VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

podezreneni na Trojan-Downloader.MSWord.Agent.qd

https://forum.viry.cz:443/viewtopic.php?t=145534

Stránka 1 z 1

podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 05 srp 2015 15:22
od bub60
Ahoj,

potřeboval bych pomoci po včerejším stažení pošty a otevření přílohy MS Word souboru 048939_86700784.doc si nejsem jistý, jestli je již PC bez viru, Avast nic nenašel, nainstaloval jsem Kaspersky, něco našel, ale nejsem si jistý.

Děkuji za rady Pavel

Log Kaspersky
05.08.2015 13.12.34 Úplná kontrola Úloha byla dokončena Čas dokončení: Dnes, 5.8.2015, 13:12
05.08.2015 13.12.33 Zjištěný objekt (soubor) byl odstraněn M:\záloha disku pro evu\Notebook\Různé\Z Programy\Codeky\DivXPro502GAINBundle.exe//Gain_Trickler.exe Soubor: M:\záloha disku pro evu\Notebook\Různé\Z Programy\Codeky\DivXPro502GAINBundle.exe//Gain_Trickler.exe Název objektu: not-a-virus:AdWare.Win32.Gator.3202
05.08.2015 12.28.24 Zjištěný objekt (soubor) byl odstraněn D:\048939_86700784.doc//x-mso//macros//nxc Soubor: D:\048939_86700784.doc//x-mso//macros//nxc Název objektu: Trojan-Downloader.MSWord.Agent.qd
05.08.2015 12.28.17 Byl zjištěn objekt (soubor) D:\048939_86700784.doc//x-mso//macros//nxc Soubor: D:\048939_86700784.doc//x-mso//macros//nxc Název objektu: Trojan-Downloader.MSWord.Agent.qd
05.08.2015 12.23.56 Objekt (soubor) nebyl zpracován M:\záloha disku pro evu\Notebook\Různé\Z Programy\Codeky\DivXPro502GAINBundle.exe//Gain_Trickler.exe Soubor: M:\záloha disku pro evu\Notebook\Různé\Z Programy\Codeky\DivXPro502GAINBundle.exe//Gain_Trickler.exe Název objektu: not-a-virus:AdWare.Win32.Gator.3202 Důvod: Odloženo
05.08.2015 12.23.56 Byl zjištěn objekt (soubor) M:\záloha disku pro evu\Notebook\Různé\Z Programy\Codeky\DivXPro502GAINBundle.exe//Gain_Trickler.exe Soubor: M:\záloha disku pro evu\Notebook\Různé\Z Programy\Codeky\DivXPro502GAINBundle.exe//Gain_Trickler.exe Název objektu: not-a-virus:AdWare.Win32.Gator.3202
05.08.2015 11.33.13 Objekt (soubor) nebyl zpracován D:\048939_86700784.doc//x-mso//macros//nxc Soubor: D:\048939_86700784.doc//x-mso//macros//nxc Název objektu: Trojan-Downloader.MSWord.Agent.qd Důvod: Odloženo
05.08.2015 11.33.13 Byl zjištěn objekt (soubor) D:\048939_86700784.doc//x-mso//macros//nxc Soubor: D:\048939_86700784.doc//x-mso//macros//nxc Název objektu: Trojan-Downloader.MSWord.Agent.qd
05.08.2015 11.17.20 Úplná kontrola Úloha byla spuštěna Čas:: Dnes, 5.8.2015, 11:17


Logfile of random's system information tool 1.10 (written by random/random)
Run by PC at 2015-08-05 16:18:42
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 29 GB (25%) free of 114 GB
Total RAM: 8159 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:18:43, on 5.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\PC\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\PC\AppData\Local\Temp\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\trend micro\PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Safe Money Plugin - {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Viber] "C:\Users\PC\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [SafeInCloud] "C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe" /auto-start
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O4 - Global Startup: Canon LBP5100 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAC6LAD.EXE
O4 - Global Startup: Dell Display Manager.lnk = C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
O4 - Global Startup: Philips SA4VBE Device Manager.lnk = C:\Program Files (x86)\Philips\GoGear SA4VBE Device Manager\GoGear_SA4VBE_DeviceManager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nová poznámka - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Vystřihnout obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Vystřihnout URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Vystřihnout záložku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Virtuální klávesnice - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Služba Kaspersky Anti-Virus 15.0.2 (AVP15.0.2) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 16644 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\Tablet\Wacom\WTabletServicePro.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe" -r
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe"
taskeng.exe {3B3BAD05-20F5-47C2-B78C-6C0CA8EBDB04}
taskeng.exe {7BDBB1C0-D3BF-4158-A518-88F4E8668927}
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
C:\Windows\system32\CNAC6RPD.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE"
KHALMNPR.EXE /API
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe" -hidden
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\PC\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe" /auto-start
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe"
"C:\Program Files\Tablet\Wacom\WacomHost.exe" "C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe"
"C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
"C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe"
"C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\splwow64.exe 8192
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE"
"C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe"
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4455a25c-d320-4f39-9abb-e9cc5623bc01 -SystemEventPortName:HostProcess-e0e70d0a-67ae-475f-8944-86f388a0499a -IoCancelEventPortName:HostProcess-592f1250-43fa-4d3e-9064-063e1ebe7a18 -NonStateChangingEventPortName:HostProcess-ae02bd50-d8b6-4d76-b68c-672f4710892a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:74591f1b-16e6-40eb-98b6-5f0aea372ba1 -DeviceGroupId:WpdFsGroup
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe -Embedding
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files (x86)\Evernote\Evernote\Evernote.exe"
"C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe"
"C:\Program Files\Internet Explorer\iexplore.exe" http://redirect.kaspersky.com/?hl=cs-CZ ... =Microsoft Windows 7 6.1.7601 Service Pack 1 Build 7601&pid=pure&version=15.0.2.361&hotfix=a.b.c&serial=&lic-id=C99388A1-39E2-4356-B2D7-6A7A5716002E&ktype=2&kcount=1&kcreat=20150805T000000&kexp=20150904T235959&kinst=20150805T000000&installid={91F0CD42-A9D0-4869-B592-9C3476D6BA5C}&installdate=1438764642&login=
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6460 CREDAT:267521 /prefetch:2
"C:\Users\PC\AppData\Local\Temp\TeamViewer\TeamViewer.exe" --noInstallation --dre
"C:\Users\PC\AppData\Local\Temp\TeamViewer\tv_w32.exe" --action hooks --log C:\Users\PC\AppData\Roaming\TeamViewer\TeamViewer10_Logfile.log
"C:\Users\PC\AppData\Local\Temp\TeamViewer\tv_x64.exe" --action hooks --log C:\Users\PC\AppData\Roaming\TeamViewer\TeamViewer10_Logfile.log

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6460 CREDAT:988451 /prefetch:2
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6460 CREDAT:1774877 /prefetch:2
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6460 CREDAT:3806655 /prefetch:2
C:\Windows\system32\Macromed\Flash\FlashUtil64_18_0_0_209_ActiveX.exe -Embedding
"taskhost.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6460 CREDAT:4724074 /prefetch:2
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"
"c:\users\pc\appdata\local\temp\teamviewer\TeamViewer_Desktop.exe" --IPCport 6039
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6460 CREDAT:4593124 /prefetch:2
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
C:\Windows\SysWOW64\DllHost.exe /Processid:{1EF75F33-893B-4E8F-9655-C3D602BA4897}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\PC\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2651325880-1400402914-218468842-1000Core.job - C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2651325880-1400402914-218468842-1000UA.job - C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\hh53w9lz.default

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "keyword.URL" - "http://www.default-search.net/search?si ... &src=ds&p="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin]
"Description"=
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45]
"Description"=
"Path"=C:\Windows\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\wacom.com/WacomTabletPlugin]
"Description"=
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll


C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\hh53w9lz.default\searchplugins\
default-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23 1865000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93BC2EA7-2F17-4729-948A-D2E03FFB2412}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23 1865000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23 1865000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-15 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01 629256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93BC2EA7-2F17-4729-948A-D2E03FFB2412}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-15 172640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-19 11613288]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1744152]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-05 2345848]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 2320752]
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2013-08-21 519504]
"MFNetworkScanUtility"=C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [2012-09-27 486552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Service 16"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-06-16 833024]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-06-02 28785792]
"Viber"=C:\Users\PC\AppData\Local\Viber\Viber.exe [2015-06-10 80035536]
"Dropbox Update"=C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 134512]
"SafeInCloud"=C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe [2015-06-30 2664960]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-07-17 8418584]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [2015-07-12 563416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 660360]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1637496]
"PMBVolumeWatcher"=C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2013-04-24 740888]
"Philips Device Listener"=C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [2012-03-19 380416]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2014-03-05 7830704]
"AcronisTibMounterMonitor"=C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [2013-10-10 1104104]
""= []
"Display"=C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [2012-01-24 284024]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30 334896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
Canon LBP5100 Status Window.lnk - C:\Windows\System32\spool\drivers\x64\3\CNAC6LAD.EXE
Dell Display Manager.lnk - C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
Philips SA4VBE Device Manager.lnk - C:\Program Files (x86)\Philips\GoGear SA4VBE Device Manager\GoGear_SA4VBE_DeviceManager.exe

C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 68376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe]
"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-05 16:12:36 ----D---- C:\rsit
2015-08-05 16:12:36 ----D---- C:\Program Files\trend micro
2015-08-05 10:50:50 ----A---- C:\Windows\system32\klfphc.dll
2015-08-05 10:50:46 ----D---- C:\Windows\ELAMBKUP
2015-08-05 10:50:46 ----D---- C:\ProgramData\Kaspersky Lab
2015-08-05 10:50:46 ----D---- C:\Program Files (x86)\Kaspersky Lab
2015-08-05 10:50:45 ----A---- C:\ProgramData\ntuser.dat
2015-08-05 10:50:42 ----A---- C:\Windows\system32\drivers\klif.sys
2015-08-05 10:50:42 ----A---- C:\Windows\system32\drivers\klflt.sys
2015-08-05 08:32:15 ----D---- C:\Program Files\CCleaner
2015-07-29 08:23:59 ----A---- C:\Windows\system32\invagent.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\generaltel.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\devinv.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-07-29 08:23:59 ----A---- C:\Windows\system32\appraiser.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\aepdu.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\aeinv.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\acmigration.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\lpk.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\fontsub.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\dciman32.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\atmlib.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\atmfd.dll
2015-07-15 08:34:56 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-07-15 08:34:55 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-07-15 08:34:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-07-15 08:34:55 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\urlmon.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\mshtml.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\ieui.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\ieframe.dll
2015-07-15 08:34:53 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-07-15 08:34:53 ----A---- C:\Windows\system32\iertutil.dll
2015-07-15 08:32:23 ----A---- C:\Windows\SYSWOW64\cewmdm.dll
2015-07-15 08:32:23 ----A---- C:\Windows\system32\cewmdm.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuwebv.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wups2.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wups.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wudriver.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wucltux.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuaueng.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuauclt.exe
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuapp.exe
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuapi.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-07-15 08:32:05 ----A---- C:\Windows\system32\win32k.sys
2015-07-15 08:32:04 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-07-15 08:32:04 ----A---- C:\Windows\system32\gdi32.dll
2015-07-15 08:32:03 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-07-15 08:32:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-07-15 08:32:03 ----A---- C:\Windows\system32\jscript9diag.dll
2015-07-15 08:32:03 ----A---- C:\Windows\system32\jscript9.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\iernonce.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-07-15 08:31:45 ----A---- C:\Windows\system32\ie4uinit.exe
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-07-15 08:31:44 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 08:31:44 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 08:31:44 ----A---- C:\Windows\system32\iedkcs32.dll
2015-07-15 08:31:43 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\msfeeds.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\iesetup.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\ieapfltr.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\dxtrans.dll
2015-07-15 08:31:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-07-15 08:31:42 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-07-15 08:31:42 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-07-15 08:31:42 ----A---- C:\Windows\system32\vbscript.dll
2015-07-15 08:31:42 ----A---- C:\Windows\system32\jsproxy.dll
2015-07-15 08:31:42 ----A---- C:\Windows\system32\ieUnatt.exe
2015-07-15 08:31:42 ----A---- C:\Windows\system32\dxtmsft.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\wininet.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\mshtmled.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\jscript.dll
2015-07-15 08:31:40 ----A---- C:\Windows\system32\msrating.dll
2015-07-15 08:31:40 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-07-15 08:27:50 ----A---- C:\Windows\SYSWOW64\ole32.dll
2015-07-15 08:27:50 ----A---- C:\Windows\system32\ole32.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\wintrust.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\cryptsvc.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\cryptnet.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\crypt32.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\wdigest.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\TSpkg.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\sspisrv.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\sspicli.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\schannel.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\secur32.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\rpcrt4.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\ncrypt.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\msv1_0.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\msobjs.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\msaudite.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\lsass.exe
2015-07-15 08:27:46 ----A---- C:\Windows\system32\lsasrv.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\kerberos.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\cryptbase.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\credssp.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\auditpol.exe
2015-07-15 08:27:46 ----A---- C:\Windows\system32\adtschema.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msi.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msimsg.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msihnd.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msiexec.exe
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msi.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\consent.exe
2015-07-15 08:27:42 ----A---- C:\Windows\system32\authui.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\appinfo.dll
2015-07-13 11:45:47 ----D---- C:\Program Files (x86)\GO Contact Sync Mod
2015-07-10 09:00:38 ----D---- C:\Program Files (x86)\Safe In Cloud

======List of files/folders modified in the last 1 month======

2015-08-05 16:18:42 ----D---- C:\Windows\Temp
2015-08-05 16:12:36 ----D---- C:\Program Files
2015-08-05 15:57:44 ----D---- C:\Users\PC\AppData\Roaming\Skype
2015-08-05 14:56:03 ----D---- C:\Users\PC\AppData\Roaming\TeamViewer
2015-08-05 13:34:34 ----D---- C:\Windows\System32
2015-08-05 13:34:34 ----D---- C:\Windows\inf
2015-08-05 13:34:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-05 13:30:51 ----A---- C:\Windows\SYSWOW64\log.txt
2015-08-05 13:28:37 ----D---- C:\Users\PC\AppData\Roaming\Dropbox
2015-08-05 13:28:28 ----D---- C:\Users\PC\AppData\Roaming\ViberPC
2015-08-05 13:28:21 ----SHD---- C:\System Volume Information
2015-08-05 13:28:20 ----D---- C:\ProgramData\NVIDIA
2015-08-05 13:27:43 ----A---- C:\Windows\SYSWOW64\PCPELog.txt
2015-08-05 13:27:38 ----D---- C:\Windows\system32\catroot
2015-08-05 11:05:07 ----SHD---- C:\Windows\Installer
2015-08-05 11:05:06 ----D---- C:\Windows\system32\drivers
2015-08-05 11:05:02 ----D---- C:\Windows\system32\DriverStore
2015-08-05 10:52:30 ----HD---- C:\ProgramData
2015-08-05 10:52:06 ----D---- C:\Windows\system32\config
2015-08-05 10:50:46 ----RD---- C:\Program Files (x86)
2015-08-05 10:50:46 ----D---- C:\Windows
2015-08-05 10:48:33 ----D---- C:\ProgramData\AVAST Software
2015-08-05 08:34:18 ----D---- C:\Windows\Panther
2015-08-05 08:34:18 ----D---- C:\Windows\Minidump
2015-08-05 08:34:18 ----D---- C:\Windows\Logs
2015-08-05 08:34:18 ----D---- C:\Windows\debug
2015-08-05 08:32:17 ----D---- C:\Windows\system32\Tasks
2015-07-29 14:25:41 ----SD---- C:\Windows\system32\CompatTel
2015-07-29 08:23:42 ----D---- C:\Windows\winsxs
2015-07-29 08:23:22 ----D---- C:\Windows\SoftwareDistribution
2015-07-28 17:49:34 ----D---- C:\Windows\SysWOW64
2015-07-28 17:49:34 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-07-28 14:01:59 ----D---- C:\Users\PC\AppData\Roaming\GoContactSyncMOD
2015-07-27 08:18:09 ----SD---- C:\Windows\system32\GWX
2015-07-16 13:52:50 ----D---- C:\Windows\Tasks
2015-07-16 13:16:50 ----D---- C:\Windows\rescache
2015-07-16 07:58:57 ----SD---- C:\Windows\SYSWOW64\GWX
2015-07-16 07:58:57 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-07-16 07:58:57 ----D---- C:\Windows\system32\cs-CZ
2015-07-16 07:58:57 ----D---- C:\Windows\PolicyDefinitions
2015-07-16 07:58:56 ----D---- C:\Windows\SYSWOW64\en-US
2015-07-16 07:58:56 ----D---- C:\Windows\system32\wbem
2015-07-16 07:58:56 ----D---- C:\Windows\system32\en-US
2015-07-16 07:58:56 ----D---- C:\Windows\system32\appraiser
2015-07-16 07:58:56 ----D---- C:\Windows\AppPatch
2015-07-16 07:58:56 ----D---- C:\Program Files\Internet Explorer
2015-07-16 07:58:56 ----D---- C:\Program Files (x86)\Internet Explorer
2015-07-15 19:16:18 ----D---- C:\ProgramData\Microsoft Help
2015-07-15 19:14:02 ----D---- C:\Windows\system32\MRT
2015-07-15 11:14:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-07-15 08:27:25 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK); C:\Windows\system32\DRIVERS\cm_km_w.sys [2015-08-05 247016]
R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2013-11-25 116000]
R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2015-08-05 478392]
R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [2010-10-06 179752]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2013-11-25 269600]
R0 tib;Acronis TIB Manager; C:\Windows\system32\DRIVERS\tib.sys [2013-11-25 1120032]
R0 tib_mounter;Acronis TIB Mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [2013-11-25 198432]
R0 vididr;Acronis Virtual Disk; C:\Windows\system32\DRIVERS\vididr.sys [2013-11-25 161568]
R0 vidsflt;Acronis Disk Storage Filter; C:\Windows\system32\DRIVERS\vidsflt.sys [2013-11-25 117024]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 klhk;klhk; C:\Windows\system32\DRIVERS\klhk.sys [2015-08-05 225976]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2015-08-05 850608]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2015-08-05 39280]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2015-08-05 24944]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2015-08-05 65208]
R1 Klwtp;Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [2015-08-05 85360]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2015-08-05 190648]
R2 kldisk;kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [2015-08-05 64368]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2014-03-28 367200]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2009-11-05 27512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-23 2565736]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-08-05 159960]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2015-08-05 40304]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2015-08-05 39280]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 66840]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 60696]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-12-19 194488]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64k.sys [2009-11-05 34160]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2011-03-18 74376]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-03-18 85384]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
S3 hidkmdf;KMDF Driver; C:\Windows\system32\DRIVERS\hidkmdf.sys [2014-03-17 14136]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
S3 HtcVCom32;HTC Diagnostic Port; C:\Windows\system32\DRIVERS\HtcVComV64.sys [2010-03-09 121800]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2014-03-28 1464096]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WacHidRouter;Wacom Hid Router; C:\Windows\system32\DRIVERS\wachidrouter.sys [2014-03-17 95032]
S3 wacomrouterfilter;Wacom Router Filter Driver; C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [2014-03-17 15160]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 klkbdflt2;Kaspersky Lab KlKbdFlt2; C:\Windows\system32\DRIVERS\klkbdflt2.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2013-08-21 1144688]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-04-30 81088]
R2 afcdpsrv;Acronis Nonstop Backup Service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-03-28 3869688]
R2 APC Data Service;APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 AVP15.0.2;Služba Kaspersky Anti-Virus 15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [2015-08-05 194000]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-03-15 877856]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-04-24 483864]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
R2 syncagentsrv;Acronis Sync Agent Service; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-02-04 7149264]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RapiMgr;Připojení zařízení se systémem Windows Mobile; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 WcesComm;Připojení zařízení se systémem Windows Mobile 2003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 268976]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-02-26 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-06-20 114688]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 359192]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-06-29 148080]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-08 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 05 srp 2015 16:11
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 05 srp 2015 16:29
od bub60
Děkuji za reakci, log zde:

# AdwCleaner v4.208 - Log vytvořen 05/08/2015 v 17:30:19
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-09.2 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : PC - GEPEX1
# Spuštěno z : C:\Users\PC\Downloads\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\apn
Složka Smazáno : C:\Program Files (x86)\Easy Speed Check
Složka Smazáno : C:\Program Files (x86)\Linkey
Složka Smazáno : C:\Program Files (x86)\Probit Software
Složka Smazáno : C:\Program Files (x86)\DriverToolkit
Složka Smazáno : C:\Users\PC\AppData\Local\DriverToolkit
Složka Smazáno : C:\Users\PC\AppData\Roaming\Probit Software
Složka Smazáno : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Soubor Smazáno : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\hh53w9lz.default\searchplugins\default-search.xml
Soubor Smazáno : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Klíč Smazáno : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Klíč Smazáno : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-006A-76A7-7A786E7484D7}]
Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Klíč Smazáno : HKCU\Software\Easy Speed Check
Klíč Smazáno : HKCU\Software\DriverToolkit
Klíč Smazáno : HKCU\Software\Linkey
Klíč Smazáno : HKCU\Software\Probit Software
Klíč Smazáno : HKLM\SOFTWARE\SystemK
Klíč Smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v38.0.1 (x86 cs)

[hh53w9lz.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.order.1", "default-search.net");
[hh53w9lz.default\prefs.js] - Řádek Smazáno : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=498&a ... &src=ds&p=");

-\\ Google Chrome v44.0.2403.125

[C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://www.default-search.net/search?sid=498&a ... earchTerms}
[C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://www.default-search.net/search?sid=498&a ... earchTerms}

*************************

AdwCleaner[R0].txt - [6938 bytů] - [05/08/2015 17:27:32]
AdwCleaner[S0].txt - [5763 bytů] - [05/08/2015 17:30:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5821 bytů] ##########

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 05 srp 2015 17:40
od Rudy
Dejte nový log RSIT.

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 05 srp 2015 18:20
od bub60
zasílám log

Logfile of random's system information tool 1.10 (written by random/random)
Run by PC at 2015-08-05 19:25:29
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 28 GB (25%) free of 114 GB
Total RAM: 8159 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:25:30, on 5.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\PC\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Program Files\trend micro\PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Safe Money Plugin - {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Viber] "C:\Users\PC\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [SafeInCloud] "C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe" /auto-start
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O4 - Global Startup: Canon LBP5100 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAC6LAD.EXE
O4 - Global Startup: Dell Display Manager.lnk = C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
O4 - Global Startup: Philips SA4VBE Device Manager.lnk = C:\Program Files (x86)\Philips\GoGear SA4VBE Device Manager\GoGear_SA4VBE_DeviceManager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nová poznámka - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Vystřihnout obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Vystřihnout URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Vystřihnout záložku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Virtuální klávesnice - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Služba Kaspersky Anti-Virus 15.0.2 (AVP15.0.2) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 16341 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files\Tablet\Wacom\WTabletServicePro.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
taskeng.exe {8E090D08-8D41-41C1-B28E-CB5F18FF2C4B}
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
taskeng.exe {EF7AB2EF-1A58-4D6B-BD73-3D9C963C3F5B}
"C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe" -r
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe"
C:\Windows\system32\CNAC6RPD.EXE
"C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe" -hidden
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\PC\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe" /auto-start
KHALMNPR.EXE /API
"C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe"
"C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
"C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE" /tsr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\splwow64.exe 8192
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE"
"C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5aa32fa0-433e-45a5-9eb2-db5e7deaa8db -SystemEventPortName:HostProcess-21fe93f0-4bfc-441b-a7ad-4c33a50cd468 -IoCancelEventPortName:HostProcess-8b257fe0-7b41-48bc-953f-fecf9f047349 -NonStateChangingEventPortName:HostProcess-68c05f0e-4f13-4048-abd8-c381e56eb8aa -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:09304ba6-0e2d-4ff9-953a-e4364413fc01 -DeviceGroupId:WpdFsGroup
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe"
"C:\Program Files\Tablet\Wacom\WacomHost.exe" "C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8036 CREDAT:267521 /prefetch:2
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8036 CREDAT:464190 /prefetch:2
C:\Windows\system32\Macromed\Flash\FlashUtil64_18_0_0_209_ActiveX.exe -Embedding
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files\Internet Explorer\iexplore.exe" -w "C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Kontakty Google.website"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6376 CREDAT:267521 APPID:Microsoft.Website.9CB8E698.2C6141EE /prefetch:2
"C:\Program Files (x86)\Evernote\Evernote\Evernote.exe"
"C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe"
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe -Embedding
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe36_ Global\UsGthrCtrlFltPipeMssGthrPipe36 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8036 CREDAT:1578264 /prefetch:2
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\sysWow64\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2651325880-1400402914-218468842-100037_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2651325880-1400402914-218468842-100037 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\PC\Downloads\RSITx64 (1).exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2651325880-1400402914-218468842-1000Core.job - C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2651325880-1400402914-218468842-1000UA.job - C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\hh53w9lz.default

prefs.js - "browser.startup.homepage" - "seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin]
"Description"=
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45]
"Description"=
"Path"=C:\Windows\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\wacom.com/WacomTabletPlugin]
"Description"=
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23 1865000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93BC2EA7-2F17-4729-948A-D2E03FFB2412}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23 1865000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23 1865000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-15 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01 629256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93BC2EA7-2F17-4729-948A-D2E03FFB2412}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-15 172640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-19 11613288]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1744152]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-05 2345848]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 2320752]
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2013-08-21 519504]
"MFNetworkScanUtility"=C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [2012-09-27 486552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Service 16"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-06-16 833024]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-06-02 28785792]
"Viber"=C:\Users\PC\AppData\Local\Viber\Viber.exe [2015-06-10 80035536]
"Dropbox Update"=C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 134512]
"SafeInCloud"=C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe [2015-06-30 2664960]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-07-17 8418584]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [2015-07-12 563416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 660360]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1637496]
"PMBVolumeWatcher"=C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2013-04-24 740888]
"Philips Device Listener"=C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [2012-03-19 380416]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2014-03-05 7830704]
"AcronisTibMounterMonitor"=C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [2013-10-10 1104104]
""= []
"Display"=C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [2012-01-24 284024]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30 334896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
Canon LBP5100 Status Window.lnk - C:\Windows\System32\spool\drivers\x64\3\CNAC6LAD.EXE
Dell Display Manager.lnk - C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
Philips SA4VBE Device Manager.lnk - C:\Program Files (x86)\Philips\GoGear SA4VBE Device Manager\GoGear_SA4VBE_DeviceManager.exe

C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 68376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera]
"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-05 17:25:26 ----D---- C:\AdwCleaner
2015-08-05 16:12:36 ----D---- C:\rsit
2015-08-05 16:12:36 ----D---- C:\Program Files\trend micro
2015-08-05 10:50:50 ----A---- C:\Windows\system32\klfphc.dll
2015-08-05 10:50:46 ----D---- C:\Windows\ELAMBKUP
2015-08-05 10:50:46 ----D---- C:\ProgramData\Kaspersky Lab
2015-08-05 10:50:46 ----D---- C:\Program Files (x86)\Kaspersky Lab
2015-08-05 10:50:45 ----A---- C:\ProgramData\ntuser.dat
2015-08-05 10:50:42 ----A---- C:\Windows\system32\drivers\klif.sys
2015-08-05 10:50:42 ----A---- C:\Windows\system32\drivers\klflt.sys
2015-08-05 08:32:15 ----D---- C:\Program Files\CCleaner
2015-07-29 08:23:59 ----A---- C:\Windows\system32\invagent.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\generaltel.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\devinv.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-07-29 08:23:59 ----A---- C:\Windows\system32\appraiser.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\aepdu.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\aeinv.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\acmigration.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\lpk.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\fontsub.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\dciman32.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\atmlib.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\atmfd.dll
2015-07-15 08:34:56 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-07-15 08:34:55 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-07-15 08:34:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-07-15 08:34:55 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\urlmon.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\mshtml.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\ieui.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\ieframe.dll
2015-07-15 08:34:53 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-07-15 08:34:53 ----A---- C:\Windows\system32\iertutil.dll
2015-07-15 08:32:23 ----A---- C:\Windows\SYSWOW64\cewmdm.dll
2015-07-15 08:32:23 ----A---- C:\Windows\system32\cewmdm.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuwebv.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wups2.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wups.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wudriver.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wucltux.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuaueng.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuauclt.exe
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuapp.exe
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuapi.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-07-15 08:32:05 ----A---- C:\Windows\system32\win32k.sys
2015-07-15 08:32:04 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-07-15 08:32:04 ----A---- C:\Windows\system32\gdi32.dll
2015-07-15 08:32:03 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-07-15 08:32:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-07-15 08:32:03 ----A---- C:\Windows\system32\jscript9diag.dll
2015-07-15 08:32:03 ----A---- C:\Windows\system32\jscript9.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\iernonce.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-07-15 08:31:45 ----A---- C:\Windows\system32\ie4uinit.exe
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-07-15 08:31:44 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 08:31:44 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 08:31:44 ----A---- C:\Windows\system32\iedkcs32.dll
2015-07-15 08:31:43 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\msfeeds.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\iesetup.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\ieapfltr.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\dxtrans.dll
2015-07-15 08:31:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-07-15 08:31:42 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-07-15 08:31:42 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-07-15 08:31:42 ----A---- C:\Windows\system32\vbscript.dll
2015-07-15 08:31:42 ----A---- C:\Windows\system32\jsproxy.dll
2015-07-15 08:31:42 ----A---- C:\Windows\system32\ieUnatt.exe
2015-07-15 08:31:42 ----A---- C:\Windows\system32\dxtmsft.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\wininet.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\mshtmled.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\jscript.dll
2015-07-15 08:31:40 ----A---- C:\Windows\system32\msrating.dll
2015-07-15 08:31:40 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-07-15 08:27:50 ----A---- C:\Windows\SYSWOW64\ole32.dll
2015-07-15 08:27:50 ----A---- C:\Windows\system32\ole32.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\wintrust.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\cryptsvc.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\cryptnet.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\crypt32.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\wdigest.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\TSpkg.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\sspisrv.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\sspicli.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\schannel.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\secur32.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\rpcrt4.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\ncrypt.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\msv1_0.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\msobjs.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\msaudite.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\lsass.exe
2015-07-15 08:27:46 ----A---- C:\Windows\system32\lsasrv.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\kerberos.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\cryptbase.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\credssp.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\auditpol.exe
2015-07-15 08:27:46 ----A---- C:\Windows\system32\adtschema.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msi.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msimsg.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msihnd.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msiexec.exe
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msi.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\consent.exe
2015-07-15 08:27:42 ----A---- C:\Windows\system32\authui.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\appinfo.dll
2015-07-13 11:45:47 ----D---- C:\Program Files (x86)\GO Contact Sync Mod
2015-07-10 09:00:38 ----D---- C:\Program Files (x86)\Safe In Cloud

======List of files/folders modified in the last 1 month======

2015-08-05 19:25:30 ----D---- C:\Windows\Temp
2015-08-05 19:17:38 ----D---- C:\Users\PC\AppData\Roaming\Skype
2015-08-05 17:37:34 ----D---- C:\Windows\System32
2015-08-05 17:37:34 ----D---- C:\Windows\inf
2015-08-05 17:37:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-05 17:34:02 ----A---- C:\Windows\SYSWOW64\log.txt
2015-08-05 17:31:56 ----D---- C:\Users\PC\AppData\Roaming\Dropbox
2015-08-05 17:31:51 ----D---- C:\Users\PC\AppData\Roaming\ViberPC
2015-08-05 17:31:40 ----SHD---- C:\System Volume Information
2015-08-05 17:31:38 ----D---- C:\ProgramData\NVIDIA
2015-08-05 17:30:56 ----D---- C:\Windows\system32\config
2015-08-05 17:30:19 ----RD---- C:\Program Files (x86)
2015-08-05 17:30:19 ----HD---- C:\ProgramData
2015-08-05 16:12:36 ----D---- C:\Program Files
2015-08-05 14:56:03 ----D---- C:\Users\PC\AppData\Roaming\TeamViewer
2015-08-05 13:27:43 ----A---- C:\Windows\SYSWOW64\PCPELog.txt
2015-08-05 13:27:38 ----D---- C:\Windows\system32\catroot
2015-08-05 11:05:07 ----SHD---- C:\Windows\Installer
2015-08-05 11:05:06 ----D---- C:\Windows\system32\drivers
2015-08-05 11:05:02 ----D---- C:\Windows\system32\DriverStore
2015-08-05 10:50:46 ----D---- C:\Windows
2015-08-05 10:48:33 ----D---- C:\ProgramData\AVAST Software
2015-08-05 08:34:18 ----D---- C:\Windows\Panther
2015-08-05 08:34:18 ----D---- C:\Windows\Minidump
2015-08-05 08:34:18 ----D---- C:\Windows\Logs
2015-08-05 08:34:18 ----D---- C:\Windows\debug
2015-08-05 08:32:17 ----D---- C:\Windows\system32\Tasks
2015-07-29 14:25:41 ----SD---- C:\Windows\system32\CompatTel
2015-07-29 08:23:42 ----D---- C:\Windows\winsxs
2015-07-29 08:23:22 ----D---- C:\Windows\SoftwareDistribution
2015-07-28 17:49:34 ----D---- C:\Windows\SysWOW64
2015-07-28 17:49:34 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-07-28 14:01:59 ----D---- C:\Users\PC\AppData\Roaming\GoContactSyncMOD
2015-07-27 08:18:09 ----SD---- C:\Windows\system32\GWX
2015-07-16 13:52:50 ----D---- C:\Windows\Tasks
2015-07-16 13:16:50 ----D---- C:\Windows\rescache
2015-07-16 07:58:57 ----SD---- C:\Windows\SYSWOW64\GWX
2015-07-16 07:58:57 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-07-16 07:58:57 ----D---- C:\Windows\system32\cs-CZ
2015-07-16 07:58:57 ----D---- C:\Windows\PolicyDefinitions
2015-07-16 07:58:56 ----D---- C:\Windows\SYSWOW64\en-US
2015-07-16 07:58:56 ----D---- C:\Windows\system32\wbem
2015-07-16 07:58:56 ----D---- C:\Windows\system32\en-US
2015-07-16 07:58:56 ----D---- C:\Windows\system32\appraiser
2015-07-16 07:58:56 ----D---- C:\Windows\AppPatch
2015-07-16 07:58:56 ----D---- C:\Program Files\Internet Explorer
2015-07-16 07:58:56 ----D---- C:\Program Files (x86)\Internet Explorer
2015-07-15 19:16:18 ----D---- C:\ProgramData\Microsoft Help
2015-07-15 19:14:02 ----D---- C:\Windows\system32\MRT
2015-07-15 11:14:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-07-15 08:27:25 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK); C:\Windows\system32\DRIVERS\cm_km_w.sys [2015-08-05 247016]
R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2013-11-25 116000]
R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2015-08-05 478392]
R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [2010-10-06 179752]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2013-11-25 269600]
R0 tib;Acronis TIB Manager; C:\Windows\system32\DRIVERS\tib.sys [2013-11-25 1120032]
R0 tib_mounter;Acronis TIB Mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [2013-11-25 198432]
R0 vididr;Acronis Virtual Disk; C:\Windows\system32\DRIVERS\vididr.sys [2013-11-25 161568]
R0 vidsflt;Acronis Disk Storage Filter; C:\Windows\system32\DRIVERS\vidsflt.sys [2013-11-25 117024]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 klhk;klhk; C:\Windows\system32\DRIVERS\klhk.sys [2015-08-05 225976]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2015-08-05 850608]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2015-08-05 39280]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2015-08-05 24944]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2015-08-05 65208]
R1 Klwtp;Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [2015-08-05 85360]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2015-08-05 190648]
R2 kldisk;kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [2015-08-05 64368]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2014-03-28 367200]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2009-11-05 27512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-23 2565736]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-08-05 159960]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2015-08-05 40304]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2015-08-05 39280]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 66840]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 60696]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-12-19 194488]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64k.sys [2009-11-05 34160]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2011-03-18 74376]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-03-18 85384]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
S3 hidkmdf;KMDF Driver; C:\Windows\system32\DRIVERS\hidkmdf.sys [2014-03-17 14136]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
S3 HtcVCom32;HTC Diagnostic Port; C:\Windows\system32\DRIVERS\HtcVComV64.sys [2010-03-09 121800]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2014-03-28 1464096]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WacHidRouter;Wacom Hid Router; C:\Windows\system32\DRIVERS\wachidrouter.sys [2014-03-17 95032]
S3 wacomrouterfilter;Wacom Router Filter Driver; C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [2014-03-17 15160]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 klkbdflt2;Kaspersky Lab KlKbdFlt2; C:\Windows\system32\DRIVERS\klkbdflt2.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2013-08-21 1144688]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-04-30 81088]
R2 afcdpsrv;Acronis Nonstop Backup Service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-03-28 3869688]
R2 APC Data Service;APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 AVP15.0.2;Služba Kaspersky Anti-Virus 15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [2015-08-05 194000]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-03-15 877856]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-04-24 483864]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
R2 syncagentsrv;Acronis Sync Agent Service; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-02-04 7149264]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RapiMgr;Připojení zařízení se systémem Windows Mobile; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 WcesComm;Připojení zařízení se systémem Windows Mobile 2003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 268976]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-02-26 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-06-20 114688]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 359192]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-06-29 148080]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-08 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 05 srp 2015 18:57
od Rudy
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Program Files (x86)\Google\Google Toolbar
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]/64
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 05 srp 2015 19:21
od bub60
Provedl jsem a zasílám log po spuštění počítače:

All processes killed
========== FILES ==========
C:\Program Files (x86)\Google\Google Toolbar\Component folder moved successfully.
C:\Program Files (x86)\Google\Google Toolbar folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PC
->Temp folder emptied: 54531302 bytes
->Temporary Internet Files folder emptied: 93139676 bytes
->Java cache emptied: 10632763 bytes
->FireFox cache emptied: 61112787 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57750 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98249744 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 10709118 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42307449 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 745 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 354,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: PC
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 08052015_202002

Files moved on Reboot...
C:\Users\PC\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SU4EM0OS\402-otm-oldtimers-move-it[1].htm moved successfully.
File C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OODEGHG5\pixel[1].htm not found!
File C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OODEGHG5\s2[1].htm not found!
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2Q8YC57\afr[1].htm moved successfully.
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2Q8YC57\afr[2].htm moved successfully.
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GE0BEAED\viewtopic[2].htm moved successfully.
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\52ICYUE4\context[1].htm moved successfully.
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3KACVL8B\context[1].htm moved successfully.
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File C:\Windows\temp\obu79F3.tmp not found!
File C:\Windows\temp\obu7A13.tmp not found!
File C:\Windows\temp\obu7A33.tmp not found!
File C:\Windows\temp\obu7A63.tmp not found!
File C:\Windows\temp\obu7A83.tmp not found!
File C:\Windows\temp\obu7AA4.tmp not found!
File C:\Windows\temp\obu7AC4.tmp not found!
File C:\Windows\temp\obu7AE4.tmp not found!
File C:\Windows\temp\obu7C3C.tmp not found!
File C:\Windows\temp\obuC8D7.tmp not found!
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 05 srp 2015 19:24
od bub60
A Tady je nový log RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by PC at 2015-08-05 20:29:29
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 29 GB (25%) free of 114 GB
Total RAM: 8159 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:29:31, on 5.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\PC\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Safe Money Plugin - {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Viber] "C:\Users\PC\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [SafeInCloud] "C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe" /auto-start
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O4 - Global Startup: Canon LBP5100 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAC6LAD.EXE
O4 - Global Startup: Dell Display Manager.lnk = C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
O4 - Global Startup: Philips SA4VBE Device Manager.lnk = C:\Program Files (x86)\Philips\GoGear SA4VBE Device Manager\GoGear_SA4VBE_DeviceManager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nová poznámka - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Vystřihnout obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Vystřihnout URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Vystřihnout záložku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Virtuální klávesnice - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Služba Kaspersky Anti-Virus 15.0.2 (AVP15.0.2) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 15358 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files\Tablet\Wacom\WTabletServicePro.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe" -r
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe"
taskeng.exe {BA914723-3FEE-46EB-BC39-F5251092CC02}
taskeng.exe {01A595E2-0C56-46C1-9B78-203126BA0F8B}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\CNAC6RPD.EXE
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe" -hidden
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe"
"C:\Program Files\Tablet\Wacom\WacomHost.exe" "C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\PC\AppData\Local\Viber\Viber.exe" StartMinimized
KHALMNPR.EXE /API
"C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe" /auto-start
"C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe"
"C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
"C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\splwow64.exe 8192
"C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7768 CREDAT:267521 /prefetch:2
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9a56eea0-bc93-4117-a6c6-203504575943 -SystemEventPortName:HostProcess-5a7422a8-87ae-4db3-bfdd-f6668c79897c -IoCancelEventPortName:HostProcess-a4b7fb06-4afa-4b55-873b-f0535a269771 -NonStateChangingEventPortName:HostProcess-fd391e01-e393-4705-80f0-00add9cde56c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:cb6859e6-3d48-4e9d-bbe9-62ec1967a9c6 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2651325880-1400402914-218468842-10004_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2651325880-1400402914-218468842-10004 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9V6NKJBV\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2651325880-1400402914-218468842-1000Core.job - C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2651325880-1400402914-218468842-1000UA.job - C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\hh53w9lz.default

prefs.js - "browser.startup.homepage" - "seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin]
"Description"=
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45]
"Description"=
"Path"=C:\Windows\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\wacom.com/WacomTabletPlugin]
"Description"=
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23 1865000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93BC2EA7-2F17-4729-948A-D2E03FFB2412}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23 1865000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23 1865000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-15 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01 629256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93BC2EA7-2F17-4729-948A-D2E03FFB2412}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-15 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-19 11613288]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1744152]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-05 2345848]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 2320752]
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2013-08-21 519504]
"MFNetworkScanUtility"=C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [2012-09-27 486552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Service 16"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-06-16 833024]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-06-02 28785792]
"Viber"=C:\Users\PC\AppData\Local\Viber\Viber.exe [2015-06-10 80035536]
"Dropbox Update"=C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 134512]
"SafeInCloud"=C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe [2015-06-30 2664960]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-07-17 8418584]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [2015-07-12 563416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 660360]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1637496]
"PMBVolumeWatcher"=C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2013-04-24 740888]
"Philips Device Listener"=C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [2012-03-19 380416]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2014-03-05 7830704]
"AcronisTibMounterMonitor"=C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [2013-10-10 1104104]
""= []
"Display"=C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [2012-01-24 284024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
Canon LBP5100 Status Window.lnk - C:\Windows\System32\spool\drivers\x64\3\CNAC6LAD.EXE
Dell Display Manager.lnk - C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
Philips SA4VBE Device Manager.lnk - C:\Program Files (x86)\Philips\GoGear SA4VBE Device Manager\GoGear_SA4VBE_DeviceManager.exe

C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 68376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera]
"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-05 20:20:02 ----D---- C:\_OTM
2015-08-05 17:25:26 ----D---- C:\AdwCleaner
2015-08-05 16:12:36 ----D---- C:\rsit
2015-08-05 16:12:36 ----D---- C:\Program Files\trend micro
2015-08-05 10:50:50 ----A---- C:\Windows\system32\klfphc.dll
2015-08-05 10:50:46 ----D---- C:\Windows\ELAMBKUP
2015-08-05 10:50:46 ----D---- C:\ProgramData\Kaspersky Lab
2015-08-05 10:50:46 ----D---- C:\Program Files (x86)\Kaspersky Lab
2015-08-05 10:50:45 ----A---- C:\ProgramData\ntuser.dat
2015-08-05 10:50:42 ----A---- C:\Windows\system32\drivers\klif.sys
2015-08-05 10:50:42 ----A---- C:\Windows\system32\drivers\klflt.sys
2015-08-05 08:32:15 ----D---- C:\Program Files\CCleaner
2015-07-29 08:23:59 ----A---- C:\Windows\system32\invagent.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\generaltel.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\devinv.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-07-29 08:23:59 ----A---- C:\Windows\system32\appraiser.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\aepdu.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\aeinv.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\acmigration.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\lpk.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\fontsub.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\dciman32.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\atmlib.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\atmfd.dll
2015-07-15 08:34:56 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-07-15 08:34:55 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-07-15 08:34:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-07-15 08:34:55 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\urlmon.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\mshtml.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\ieui.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\ieframe.dll
2015-07-15 08:34:53 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-07-15 08:34:53 ----A---- C:\Windows\system32\iertutil.dll
2015-07-15 08:32:23 ----A---- C:\Windows\SYSWOW64\cewmdm.dll
2015-07-15 08:32:23 ----A---- C:\Windows\system32\cewmdm.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuwebv.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wups2.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wups.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wudriver.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wucltux.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuaueng.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuauclt.exe
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuapp.exe
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuapi.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-07-15 08:32:05 ----A---- C:\Windows\system32\win32k.sys
2015-07-15 08:32:04 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-07-15 08:32:04 ----A---- C:\Windows\system32\gdi32.dll
2015-07-15 08:32:03 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-07-15 08:32:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-07-15 08:32:03 ----A---- C:\Windows\system32\jscript9diag.dll
2015-07-15 08:32:03 ----A---- C:\Windows\system32\jscript9.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\iernonce.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-07-15 08:31:45 ----A---- C:\Windows\system32\ie4uinit.exe
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-07-15 08:31:44 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 08:31:44 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 08:31:44 ----A---- C:\Windows\system32\iedkcs32.dll
2015-07-15 08:31:43 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\msfeeds.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\iesetup.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\ieapfltr.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\dxtrans.dll
2015-07-15 08:31:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-07-15 08:31:42 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-07-15 08:31:42 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-07-15 08:31:42 ----A---- C:\Windows\system32\vbscript.dll
2015-07-15 08:31:42 ----A---- C:\Windows\system32\jsproxy.dll
2015-07-15 08:31:42 ----A---- C:\Windows\system32\ieUnatt.exe
2015-07-15 08:31:42 ----A---- C:\Windows\system32\dxtmsft.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\wininet.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\mshtmled.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\jscript.dll
2015-07-15 08:31:40 ----A---- C:\Windows\system32\msrating.dll
2015-07-15 08:31:40 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-07-15 08:27:50 ----A---- C:\Windows\SYSWOW64\ole32.dll
2015-07-15 08:27:50 ----A---- C:\Windows\system32\ole32.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\wintrust.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\cryptsvc.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\cryptnet.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\crypt32.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\wdigest.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\TSpkg.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\sspisrv.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\sspicli.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\schannel.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\secur32.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\rpcrt4.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\ncrypt.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\msv1_0.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\msobjs.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\msaudite.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\lsass.exe
2015-07-15 08:27:46 ----A---- C:\Windows\system32\lsasrv.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\kerberos.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\cryptbase.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\credssp.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\auditpol.exe
2015-07-15 08:27:46 ----A---- C:\Windows\system32\adtschema.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msi.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msimsg.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msihnd.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msiexec.exe
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msi.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\consent.exe
2015-07-15 08:27:42 ----A---- C:\Windows\system32\authui.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\appinfo.dll
2015-07-13 11:45:47 ----D---- C:\Program Files (x86)\GO Contact Sync Mod
2015-07-10 09:00:38 ----D---- C:\Program Files (x86)\Safe In Cloud

======List of files/folders modified in the last 1 month======

2015-08-05 20:29:31 ----D---- C:\Windows\Temp
2015-08-05 20:27:04 ----D---- C:\Windows\System32
2015-08-05 20:27:04 ----D---- C:\Windows\inf
2015-08-05 20:27:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-05 20:24:52 ----A---- C:\Windows\SYSWOW64\log.txt
2015-08-05 20:24:21 ----D---- C:\Users\PC\AppData\Roaming\Skype
2015-08-05 20:23:38 ----D---- C:\Users\PC\AppData\Roaming\Dropbox
2015-08-05 20:23:35 ----D---- C:\Users\PC\AppData\Roaming\ViberPC
2015-08-05 20:22:38 ----SHD---- C:\System Volume Information
2015-08-05 20:22:36 ----D---- C:\ProgramData\NVIDIA
2015-08-05 20:22:01 ----A---- C:\Windows\SYSWOW64\PCPELog.txt
2015-08-05 20:21:54 ----D---- C:\Windows\system32\config
2015-08-05 20:21:08 ----D---- C:\Windows\SysWOW64
2015-08-05 20:20:03 ----D---- C:\Windows\Tasks
2015-08-05 20:20:03 ----D---- C:\Program Files (x86)\Google
2015-08-05 17:30:19 ----RD---- C:\Program Files (x86)
2015-08-05 17:30:19 ----HD---- C:\ProgramData
2015-08-05 16:12:36 ----D---- C:\Program Files
2015-08-05 14:56:03 ----D---- C:\Users\PC\AppData\Roaming\TeamViewer
2015-08-05 13:27:38 ----D---- C:\Windows\system32\catroot
2015-08-05 11:05:07 ----SHD---- C:\Windows\Installer
2015-08-05 11:05:06 ----D---- C:\Windows\system32\drivers
2015-08-05 11:05:02 ----D---- C:\Windows\system32\DriverStore
2015-08-05 10:50:46 ----D---- C:\Windows
2015-08-05 10:48:33 ----D---- C:\ProgramData\AVAST Software
2015-08-05 08:34:18 ----D---- C:\Windows\Panther
2015-08-05 08:34:18 ----D---- C:\Windows\Minidump
2015-08-05 08:34:18 ----D---- C:\Windows\Logs
2015-08-05 08:34:18 ----D---- C:\Windows\debug
2015-08-05 08:32:17 ----D---- C:\Windows\system32\Tasks
2015-07-29 14:25:41 ----SD---- C:\Windows\system32\CompatTel
2015-07-29 08:23:42 ----D---- C:\Windows\winsxs
2015-07-29 08:23:22 ----D---- C:\Windows\SoftwareDistribution
2015-07-28 17:49:34 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-07-28 14:01:59 ----D---- C:\Users\PC\AppData\Roaming\GoContactSyncMOD
2015-07-27 08:18:09 ----SD---- C:\Windows\system32\GWX
2015-07-16 13:16:50 ----D---- C:\Windows\rescache
2015-07-16 07:58:57 ----SD---- C:\Windows\SYSWOW64\GWX
2015-07-16 07:58:57 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-07-16 07:58:57 ----D---- C:\Windows\system32\cs-CZ
2015-07-16 07:58:57 ----D---- C:\Windows\PolicyDefinitions
2015-07-16 07:58:56 ----D---- C:\Windows\SYSWOW64\en-US
2015-07-16 07:58:56 ----D---- C:\Windows\system32\wbem
2015-07-16 07:58:56 ----D---- C:\Windows\system32\en-US
2015-07-16 07:58:56 ----D---- C:\Windows\system32\appraiser
2015-07-16 07:58:56 ----D---- C:\Windows\AppPatch
2015-07-16 07:58:56 ----D---- C:\Program Files\Internet Explorer
2015-07-16 07:58:56 ----D---- C:\Program Files (x86)\Internet Explorer
2015-07-15 19:16:18 ----D---- C:\ProgramData\Microsoft Help
2015-07-15 19:14:02 ----D---- C:\Windows\system32\MRT
2015-07-15 11:14:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-07-15 08:27:25 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK); C:\Windows\system32\DRIVERS\cm_km_w.sys [2015-08-05 247016]
R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2013-11-25 116000]
R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2015-08-05 478392]
R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [2010-10-06 179752]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2013-11-25 269600]
R0 tib;Acronis TIB Manager; C:\Windows\system32\DRIVERS\tib.sys [2013-11-25 1120032]
R0 tib_mounter;Acronis TIB Mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [2013-11-25 198432]
R0 vididr;Acronis Virtual Disk; C:\Windows\system32\DRIVERS\vididr.sys [2013-11-25 161568]
R0 vidsflt;Acronis Disk Storage Filter; C:\Windows\system32\DRIVERS\vidsflt.sys [2013-11-25 117024]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 klhk;klhk; C:\Windows\system32\DRIVERS\klhk.sys [2015-08-05 225976]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2015-08-05 850608]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2015-08-05 39280]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2015-08-05 24944]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2015-08-05 65208]
R1 Klwtp;Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [2015-08-05 85360]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2015-08-05 190648]
R2 kldisk;kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [2015-08-05 64368]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2014-03-28 367200]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2009-11-05 27512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-23 2565736]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-08-05 159960]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2015-08-05 40304]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2015-08-05 39280]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 66840]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 60696]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-12-19 194488]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64k.sys [2009-11-05 34160]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2011-03-18 74376]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-03-18 85384]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
S3 hidkmdf;KMDF Driver; C:\Windows\system32\DRIVERS\hidkmdf.sys [2014-03-17 14136]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
S3 HtcVCom32;HTC Diagnostic Port; C:\Windows\system32\DRIVERS\HtcVComV64.sys [2010-03-09 121800]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2014-03-28 1464096]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WacHidRouter;Wacom Hid Router; C:\Windows\system32\DRIVERS\wachidrouter.sys [2014-03-17 95032]
S3 wacomrouterfilter;Wacom Router Filter Driver; C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [2014-03-17 15160]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 klkbdflt2;Kaspersky Lab KlKbdFlt2; C:\Windows\system32\DRIVERS\klkbdflt2.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2013-08-21 1144688]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-04-30 81088]
R2 afcdpsrv;Acronis Nonstop Backup Service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-03-28 3869688]
R2 APC Data Service;APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 AVP15.0.2;Služba Kaspersky Anti-Virus 15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [2015-08-05 194000]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-03-15 877856]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-04-24 483864]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
R2 syncagentsrv;Acronis Sync Agent Service; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-02-04 7149264]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 268976]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-02-26 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-06-20 114688]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 359192]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-06-29 148080]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 RapiMgr;Připojení zařízení se systémem Windows Mobile; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-08 1255736]
S3 WcesComm;Připojení zařízení se systémem Windows Mobile 2003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 05 srp 2015 20:28
od Rudy
Dvouklikem na soubor C:\Program Files\trend micro\PC.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 06 srp 2015 07:24
od bub60
Registry jsem vyčistil. Pro kontrolu přikládám nový log. Můžete potvrdit, že je počítač čistý?
Předem Děkuji.

Logfile of random's system information tool 1.10 (written by random/random)
Run by PC at 2015-08-06 08:29:05
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 29 GB (25%) free of 114 GB
Total RAM: 8159 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:29:06, on 6.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\PC\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\trend micro\PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Safe Money Plugin - {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Viber] "C:\Users\PC\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [SafeInCloud] "C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe" /auto-start
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O4 - Global Startup: Canon LBP5100 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAC6LAD.EXE
O4 - Global Startup: Dell Display Manager.lnk = C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
O4 - Global Startup: Philips SA4VBE Device Manager.lnk = C:\Program Files (x86)\Philips\GoGear SA4VBE Device Manager\GoGear_SA4VBE_DeviceManager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nová poznámka - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Vystřihnout obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Vystřihnout URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Vystřihnout záložku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Virtuální klávesnice - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Služba Kaspersky Anti-Virus 15.0.2 (AVP15.0.2) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 15359 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files\Tablet\Wacom\WTabletServicePro.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
taskeng.exe {00F1C8B9-E169-4D66-AC38-076CA775090C}
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
taskeng.exe {E8311E5D-8B79-4779-96E7-D6BB65BCFB98}
"C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe" -r
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe"
C:\Windows\system32\CNAC6RPD.EXE
"C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe" -hidden
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
KHALMNPR.EXE /API
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\PC\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe" /auto-start
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe"
"C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
"C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe"
"C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe"
C:\Windows\splwow64.exe 8192
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE"
"C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6044 CREDAT:267521 /prefetch:2
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-021989b8-aae4-4495-a471-8181e7133cff -SystemEventPortName:HostProcess-1c3ffa48-7c2f-4347-b61a-a42f821b9652 -IoCancelEventPortName:HostProcess-6cf93195-31f6-4154-a2e6-814e933e7202 -NonStateChangingEventPortName:HostProcess-edb80007-a2f3-4fe5-b565-927854690e16 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:752df2cd-7523-415c-81cd-27d92a3e2ea0 -DeviceGroupId:WpdFsGroup
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\Macromed\Flash\FlashUtil64_18_0_0_209_ActiveX.exe -Embedding
"C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe"
"C:\Program Files\Tablet\Wacom\WacomHost.exe" "C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6044 CREDAT:2168080 /prefetch:2
taskmgr.exe /3
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\DllHost.exe /Processid:{1EF75F33-893B-4E8F-9655-C3D602BA4897}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\PC\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2651325880-1400402914-218468842-1000Core.job - C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2651325880-1400402914-218468842-1000UA.job - C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\hh53w9lz.default

prefs.js - "browser.startup.homepage" - "seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin]
"Description"=
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45]
"Description"=
"Path"=C:\Windows\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\wacom.com/WacomTabletPlugin]
"Description"=
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23 1865000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93BC2EA7-2F17-4729-948A-D2E03FFB2412}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23 1865000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23 1865000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-15 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01 629256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93BC2EA7-2F17-4729-948A-D2E03FFB2412}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-15 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-19 11613288]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1744152]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-05 2345848]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 2320752]
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2013-08-21 519504]
"MFNetworkScanUtility"=C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [2012-09-27 486552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Service 16"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-06-16 833024]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-06-02 28785792]
"Viber"=C:\Users\PC\AppData\Local\Viber\Viber.exe [2015-06-10 80035536]
"Dropbox Update"=C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 134512]
"SafeInCloud"=C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe [2015-06-30 2664960]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-07-17 8418584]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [2015-07-12 563416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 660360]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1637496]
"PMBVolumeWatcher"=C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2013-04-24 740888]
"Philips Device Listener"=C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [2012-03-19 380416]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2014-03-05 7830704]
"AcronisTibMounterMonitor"=C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [2013-10-10 1104104]
""= []
"Display"=C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [2012-01-24 284024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
Canon LBP5100 Status Window.lnk - C:\Windows\System32\spool\drivers\x64\3\CNAC6LAD.EXE
Dell Display Manager.lnk - C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
Philips SA4VBE Device Manager.lnk - C:\Program Files (x86)\Philips\GoGear SA4VBE Device Manager\GoGear_SA4VBE_DeviceManager.exe

C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 68376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera]
"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-06 08:24:34 ----D---- C:\rsit
2015-08-05 17:25:26 ----D---- C:\AdwCleaner
2015-08-05 16:12:36 ----D---- C:\Program Files\trend micro
2015-08-05 10:50:50 ----A---- C:\Windows\system32\klfphc.dll
2015-08-05 10:50:46 ----D---- C:\Windows\ELAMBKUP
2015-08-05 10:50:46 ----D---- C:\ProgramData\Kaspersky Lab
2015-08-05 10:50:46 ----D---- C:\Program Files (x86)\Kaspersky Lab
2015-08-05 10:50:45 ----A---- C:\ProgramData\ntuser.dat
2015-08-05 10:50:42 ----A---- C:\Windows\system32\drivers\klif.sys
2015-08-05 10:50:42 ----A---- C:\Windows\system32\drivers\klflt.sys
2015-08-05 08:32:15 ----D---- C:\Program Files\CCleaner
2015-07-29 08:23:59 ----A---- C:\Windows\system32\invagent.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\generaltel.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\devinv.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-07-29 08:23:59 ----A---- C:\Windows\system32\appraiser.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\aepdu.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\aeinv.dll
2015-07-29 08:23:59 ----A---- C:\Windows\system32\acmigration.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-07-21 08:15:27 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\lpk.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\fontsub.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\dciman32.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\atmlib.dll
2015-07-21 08:15:27 ----A---- C:\Windows\system32\atmfd.dll
2015-07-15 08:34:56 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-07-15 08:34:55 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-07-15 08:34:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-07-15 08:34:55 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\urlmon.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\mshtml.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\ieui.dll
2015-07-15 08:34:54 ----A---- C:\Windows\system32\ieframe.dll
2015-07-15 08:34:53 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-07-15 08:34:53 ----A---- C:\Windows\system32\iertutil.dll
2015-07-15 08:32:23 ----A---- C:\Windows\SYSWOW64\cewmdm.dll
2015-07-15 08:32:23 ----A---- C:\Windows\system32\cewmdm.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-07-15 08:32:22 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuwebv.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wups2.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wups.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wudriver.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wucltux.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuaueng.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuauclt.exe
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuapp.exe
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wuapi.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 08:32:22 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-07-15 08:32:05 ----A---- C:\Windows\system32\win32k.sys
2015-07-15 08:32:04 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-07-15 08:32:04 ----A---- C:\Windows\system32\gdi32.dll
2015-07-15 08:32:03 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-07-15 08:32:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-07-15 08:32:03 ----A---- C:\Windows\system32\jscript9diag.dll
2015-07-15 08:32:03 ----A---- C:\Windows\system32\jscript9.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-07-15 08:31:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\iernonce.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-07-15 08:31:45 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-07-15 08:31:45 ----A---- C:\Windows\system32\ie4uinit.exe
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-07-15 08:31:44 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-07-15 08:31:44 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 08:31:44 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 08:31:44 ----A---- C:\Windows\system32\iedkcs32.dll
2015-07-15 08:31:43 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\msfeeds.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\iesetup.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\ieapfltr.dll
2015-07-15 08:31:43 ----A---- C:\Windows\system32\dxtrans.dll
2015-07-15 08:31:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-07-15 08:31:42 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-07-15 08:31:42 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-07-15 08:31:42 ----A---- C:\Windows\system32\vbscript.dll
2015-07-15 08:31:42 ----A---- C:\Windows\system32\jsproxy.dll
2015-07-15 08:31:42 ----A---- C:\Windows\system32\ieUnatt.exe
2015-07-15 08:31:42 ----A---- C:\Windows\system32\dxtmsft.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\wininet.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\mshtmled.dll
2015-07-15 08:31:41 ----A---- C:\Windows\system32\jscript.dll
2015-07-15 08:31:40 ----A---- C:\Windows\system32\msrating.dll
2015-07-15 08:31:40 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-07-15 08:27:50 ----A---- C:\Windows\SYSWOW64\ole32.dll
2015-07-15 08:27:50 ----A---- C:\Windows\system32\ole32.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-07-15 08:27:49 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\wintrust.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\cryptsvc.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\cryptnet.dll
2015-07-15 08:27:49 ----A---- C:\Windows\system32\crypt32.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-07-15 08:27:46 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\wdigest.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\TSpkg.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\sspisrv.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\sspicli.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\schannel.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\secur32.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\rpcrt4.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\ncrypt.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\msv1_0.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\msobjs.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\msaudite.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\lsass.exe
2015-07-15 08:27:46 ----A---- C:\Windows\system32\lsasrv.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\kerberos.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-07-15 08:27:46 ----A---- C:\Windows\system32\cryptbase.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\credssp.dll
2015-07-15 08:27:46 ----A---- C:\Windows\system32\auditpol.exe
2015-07-15 08:27:46 ----A---- C:\Windows\system32\adtschema.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\msi.dll
2015-07-15 08:27:42 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msimsg.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msihnd.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msiexec.exe
2015-07-15 08:27:42 ----A---- C:\Windows\system32\msi.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\consent.exe
2015-07-15 08:27:42 ----A---- C:\Windows\system32\authui.dll
2015-07-15 08:27:42 ----A---- C:\Windows\system32\appinfo.dll
2015-07-13 11:45:47 ----D---- C:\Program Files (x86)\GO Contact Sync Mod
2015-07-10 09:00:38 ----D---- C:\Program Files (x86)\Safe In Cloud

======List of files/folders modified in the last 1 month======

2015-08-06 08:29:05 ----D---- C:\Windows\Temp
2015-08-06 08:23:16 ----D---- C:\Windows\System32
2015-08-06 08:23:16 ----D---- C:\Windows\inf
2015-08-06 08:23:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-06 08:21:49 ----D---- C:\Windows\system32\config
2015-08-06 08:20:59 ----A---- C:\Windows\SYSWOW64\log.txt
2015-08-06 08:19:39 ----D---- C:\Users\PC\AppData\Roaming\Skype
2015-08-06 08:18:29 ----D---- C:\Users\PC\AppData\Roaming\Dropbox
2015-08-06 08:18:21 ----D---- C:\Users\PC\AppData\Roaming\ViberPC
2015-08-06 08:18:13 ----SHD---- C:\System Volume Information
2015-08-06 08:18:11 ----D---- C:\ProgramData\NVIDIA
2015-08-05 20:57:00 ----A---- C:\Windows\SYSWOW64\PCPELog.txt
2015-08-05 20:21:08 ----D---- C:\Windows\SysWOW64
2015-08-05 20:20:03 ----D---- C:\Windows\Tasks
2015-08-05 20:20:03 ----D---- C:\Program Files (x86)\Google
2015-08-05 17:30:19 ----RD---- C:\Program Files (x86)
2015-08-05 17:30:19 ----HD---- C:\ProgramData
2015-08-05 16:12:36 ----D---- C:\Program Files
2015-08-05 14:56:03 ----D---- C:\Users\PC\AppData\Roaming\TeamViewer
2015-08-05 13:27:38 ----D---- C:\Windows\system32\catroot
2015-08-05 11:05:07 ----SHD---- C:\Windows\Installer
2015-08-05 11:05:06 ----D---- C:\Windows\system32\drivers
2015-08-05 11:05:02 ----D---- C:\Windows\system32\DriverStore
2015-08-05 10:50:46 ----D---- C:\Windows
2015-08-05 10:48:33 ----D---- C:\ProgramData\AVAST Software
2015-08-05 08:34:18 ----D---- C:\Windows\Panther
2015-08-05 08:34:18 ----D---- C:\Windows\Minidump
2015-08-05 08:34:18 ----D---- C:\Windows\Logs
2015-08-05 08:34:18 ----D---- C:\Windows\debug
2015-08-05 08:32:17 ----D---- C:\Windows\system32\Tasks
2015-07-29 14:25:41 ----SD---- C:\Windows\system32\CompatTel
2015-07-29 08:23:42 ----D---- C:\Windows\winsxs
2015-07-29 08:23:22 ----D---- C:\Windows\SoftwareDistribution
2015-07-28 17:49:34 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-07-28 14:01:59 ----D---- C:\Users\PC\AppData\Roaming\GoContactSyncMOD
2015-07-27 08:18:09 ----SD---- C:\Windows\system32\GWX
2015-07-16 13:16:50 ----D---- C:\Windows\rescache
2015-07-16 07:58:57 ----SD---- C:\Windows\SYSWOW64\GWX
2015-07-16 07:58:57 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-07-16 07:58:57 ----D---- C:\Windows\system32\cs-CZ
2015-07-16 07:58:57 ----D---- C:\Windows\PolicyDefinitions
2015-07-16 07:58:56 ----D---- C:\Windows\SYSWOW64\en-US
2015-07-16 07:58:56 ----D---- C:\Windows\system32\wbem
2015-07-16 07:58:56 ----D---- C:\Windows\system32\en-US
2015-07-16 07:58:56 ----D---- C:\Windows\system32\appraiser
2015-07-16 07:58:56 ----D---- C:\Windows\AppPatch
2015-07-16 07:58:56 ----D---- C:\Program Files\Internet Explorer
2015-07-16 07:58:56 ----D---- C:\Program Files (x86)\Internet Explorer
2015-07-15 19:16:18 ----D---- C:\ProgramData\Microsoft Help
2015-07-15 19:14:02 ----D---- C:\Windows\system32\MRT
2015-07-15 11:14:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-07-15 08:27:25 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK); C:\Windows\system32\DRIVERS\cm_km_w.sys [2015-08-05 247016]
R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2013-11-25 116000]
R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2015-08-05 478392]
R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [2010-10-06 179752]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2013-11-25 269600]
R0 tib;Acronis TIB Manager; C:\Windows\system32\DRIVERS\tib.sys [2013-11-25 1120032]
R0 tib_mounter;Acronis TIB Mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [2013-11-25 198432]
R0 vididr;Acronis Virtual Disk; C:\Windows\system32\DRIVERS\vididr.sys [2013-11-25 161568]
R0 vidsflt;Acronis Disk Storage Filter; C:\Windows\system32\DRIVERS\vidsflt.sys [2013-11-25 117024]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 klhk;klhk; C:\Windows\system32\DRIVERS\klhk.sys [2015-08-05 225976]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2015-08-05 850608]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2015-08-05 39280]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2015-08-05 24944]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2015-08-05 65208]
R1 Klwtp;Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [2015-08-05 85360]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2015-08-05 190648]
R2 kldisk;kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [2015-08-05 64368]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2014-03-28 367200]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2009-11-05 27512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-23 2565736]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-08-05 159960]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2015-08-05 40304]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2015-08-05 39280]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 66840]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 60696]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-12-19 194488]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64k.sys [2009-11-05 34160]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2011-03-18 74376]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-03-18 85384]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
S3 hidkmdf;KMDF Driver; C:\Windows\system32\DRIVERS\hidkmdf.sys [2014-03-17 14136]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
S3 HtcVCom32;HTC Diagnostic Port; C:\Windows\system32\DRIVERS\HtcVComV64.sys [2010-03-09 121800]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2014-03-28 1464096]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WacHidRouter;Wacom Hid Router; C:\Windows\system32\DRIVERS\wachidrouter.sys [2014-03-17 95032]
S3 wacomrouterfilter;Wacom Router Filter Driver; C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [2014-03-17 15160]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 klkbdflt2;Kaspersky Lab KlKbdFlt2; C:\Windows\system32\DRIVERS\klkbdflt2.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2013-08-21 1144688]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-04-30 81088]
R2 afcdpsrv;Acronis Nonstop Backup Service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-03-28 3869688]
R2 APC Data Service;APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 AVP15.0.2;Služba Kaspersky Anti-Virus 15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [2015-08-05 194000]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-03-15 877856]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-04-24 483864]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
R2 syncagentsrv;Acronis Sync Agent Service; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-02-04 7149264]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 268976]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-02-26 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-06-20 114688]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 359192]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-06-29 148080]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 RapiMgr;Připojení zařízení se systémem Windows Mobile; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-08 1255736]
S3 WcesComm;Připojení zařízení se systémem Windows Mobile 2003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 06 srp 2015 16:35
od Rudy
Ještě bych pro jistotu udělal kompletní sken MBAM: http://www.malwarebytes.org/mbam.php . Dejte log a předem nic nemažte.

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 06 srp 2015 16:57
od bub60
Děkuji, mohu považovat PC za bezpečný? Ještě jednou velice děkuji.
Přikládám log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 6.8.2015
Čas skenování: 17:52
Protokol: Malwarebytes.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.06.05
Databáze rootkitů: v2015.08.04.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: PC

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 403841
Uplynulý čas: 5 min, 35 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 4
PUP.Optional.IFEO.F, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOLARO, , [7528a362bfcc5adc42780d9f0ef64ab6],
PUP.Optional.IFEO.F, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VONTEERA, , [0598fe07f497fa3cf6c5218bbb49a759],
PUP.Optional.IFEO.F, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOLARO, , [25787c89d2b966d07d3d35773dc7c53b],
PUP.Optional.IFEO.F, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VONTEERA, , [4a53fd085d2ea6902c8f842849bb7d83],

Hodnoty registru: 4
PUP.Optional.IFEO.F, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOLARO|debugger, tasklist.exe, , [7528a362bfcc5adc42780d9f0ef64ab6]
PUP.Optional.IFEO.F, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VONTEERA|debugger, tasklist.exe, , [0598fe07f497fa3cf6c5218bbb49a759]
PUP.Optional.IFEO.F, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOLARO|debugger, tasklist.exe, , [25787c89d2b966d07d3d35773dc7c53b]
PUP.Optional.IFEO.F, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VONTEERA|debugger, tasklist.exe, , [4a53fd085d2ea6902c8f842849bb7d83]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 06 srp 2015 17:40
od Rudy
Všechny nalezné položky smažte. Tím by měl být PC čistý.

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 07 srp 2015 07:48
od bub60
Velice děkuji. :-)

Re: podezreneni na Trojan-Downloader.MSWord.Agent.qd

Napsal: 07 srp 2015 17:07
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz