Antimalwarebytes našel keylogger
Napsal: 26 črc 2015 19:55
Dovrý večer, animalwarebytes našel keyllogery, vymazal, ale stále se mi to nelíbí. Poradí někdo?
Díky.
Díky.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Lhotecky at 2015-07-26 20:58:43
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 168 GB (36%) free of 464 GB
Total RAM: 8120 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:58:45, on 26.7.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files\trend micro\Lhotecky.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Služba Kaspersky Security Scan (kss) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11478 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe"
"c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe"
C:\windows\System32\svchost.exe -k utcsvc
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\windows\system32\Dwm.exe"
"taskhost.exe"
C:\windows\Explorer.EXE
"C:\windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fb8bfc49-1901-4d6c-a2da-fa28790aa0e3 -SystemEventPortName:HostProcess-37686d55-5685-413f-826a-b5c6c66dd3ec -IoCancelEventPortName:HostProcess-3c26bdb7-c842-4fbb-8e5f-db79544b9867 -NonStateChangingEventPortName:HostProcess-57470e0e-b477-4ec8-9b4a-adb2bc0f7faa -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:1bf6ec31-a7cb-4a76-b5ac-f660e594aee9 -DeviceGroupId:WpdFsGroup
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\windows\system32\GWX\GWX.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\windows\system32\igfxsrvc.exe" -Embedding
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="1968.0.1908310550\113293940" "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 1968 "\\.\pipe\gecko-crash-server-pipe.1968" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe" --proxy-stub-channel=Flash1296.6D18D9E8.14143 --host-broker-channel=Flash1296.6D18D9E8.22425 --host-pid=1296 --host-npapi-version=28 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe" --channel=4084.0041F4C0.1363011974 --proxy-stub-channel=Flash1296.6D18D9E8.14143 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll" --host-npapi-version=28 --type=renderer
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" -r
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" --type=gpu-process --channel="5564.0.822040157\30647707" --no-sandbox --lang=en-US --log-severity=disable --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,17,37 --gpu-vendor-id=0x8086 --gpu-device-id=0x041e --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.18.10.3204 --lang=en-US --log-severity=disable /prefetch:822062411
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" --type=renderer --no-sandbox --enable-deferred-image-decoding --lang=en-US --lang=en-US --log-severity=disable --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5564.2.1906762807\1076980303" /prefetch:673131151
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Lhotecky\Downloads\RSITx64(1).exe"
C:\windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\HPCeeScheduleForLhotecky.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForLhotecky (null)
=========Mozilla firefox=========
ProfilePath - C:\Users\Lhotecky\AppData\Roaming\Mozilla\Firefox\Profiles\wx1mk4u0.default-1417106418040
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
nppdf32.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-22 218784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01 2133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-22 881880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2014-01-22 2333400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23 153248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01 1724032]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2014-01-23 707800]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2013-06-11 165872]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2013-06-11 407536]
"Persistence"=C:\windows\system32\igfxpers.exe [2013-06-11 444400]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-07-27 7194840]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-11-22 2919168]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"AdobeBridge"= []
"KSS"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-06-03 919296]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-04-26 292848]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05 111576]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2013-08-07 490760]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2013-07-18 683656]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2013-06-03 441344]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2015-07-26 20:58:43 ----D---- C:\rsit
2015-07-26 20:39:34 ----D---- C:\ProgramData\Kaspersky Lab
2015-07-26 20:39:34 ----D---- C:\Program Files (x86)\Kaspersky Lab
2015-07-21 15:50:38 ----A---- C:\windows\SYSWOW64\atmfd.dll
2015-07-21 15:50:38 ----A---- C:\windows\system32\lpk.dll
2015-07-21 15:50:38 ----A---- C:\windows\system32\atmlib.dll
2015-07-21 15:50:38 ----A---- C:\windows\system32\atmfd.dll
2015-07-21 15:50:37 ----A---- C:\windows\SYSWOW64\lpk.dll
2015-07-21 15:50:37 ----A---- C:\windows\SYSWOW64\fontsub.dll
2015-07-21 15:50:37 ----A---- C:\windows\SYSWOW64\dciman32.dll
2015-07-21 15:50:37 ----A---- C:\windows\SYSWOW64\atmlib.dll
2015-07-21 15:50:37 ----A---- C:\windows\system32\fontsub.dll
2015-07-21 15:50:37 ----A---- C:\windows\system32\dciman32.dll
2015-07-14 21:06:22 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2015-07-14 21:06:22 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2015-07-14 21:06:22 ----A---- C:\windows\SYSWOW64\iernonce.dll
2015-07-14 21:06:22 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2015-07-14 21:06:22 ----A---- C:\windows\system32\ieetwproxystub.dll
2015-07-14 21:06:22 ----A---- C:\windows\system32\ieetwcollector.exe
2015-07-14 21:06:21 ----A---- C:\windows\SYSWOW64\vbscript.dll
2015-07-14 21:06:21 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2015-07-14 21:06:21 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-07-14 21:06:21 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2015-07-14 21:06:21 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2015-07-14 21:06:21 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 21:06:21 ----A---- C:\windows\system32\iernonce.dll
2015-07-14 21:06:21 ----A---- C:\windows\system32\ie4uinit.exe
2015-07-14 21:06:20 ----A---- C:\windows\SYSWOW64\iesetup.dll
2015-07-14 21:06:20 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2015-07-14 21:06:19 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2015-07-14 21:06:19 ----A---- C:\windows\SYSWOW64\jscript.dll
2015-07-14 21:06:19 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2015-07-14 21:06:19 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2015-07-14 21:06:19 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2015-07-14 21:06:19 ----A---- C:\windows\system32\msfeeds.dll
2015-07-14 21:06:19 ----A---- C:\windows\system32\ieetwcollectorres.dll
2015-07-14 21:06:19 ----A---- C:\windows\system32\iedkcs32.dll
2015-07-14 21:06:19 ----A---- C:\windows\system32\dxtrans.dll
2015-07-14 21:06:18 ----A---- C:\windows\system32\iesetup.dll
2015-07-14 21:06:18 ----A---- C:\windows\system32\ieapfltr.dll
2015-07-14 21:06:17 ----A---- C:\windows\SYSWOW64\wininet.dll
2015-07-14 21:06:17 ----A---- C:\windows\SYSWOW64\msrating.dll
2015-07-14 21:06:17 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2015-07-14 21:06:17 ----A---- C:\windows\system32\vbscript.dll
2015-07-14 21:06:17 ----A---- C:\windows\system32\jsproxy.dll
2015-07-14 21:06:17 ----A---- C:\windows\system32\ieUnatt.exe
2015-07-14 21:06:16 ----A---- C:\windows\system32\mshtmled.dll
2015-07-14 21:06:16 ----A---- C:\windows\system32\dxtmsft.dll
2015-07-14 21:06:15 ----A---- C:\windows\system32\wininet.dll
2015-07-14 21:06:15 ----A---- C:\windows\system32\mshtmlmedia.dll
2015-07-14 21:06:15 ----A---- C:\windows\system32\jscript.dll
2015-07-14 21:06:14 ----A---- C:\windows\system32\msrating.dll
2015-07-14 21:06:14 ----A---- C:\windows\system32\MshtmlDac.dll
2015-07-14 21:05:23 ----A---- C:\windows\SYSWOW64\cewmdm.dll
2015-07-14 21:05:23 ----A---- C:\windows\system32\cewmdm.dll
2015-07-14 21:05:22 ----A---- C:\windows\SYSWOW64\wuwebv.dll
2015-07-14 21:05:22 ----A---- C:\windows\SYSWOW64\wups.dll
2015-07-14 21:05:22 ----A---- C:\windows\SYSWOW64\wudriver.dll
2015-07-14 21:05:22 ----A---- C:\windows\SYSWOW64\wuapp.exe
2015-07-14 21:05:22 ----A---- C:\windows\SYSWOW64\wuapi.dll
2015-07-14 21:05:22 ----A---- C:\windows\system32\wuauclt.exe
2015-07-14 21:05:22 ----A---- C:\windows\system32\wuapp.exe
2015-07-14 21:05:22 ----A---- C:\windows\system32\wuapi.dll
2015-07-14 21:05:22 ----A---- C:\windows\system32\WinSetupUI.dll
2015-07-14 21:05:21 ----A---- C:\windows\system32\wuwebv.dll
2015-07-14 21:05:21 ----A---- C:\windows\system32\wups2.dll
2015-07-14 21:05:21 ----A---- C:\windows\system32\wups.dll
2015-07-14 21:05:21 ----A---- C:\windows\system32\wudriver.dll
2015-07-14 21:05:21 ----A---- C:\windows\system32\wucltux.dll
2015-07-14 21:05:21 ----A---- C:\windows\system32\wuaueng.dll
2015-07-14 21:05:21 ----A---- C:\windows\system32\wu.upgrade.ps.dll
2015-07-14 21:04:47 ----A---- C:\windows\system32\rdpcorets.dll
2015-07-14 21:04:46 ----A---- C:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-14 21:04:45 ----A---- C:\windows\system32\win32k.sys
2015-07-14 21:04:44 ----A---- C:\windows\SYSWOW64\gdi32.dll
2015-07-14 21:04:44 ----A---- C:\windows\system32\gdi32.dll
2015-07-14 21:04:43 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2015-07-14 21:04:43 ----A---- C:\windows\SYSWOW64\jscript9.dll
2015-07-14 21:04:43 ----A---- C:\windows\system32\jscript9diag.dll
2015-07-14 21:04:43 ----A---- C:\windows\system32\jscript9.dll
2015-07-14 21:04:35 ----A---- C:\windows\SYSWOW64\mshtml.dll
2015-07-14 21:04:34 ----A---- C:\windows\SYSWOW64\urlmon.dll
2015-07-14 21:04:34 ----A---- C:\windows\SYSWOW64\ieui.dll
2015-07-14 21:04:34 ----A---- C:\windows\SYSWOW64\ieframe.dll
2015-07-14 21:04:33 ----A---- C:\windows\system32\urlmon.dll
2015-07-14 21:04:33 ----A---- C:\windows\system32\ieui.dll
2015-07-14 21:04:33 ----A---- C:\windows\system32\ieframe.dll
2015-07-14 21:04:32 ----A---- C:\windows\system32\mshtml.dll
2015-07-14 21:04:31 ----A---- C:\windows\SYSWOW64\iertutil.dll
2015-07-14 21:04:31 ----A---- C:\windows\system32\iertutil.dll
2015-07-14 20:56:31 ----A---- C:\windows\system32\wksprt.exe
2015-07-14 20:56:31 ----A---- C:\windows\system32\mstscax.dll
2015-07-14 20:56:30 ----A---- C:\windows\SYSWOW64\mstscax.dll
2015-07-14 20:56:29 ----A---- C:\windows\SYSWOW64\tsgqec.dll
2015-07-14 20:56:29 ----A---- C:\windows\SYSWOW64\rdvidcrl.dll
2015-07-14 20:56:29 ----A---- C:\windows\system32\tsgqec.dll
2015-07-14 20:56:29 ----A---- C:\windows\system32\rdvidcrl.dll
2015-07-14 20:56:09 ----A---- C:\windows\SYSWOW64\ole32.dll
2015-07-14 20:56:09 ----A---- C:\windows\system32\ole32.dll
2015-07-14 20:56:07 ----A---- C:\windows\system32\cryptsvc.dll
2015-07-14 20:56:06 ----A---- C:\windows\SYSWOW64\wintrust.dll
2015-07-14 20:56:06 ----A---- C:\windows\SYSWOW64\cryptsvc.dll
2015-07-14 20:56:06 ----A---- C:\windows\SYSWOW64\cryptnet.dll
2015-07-14 20:56:06 ----A---- C:\windows\SYSWOW64\crypt32.dll
2015-07-14 20:56:06 ----A---- C:\windows\system32\wintrust.dll
2015-07-14 20:56:06 ----A---- C:\windows\system32\cryptnet.dll
2015-07-14 20:56:06 ----A---- C:\windows\system32\crypt32.dll
2015-07-14 20:55:59 ----A---- C:\windows\SYSWOW64\wdigest.dll
2015-07-14 20:55:59 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2015-07-14 20:55:59 ----A---- C:\windows\SYSWOW64\schannel.dll
2015-07-14 20:55:59 ----A---- C:\windows\SYSWOW64\rpcrt4.dll
2015-07-14 20:55:59 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2015-07-14 20:55:59 ----A---- C:\windows\SYSWOW64\msv1_0.dll
2015-07-14 20:55:59 ----A---- C:\windows\SYSWOW64\kerberos.dll
2015-07-14 20:55:59 ----A---- C:\windows\SYSWOW64\cryptbase.dll
2015-07-14 20:55:59 ----A---- C:\windows\SYSWOW64\credssp.dll
2015-07-14 20:55:59 ----A---- C:\windows\SYSWOW64\auditpol.exe
2015-07-14 20:55:59 ----A---- C:\windows\system32\wdigest.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\TSpkg.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\sspisrv.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\sspicli.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\schannel.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\secur32.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\rpcrt4.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\ncrypt.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\msv1_0.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\lsass.exe
2015-07-14 20:55:59 ----A---- C:\windows\system32\lsasrv.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\kerberos.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2015-07-14 20:55:59 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2015-07-14 20:55:59 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2015-07-14 20:55:59 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2015-07-14 20:55:59 ----A---- C:\windows\system32\drivers\ksecdd.sys
2015-07-14 20:55:59 ----A---- C:\windows\system32\cryptbase.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\credssp.dll
2015-07-14 20:55:59 ----A---- C:\windows\system32\auditpol.exe
2015-07-14 20:55:58 ----A---- C:\windows\SYSWOW64\sspicli.dll
2015-07-14 20:55:58 ----A---- C:\windows\SYSWOW64\secur32.dll
2015-07-14 20:55:58 ----A---- C:\windows\SYSWOW64\msobjs.dll
2015-07-14 20:55:58 ----A---- C:\windows\SYSWOW64\msaudite.dll
2015-07-14 20:55:58 ----A---- C:\windows\SYSWOW64\adtschema.dll
2015-07-14 20:55:58 ----A---- C:\windows\system32\msobjs.dll
2015-07-14 20:55:58 ----A---- C:\windows\system32\msaudite.dll
2015-07-14 20:55:58 ----A---- C:\windows\system32\adtschema.dll
2015-07-14 20:55:50 ----A---- C:\windows\SYSWOW64\msi.dll
2015-07-14 20:55:50 ----A---- C:\windows\SYSWOW64\authui.dll
2015-07-14 20:55:50 ----A---- C:\windows\system32\msiexec.exe
2015-07-14 20:55:50 ----A---- C:\windows\system32\msi.dll
2015-07-14 20:55:50 ----A---- C:\windows\system32\consent.exe
2015-07-14 20:55:50 ----A---- C:\windows\system32\authui.dll
2015-07-14 20:55:49 ----A---- C:\windows\SYSWOW64\msimsg.dll
2015-07-14 20:55:49 ----A---- C:\windows\SYSWOW64\msihnd.dll
2015-07-14 20:55:49 ----A---- C:\windows\SYSWOW64\msiexec.exe
2015-07-14 20:55:49 ----A---- C:\windows\system32\msimsg.dll
2015-07-14 20:55:49 ----A---- C:\windows\system32\msihnd.dll
2015-07-14 20:55:49 ----A---- C:\windows\system32\appinfo.dll
2015-07-14 20:55:43 ----A---- C:\windows\system32\generaltel.dll
2015-07-14 20:55:43 ----A---- C:\windows\system32\appraiser.dll
2015-07-14 20:55:43 ----A---- C:\windows\system32\aeinv.dll
2015-07-14 20:55:42 ----A---- C:\windows\system32\invagent.dll
2015-07-14 20:55:42 ----A---- C:\windows\system32\devinv.dll
2015-07-14 20:55:42 ----A---- C:\windows\system32\CompatTelRunner.exe
2015-07-14 20:55:42 ----A---- C:\windows\system32\acmigration.dll
2015-07-14 20:55:41 ----A---- C:\windows\system32\aepdu.dll
2015-07-04 15:18:27 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2015-07-26 20:58:45 ----D---- C:\windows\Prefetch
2015-07-26 20:58:44 ----D---- C:\windows\Temp
2015-07-26 20:58:44 ----D---- C:\Program Files\trend micro
2015-07-26 20:44:11 ----D---- C:\windows\system32\config
2015-07-26 20:40:01 ----D---- C:\ProgramData
2015-07-26 20:39:59 ----SHD---- C:\windows\Installer
2015-07-26 20:39:34 ----RD---- C:\Program Files (x86)
2015-07-26 20:39:24 ----D---- C:\windows\System32
2015-07-26 20:39:24 ----D---- C:\windows\inf
2015-07-26 20:39:24 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-07-26 20:33:49 ----D---- C:\ProgramData\PDFC
2015-07-26 20:33:17 ----D---- C:\windows\system32\drivers
2015-07-26 20:32:44 ----D---- C:\windows\Registration
2015-07-26 20:20:04 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-26 14:29:46 ----SD---- C:\windows\system32\GWX
2015-07-24 20:12:34 ----SHD---- C:\System Volume Information
2015-07-22 15:42:48 ----D---- C:\windows\Tasks
2015-07-22 15:42:48 ----D---- C:\windows\system32\Tasks
2015-07-22 08:18:54 ----D---- C:\windows\winsxs
2015-07-22 08:17:27 ----D---- C:\windows\SysWOW64
2015-07-21 15:47:16 ----D---- C:\windows\system32\catroot2
2015-07-18 14:43:19 ----SD---- C:\Users\Lhotecky\AppData\Roaming\Microsoft
2015-07-16 10:12:44 ----SD---- C:\windows\SYSWOW64\GWX
2015-07-15 22:14:24 ----D---- C:\windows\rescache
2015-07-15 17:00:37 ----D---- C:\windows\SYSWOW64\cs-CZ
2015-07-15 17:00:37 ----D---- C:\windows\PolicyDefinitions
2015-07-15 17:00:36 ----D---- C:\windows\system32\cs-CZ
2015-07-15 17:00:35 ----D---- C:\windows\SYSWOW64\en-US
2015-07-15 17:00:35 ----D---- C:\windows\system32\en-US
2015-07-15 17:00:35 ----D---- C:\Program Files\Internet Explorer
2015-07-15 17:00:35 ----D---- C:\Program Files (x86)\Internet Explorer
2015-07-15 17:00:29 ----SD---- C:\windows\system32\CompatTel
2015-07-15 17:00:28 ----D---- C:\windows\system32\wbem
2015-07-15 17:00:28 ----D---- C:\windows\system32\appraiser
2015-07-15 17:00:28 ----D---- C:\windows\AppPatch
2015-07-14 23:26:25 ----D---- C:\windows\system32\MRT
2015-07-14 23:24:31 ----D---- C:\windows\debug
2015-07-14 19:30:51 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2015-07-10 23:22:49 ----D---- C:\Users\Lhotecky\AppData\Roaming\vlc
2015-07-09 18:35:02 ----D---- C:\Users\Lhotecky\AppData\Roaming\Skype
2015-07-06 12:14:43 ----D---- C:\Windows
2015-07-05 12:18:04 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 08:43:04 ----A---- C:\windows\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStorA;iaStorA; C:\windows\system32\drivers\iaStorA.sys [2013-09-21 630632]
R0 iaStorF;iaStorF; C:\windows\system32\drivers\iaStorF.sys [2013-09-21 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\windows\system32\drivers\iusb3hcs.sys [2013-04-26 20464]
R0 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-21 34688]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\windows\system32\drivers\vmbus.sys [2010-11-21 199552]
R1 CLVirtualDrive;CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [2011-12-27 90608]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2011-11-21 141264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2011-11-21 171152]
R2 epfwwfpr;epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys [2011-11-21 125296]
R3 athur;Wireless Network Adapter Service; C:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2013-06-03 4438208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2013-07-31 3564376]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3hub.sys [2013-04-26 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\windows\system32\drivers\iusb3xhc.sys [2013-04-26 786416]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2015-06-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [2015-07-26 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\windows\system32\drivers\mwac.sys [2015-06-18 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\drivers\TeeDriverx64.sys [2013-08-08 99288]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2013-08-15 881880]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dmvsc;dmvsc; C:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
S3 WinUsb;WinUsb; C:\windows\system32\drivers\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-18 98208]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-08-12 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-08-12 298760]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-11-22 814264]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2015-05-19 99128]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-05-12 733696]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-08-08 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-08-08 169432]
R2 kss;Služba Kaspersky Security Scan; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-06-03 919296]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-08-08 390616]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-07-18 1143432]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-06-19 246488]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2014-02-06 1069248]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14 268976]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2013-06-11 279024]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-11-22 42360]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2013-05-13 1129760]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2015-06-20 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-05-12 822232]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-07-04 148136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2014-07-29 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
.