer
2016-12-14 23:30:39 ----D---- C:\Windows\system32\Boot
2016-12-14 23:12:53 ----D---- C:\Windows\system32\MRT
2016-12-14 23:12:00 ----AC---- C:\Windows\system32\MRT.exe
2016-12-14 23:11:08 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2016-12-14 22:13:53 ----D---- C:\Windows\system32\catroot2
2016-12-13 21:32:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-12-13 21:32:34 ----D---- C:\Windows\system32\Macromed
2016-12-13 21:32:33 ----D---- C:\Windows\SYSWOW64\Macromed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2016-08-31 31648]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [2016-08-31 830624]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2016-08-31 56976]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2016-08-31 116248]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [2016-12-31 176064]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D; C:\Windows\system32\DRIVERS\e1d62x64.sys [2013-02-27 496400]
R3 MBAMFarflt;MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [2017-01-08 102856]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2017-01-08 250816]
R3 MBAMWebProtection;MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [2017-01-08 81696]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-01-11 64624]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2016-10-02 149968]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-15 28216]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-10-02 56384]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [2015-12-16 117768]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MBAMProtection;MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [2017-01-08 43968]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-11-22 3294912]
R2 CmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2016-09-30 5817256]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2016-12-22 42096]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-09-17 1165368]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2013-01-03 183200]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2016-12-31 4317648]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-09-17 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-09-17 2522680]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-10-02 1364024]
R2 Origin Web Helper Service;Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [2016-12-06 2180624]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-08-24 76152]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-09-17 3634232]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-12-20 1467168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-12-14 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-12-14 125112]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-20 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-28 154440]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13 270936]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2016-09-30 2271928]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-20 143144]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-28 154440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-12-14 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-12-14 172488]
S3 Origin Client Service;Origin Client Service; D:\Origin\OriginClientService.exe [2016-12-06 2119688]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-11-22 209104]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2016-03-28 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-21 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-12-14 51384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-12-14 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-12-14 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-12-14 135848]
-----------------EOF-----------------
2017-01-08 19:10:03 ----D---- C:\_OTM
2017-01-08 17:40:34 ----D---- C:\rsit
2017-01-08 17:40:34 ----D---- C:\Program Files\trend micro
2017-01-04 20:38:35 ----SHD---- C:\$RECYCLE.BIN
2017-01-04 20:38:26 ----A---- C:\ComboFix.txt
2017-01-04 20:27:04 ----A---- C:\Windows\zip.exe
2017-01-04 20:27:04 ----A---- C:\Windows\SWSC.exe
2017-01-04 20:27:04 ----A---- C:\Windows\SWREG.exe
2017-01-04 20:27:04 ----A---- C:\Windows\sed.exe
2017-01-04 20:27:04 ----A---- C:\Windows\PEV.exe
2017-01-04 20:27:04 ----A---- C:\Windows\NIRCMD.exe
2017-01-04 20:27:04 ----A---- C:\Windows\MBR.exe
2017-01-04 20:27:04 ----A---- C:\Windows\grep.exe
2017-01-04 20:25:04 ----D---- C:\Qoobox
2017-01-04 20:24:31 ----D---- C:\Windows\erdnt
2017-01-04 20:11:15 ----D---- C:\FRST
2017-01-04 19:56:15 ----D---- C:\AdwCleaner
2017-01-04 14:58:51 ----D---- C:\KVRT_Data
2016-12-31 10:52:58 ----A---- C:\Windows\system32\drivers\MBAMChameleon.sys
2016-12-31 10:52:42 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-12-31 10:52:42 ----A---- C:\Windows\system32\drivers\farflt.sys
2016-12-31 10:52:40 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-12-31 10:52:32 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-12-31 10:52:27 ----A---- C:\Windows\system32\drivers\mbae64.sys
2016-12-31 10:52:25 ----D---- C:\Program Files\Malwarebytes
2016-12-27 10:34:31 ----D---- C:\Users\Haswell\AppData\Roaming\NVIDIA
2016-12-21 19:15:36 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2016-12-21 19:15:36 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2016-12-21 19:15:36 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2016-12-21 19:15:36 ----A---- C:\Windows\system32\DbxSvc.exe
2016-12-14 23:08:31 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-12-14 23:08:31 ----A---- C:\Windows\system32\mshtml.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\msi.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2016-12-14 23:08:30 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\wintrust.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\winload.exe
2016-12-14 23:08:30 ----A---- C:\Windows\system32\wininet.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\win32k.sys
2016-12-14 23:08:30 ----A---- C:\Windows\system32\usp10.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\user32.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-12-14 23:08:30 ----A---- C:\Windows\system32\msi.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\jscript9.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\ieframe.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\iedkcs32.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\gdi32.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\drivers\cng.sys
2016-12-14 23:08:30 ----A---- C:\Windows\system32\crypt32.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\consent.exe
2016-12-14 23:08:30 ----A---- C:\Windows\system32\clfs.sys
2016-12-14 23:08:30 ----A---- C:\Windows\system32\bcrypt.dll
2016-12-14 23:08:30 ----A---- C:\Windows\system32\bcdedit.exe
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\usp10.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\user32.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\nlsbres.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\hlink.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\authui.dll
2016-12-14 23:08:29 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\wow64win.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\winsrv.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\webcheck.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\vbscript.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\urlmon.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\TSpkg.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\srcore.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\smss.exe
2016-12-14 23:08:29 ----A---- C:\Windows\system32\schannel.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\rpcrt4.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\occache.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\ntdll.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\nlsbres.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\ncrypt.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\msv1_0.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 23:08:29 ----A---- C:\Windows\system32\msrating.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\msihnd.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\msiexec.exe
2016-12-14 23:08:29 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\mshtmled.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\msfeeds.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\lsasrv.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\KernelBase.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\kernel32.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\kerberos.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\jsproxy.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\jscript9diag.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\jscript.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\inseng.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\ieUnatt.exe
2016-12-14 23:08:29 ----A---- C:\Windows\system32\ieui.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\iesetup.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\iertutil.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\ieapfltr.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\hlink.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\dxtrans.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\dxtmsft.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-12-14 23:08:29 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-12-14 23:08:29 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-12-14 23:08:29 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-12-14 23:08:29 ----A---- C:\Windows\system32\cryptsvc.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\cryptnet.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\certcli.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\authui.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\appinfo.dll
2016-12-14 23:08:29 ----A---- C:\Windows\system32\advapi32.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 23:08:28 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\user.exe
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-12-14 23:08:28 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\wow64cpu.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\wow64.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\wdigest.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\tzres.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\sspisrv.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\sspicli.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\srclient.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\secur32.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\rstrui.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\rpchttp.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\ntvdm64.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\msobjs.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\msimsg.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\msaudite.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\lsass.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\iernonce.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\ie4uinit.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-12-14 23:08:28 ----A---- C:\Windows\system32\drivers\appid.sys
2016-12-14 23:08:28 ----A---- C:\Windows\system32\csrsrv.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\cryptbase.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\credssp.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\conhost.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\auditpol.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\appidsvc.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 23:08:28 ----A---- C:\Windows\system32\appidapi.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\apisetschema.dll
2016-12-14 23:08:28 ----A---- C:\Windows\system32\adtschema.dll
2016-12-11 19:47:34 ----D---- C:\Program Files\7-Zip
======List of files/folders modified in the last 1 month======
2017-01-08 19:16:37 ----D---- C:\Windows\Temp
2017-01-08 19:15:32 ----D---- C:\Users\Haswell\AppData\Roaming\Origin
2017-01-08 19:15:31 ----D---- C:\Users\Haswell\AppData\Roaming\uTorrent
2017-01-08 19:15:11 ----D---- C:\ProgramData\Origin
2017-01-08 19:13:21 ----D---- C:\Windows\system32\config
2017-01-08 19:13:17 ----D---- C:\Users\Haswell\AppData\Roaming\TS3Client
2017-01-08 17:40:34 ----RD---- C:\Program Files
2017-01-07 10:39:21 ----D---- C:\Program Files (x86)\Battle.net
2017-01-07 08:59:40 ----D---- C:\Windows\System32
2017-01-07 08:59:40 ----D---- C:\Windows\inf
2017-01-07 08:59:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-06 17:08:28 ----SHD---- C:\System Volume Information
2017-01-05 15:27:37 ----D---- C:\KMPlayer
2017-01-05 15:03:08 ----D---- C:\Users\Haswell\AppData\Roaming\avidemux
2017-01-04 20:35:48 ----D---- C:\Windows
2017-01-04 20:35:48 ----A---- C:\Windows\system.ini
2017-01-04 20:31:54 ----D---- C:\Windows\SYSWOW64\drivers
2017-01-04 20:31:54 ----D---- C:\Windows\SysWOW64
2017-01-04 20:31:54 ----D---- C:\Windows\AppPatch
2017-01-04 20:31:53 ----D---- C:\Program Files (x86)\Common Files
2017-01-04 20:25:06 ----D---- C:\Windows\system32\drivers
2017-01-04 20:24:26 ----A---- C:\Windows\SWXCACLS.exe
2017-01-04 20:02:10 ----RD---- C:\Program Files (x86)
2017-01-03 13:49:27 ----D---- C:\ProgramData\NVIDIA Corporation
2016-12-31 10:52:25 ----D---- C:\ProgramData\Malwarebytes
2016-12-22 07:04:17 ----D---- C:\Program Files (x86)\Dropbox
2016-12-21 20:25:29 ----D---- C:\Windows\system32\NDF
2016-12-16 23:09:19 ----SHD---- C:\Windows\Installer
2016-12-16 23:04:01 ----D---- C:\Windows\Tasks
2016-12-15 16:28:34 ----D---- C:\Windows\rescache
2016-12-15 15:58:56 ----D---- C:\Windows\Microsoft.NET
2016-12-15 15:58:06 ----RSD---- C:\Windows\assembly
2016-12-15 07:40:59 ----D---- C:\Windows\winsxs
2016-12-15 07:40:12 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-15 07:40:12 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-12-14 23:30:40 ----D---- C:\Windows\SYSWOW64\en-US
2016-12-14 23:30:40 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-12-14 23:30:40 ----D---- C:\Windows\system32\en-US
2016-12-14 23:30:40 ----D---- C:\Windows\system32\cs-CZ
2016-12-14 23:30:40 ----D---- C:\Program Files\Internet Explorer
2016-12-14 23:30:40 ----D---- C:\Program Files (x86)\Internet Explorer
2016-12-14 23:30:39 ----D---- C:\Windows\system32\Boot
2016-12-14 23:12:53 ----D---- C:\Windows\system32\MRT
2016-12-14 23:12:00 ----AC---- C:\Windows\system32\MRT.exe
2016-12-14 23:11:08 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2016-12-14 22:13:53 ----D---- C:\Windows\system32\catroot2
2016-12-13 21:32:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-12-13 21:32:34 ----D---- C:\Windows\system32\Macromed
2016-12-13 21:32:33 ----D---- C:\Windows\SYSWOW64\Macromed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2016-08-31 31648]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [2016-08-31 830624]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2016-08-31 56976]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2016-08-31 116248]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [2016-12-31 176064]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D; C:\Windows\system32\DRIVERS\e1d62x64.sys [2013-02-27 496400]
R3 MBAMFarflt;MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [2017-01-08 102856]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2017-01-08 250816]
R3 MBAMWebProtection;MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [2017-01-08 81696]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-01-11 64624]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2016-10-02 149968]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-15 28216]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-10-02 56384]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [2015-12-16 117768]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MBAMProtection;MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [2017-01-08 43968]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-11-22 3294912]
R2 CmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2016-09-30 5817256]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2016-12-22 42096]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-09-17 1165368]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2013-01-03 183200]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2016-12-31 4317648]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-09-17 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-09-17 2522680]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-10-02 1364024]
R2 Origin Web Helper Service;Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [2016-12-06 2180624]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-08-24 76152]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-09-17 3634232]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-12-20 1467168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-12-14 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-12-14 125112]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-20 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-28 154440]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13 270936]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2016-09-30 2271928]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-20 143144]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-28 154440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-12-14 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-12-14 172488]
S3 Origin Client Service;Origin Client Service; D:\Origin\OriginClientService.exe [2016-12-06 2119688]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-11-22 209104]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2016-03-28 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-21 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-12-14 51384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-12-14 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-12-14 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-12-14 135848]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola - keylogger/hw
Smazáno. Udělejte ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola - keylogger/hw
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 08.01.17
Čas skenování: 20:46
Logovací soubor: log.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.952
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Haswell-PC\Haswell
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 344052
Uplynulý čas: 0 min, 59 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 3
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\logs\Haswell, Žádná uživatelská akce, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\logs, Žádná uživatelská akce, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\PROGRAM FILES\COMODO\GeekBuddy, Žádná uživatelská akce, [2243], [342281],1.0.952
Soubor: 4
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\logs\Haswell\CDC.log, Žádná uživatelská akce, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\logs\Haswell\CPC.log, Žádná uživatelská akce, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\logs\Haswell\CRC.log, Žádná uživatelská akce, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\logs\Haswell\CSU.log, Žádná uživatelská akce, [2243], [342281],1.0.952
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 08.01.17
Čas skenování: 20:46
Logovací soubor: log.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.952
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Haswell-PC\Haswell
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 344052
Uplynulý čas: 0 min, 59 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 3
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\logs\Haswell, Žádná uživatelská akce, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\logs, Žádná uživatelská akce, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\PROGRAM FILES\COMODO\GeekBuddy, Žádná uživatelská akce, [2243], [342281],1.0.952
Soubor: 4
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\logs\Haswell\CDC.log, Žádná uživatelská akce, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\logs\Haswell\CPC.log, Žádná uživatelská akce, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\logs\Haswell\CRC.log, Žádná uživatelská akce, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\logs\Haswell\CSU.log, Žádná uživatelská akce, [2243], [342281],1.0.952
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola - keylogger/hw
Vše, co MBAM nalezl, smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola - keylogger/hw
Smazáno, ale s GeekBuddym asi problém nebyl. Všímám si (je jeden případ i teď na fóru) že nejsem sám komu se ten problém s " děje. Vyměnil jsem i klávesnici za novou abych vyloučil hw. Už se to tedy stává o dost míň často ale přesto stejně občas ano.
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola - keylogger/hw
Ještě mužete provést sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Spusťte, nechte pracovat a na konci akce smažte vše, co najde.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?