prosím o kontrolu

Zpráva

shrike · #1 Příspěvek od **shrike** » 27 led 2017 00:01

Prosím o kontrolu logu. Otevřel jsem špatný mail a mám podezření že něco běží v pozadí.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Henrich at 2017-01-26 23:51:42
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 536 GB (77%) free of 699 GB
Total RAM: 8105 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:51:43, on 26.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Users\Henrich\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Henrich.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [YouCam Mirage] "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [HP File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKCU\..\Run: [BingSvc] C:\Users\Henrich\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Služba HP Trust Circles (CreoService) - CryptoMill Technologies Ltd. - C:\Program Files\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
O23 - Service: Absolute Software Agent Service (CtAgentService) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP File Sanitizer (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP CASL Framework Service (hpqcaslwmiex) - HP - C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13923 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
atieclxx
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 23499504
\??\C:\Windows\system32\conhost.exe "-1510647222897192560-2130625110-685290175-519938487-17524098062128275819-509475200
"C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE" "C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe"
C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files\Hewlett-Packard\HP Trust Circles\CreoSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe"
"c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe"
"c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Windows\system32\Dwm.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\Windows\Explorer.EXE
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE"
"C:\Windows\RtsCM64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Users\Henrich\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Windows\SysWOW64\RunDll32.exe" "c:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
rundll32 "C:\Program Files\ESET\ESET Smart Security\x86\eplgHooks.dll",Proc32_HooksLoop
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
-Minimized
"c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\HP\Shared\hpqwmiex.exe"
taskeng.exe {EEF291CE-77DA-465D-86BA-733F0B121E0B}
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Henrich\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\HPCeeScheduleForHenrich.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForHenrich (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Henrich\AppData\Roaming\Mozilla\Firefox\Profiles\iu8qkcj6.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\digitalpersona.com/ChromeDPAgent]
"Description"=
"Path"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Users\Henrich\AppData\Roaming\Mozilla\Firefox\Profiles\iu8qkcj6.default\extensions\
bingsearch.full@microsoft.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13 229064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01 896288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01 2351920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23 440712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
HP File Sanitizer - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-08-07 129240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01 720160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23 416320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2013-08-16 1703424]
"Broadcom Wireless Manager UI"=C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [2014-02-28 7032320]
"RtsCM"=C:\Windows\RTSCM64.EXE [2013-08-02 147160]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-04 2774256]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2015-06-01 36352]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2016-03-23 382072]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe []
"Persistence"=C:\Windows\system32\igfxpers.exe []
""= []
"CryptoMill Refresh"=C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"=C:\Users\Henrich\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-12 144008]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HPConnectionManager"=c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [2013-09-18 185144]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2016-10-26 296216]
"AccelerometerSysTrayApplet"=C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [2013-07-25 77088]
"YouCam Mirage"=c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe []
"YouCam Tray"=c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2013-06-24 167488]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05 111576]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2013-08-07 490760]
"HP File Sanitizer"=C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2013-08-07 2213592]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2014-05-16 336672]
""= []
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-08-19 767176]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2016-08-10 1193728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-11 22:03:33 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-01-11 22:03:33 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-01-11 22:03:33 ----A---- C:\Windows\system32\drivers\srv.sys
2017-01-11 22:03:22 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-01-11 22:03:22 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-01-11 22:03:22 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-01-11 22:03:22 ----A---- C:\Windows\system32\iertutil.dll
2017-01-11 22:03:22 ----A---- C:\Windows\system32\iernonce.dll
2017-01-11 22:03:22 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-01-11 22:03:22 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-01-11 22:03:21 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-01-11 22:03:21 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-01-11 22:03:21 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-01-11 22:03:21 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-01-11 22:03:21 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-01-11 22:03:21 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-01-11 22:03:21 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-01-11 22:03:21 ----A---- C:\Windows\system32\inseng.dll
2017-01-11 22:03:21 ----A---- C:\Windows\system32\ie4uinit.exe
2017-01-11 22:03:20 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-01-11 22:03:20 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-01-11 22:03:20 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-01-11 22:03:20 ----A---- C:\Windows\system32\UtcResources.dll
2017-01-11 22:03:20 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-01-11 22:03:19 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-01-11 22:03:19 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-01-11 22:03:19 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-01-11 22:03:19 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-01-11 22:03:19 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-01-11 22:03:19 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-01-11 22:03:19 ----A---- C:\Windows\system32\urlmon.dll
2017-01-11 22:03:19 ----A---- C:\Windows\system32\occache.dll
2017-01-11 22:03:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-01-11 22:03:19 ----A---- C:\Windows\system32\iedkcs32.dll
2017-01-11 22:03:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-01-11 22:03:18 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-01-11 22:03:18 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-01-11 22:03:18 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-01-11 22:03:18 ----A---- C:\Windows\system32\msfeeds.dll
2017-01-11 22:03:18 ----A---- C:\Windows\system32\iesetup.dll
2017-01-11 22:03:18 ----A---- C:\Windows\system32\ieapfltr.dll
2017-01-11 22:03:18 ----A---- C:\Windows\system32\dxtrans.dll
2017-01-11 22:03:18 ----A---- C:\Windows\system32\diagtrack.dll
2017-01-11 22:03:17 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-01-11 22:03:17 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-01-11 22:03:17 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-01-11 22:03:17 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-01-11 22:03:17 ----A---- C:\Windows\system32\vbscript.dll
2017-01-11 22:03:17 ----A---- C:\Windows\system32\jsproxy.dll
2017-01-11 22:03:17 ----A---- C:\Windows\system32\ieUnatt.exe
2017-01-11 22:03:16 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-01-11 22:03:16 ----A---- C:\Windows\system32\ieui.dll
2017-01-11 22:03:16 ----A---- C:\Windows\system32\ieframe.dll
2017-01-11 22:03:16 ----A---- C:\Windows\system32\dxtmsft.dll
2017-01-11 22:03:15 ----A---- C:\Windows\system32\webcheck.dll
2017-01-11 22:03:15 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-01-11 22:03:15 ----A---- C:\Windows\system32\mshtmled.dll
2017-01-11 22:03:15 ----A---- C:\Windows\system32\jscript9diag.dll
2017-01-11 22:03:15 ----A---- C:\Windows\system32\jscript9.dll
2017-01-11 22:03:15 ----A---- C:\Windows\system32\jscript.dll
2017-01-11 22:03:14 ----A---- C:\Windows\system32\wininet.dll
2017-01-11 22:03:14 ----A---- C:\Windows\system32\msrating.dll
2017-01-11 22:03:14 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-01-11 22:03:13 ----A---- C:\Windows\system32\mshtml.dll
2017-01-11 22:03:12 ----A---- C:\Windows\system32\wmp.dll
2017-01-11 22:03:11 ----A---- C:\Windows\SYSWOW64\wmp.dll
2017-01-11 22:03:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-01-11 22:03:09 ----A---- C:\Windows\SYSWOW64\mf.dll
2017-01-11 22:03:09 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2017-01-11 22:03:09 ----A---- C:\Windows\system32\win32k.sys
2017-01-11 22:03:09 ----A---- C:\Windows\system32\MSVidCtl.dll
2017-01-11 22:03:09 ----A---- C:\Windows\system32\mf.dll
2017-01-11 22:03:09 ----A---- C:\Windows\system32\FntCache.dll
2017-01-11 22:03:09 ----A---- C:\Windows\system32\DWrite.dll
2017-01-11 22:03:09 ----A---- C:\Windows\system32\blackbox.dll
2017-01-11 22:03:08 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-01-11 22:03:08 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-01-11 22:03:08 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2017-01-11 22:03:08 ----A---- C:\Windows\system32\WsmSvc.dll
2017-01-11 22:03:08 ----A---- C:\Windows\system32\drmv2clt.dll
2017-01-11 22:03:07 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2017-01-11 22:03:07 ----A---- C:\Windows\SYSWOW64\msi.dll
2017-01-11 22:03:07 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2017-01-11 22:03:07 ----A---- C:\Windows\system32\ntdll.dll
2017-01-11 22:03:07 ----A---- C:\Windows\system32\msi.dll
2017-01-11 22:03:06 ----A---- C:\Windows\SYSWOW64\MSVidCtl.dll
2017-01-11 22:03:06 ----A---- C:\Windows\system32\scavengeui.dll
2017-01-11 22:03:06 ----A---- C:\Windows\system32\quartz.dll
2017-01-11 22:03:06 ----A---- C:\Windows\system32\crypt32.dll
2017-01-11 22:03:05 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-01-11 22:03:05 ----A---- C:\Windows\system32\wmdrmsdk.dll
2017-01-11 22:03:05 ----A---- C:\Windows\system32\lsasrv.dll
2017-01-11 22:03:04 ----A---- C:\Windows\system32\rpcrt4.dll
2017-01-11 22:03:03 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2017-01-11 22:03:02 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-01-11 22:03:00 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2017-01-11 22:02:59 ----A---- C:\Windows\system32\winload.exe
2017-01-11 22:02:59 ----A---- C:\Windows\system32\win32spl.dll
2017-01-11 22:02:59 ----A---- C:\Windows\system32\oleaut32.dll
2017-01-11 22:02:59 ----A---- C:\Windows\system32\msctf.dll
2017-01-11 22:02:59 ----A---- C:\Windows\system32\kernel32.dll
2017-01-11 22:02:59 ----A---- C:\Windows\system32\authui.dll
2017-01-11 22:02:59 ----A---- C:\Windows\system32\audiosrv.dll
2017-01-11 22:02:59 ----A---- C:\Windows\system32\advapi32.dll
2017-01-11 22:02:58 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-01-11 22:02:58 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2017-01-11 22:02:58 ----A---- C:\Windows\SYSWOW64\msctf.dll
2017-01-11 22:02:58 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2017-01-11 22:02:58 ----A---- C:\Windows\SYSWOW64\evr.dll
2017-01-11 22:02:58 ----A---- C:\Windows\SYSWOW64\authui.dll
2017-01-11 22:02:58 ----A---- C:\Windows\system32\UIAnimation.dll
2017-01-11 22:02:58 ----A---- C:\Windows\system32\schannel.dll
2017-01-11 22:02:58 ----A---- C:\Windows\system32\KernelBase.dll
2017-01-11 22:02:58 ----A---- C:\Windows\system32\kerberos.dll
2017-01-11 22:02:58 ----A---- C:\Windows\system32\inetcomm.dll
2017-01-11 22:02:58 ----A---- C:\Windows\system32\AUDIOKSE.dll
2017-01-11 22:02:57 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2017-01-11 22:02:57 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-01-11 22:02:57 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2017-01-11 22:02:57 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2017-01-11 22:02:57 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-01-11 22:02:57 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-01-11 22:02:57 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2017-01-11 22:02:57 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2017-01-11 22:02:57 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2017-01-11 22:02:57 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-01-11 22:02:57 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-01-11 22:02:57 ----A---- C:\Windows\system32\WsmWmiPl.dll
2017-01-11 22:02:57 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2017-01-11 22:02:57 ----A---- C:\Windows\system32\wintrust.dll
2017-01-11 22:02:57 ----A---- C:\Windows\system32\WebClnt.dll
2017-01-11 22:02:57 ----A---- C:\Windows\system32\user32.dll
2017-01-11 22:02:57 ----A---- C:\Windows\system32\msv1_0.dll
2017-01-11 22:02:57 ----A---- C:\Windows\system32\IMJP10K.DLL
2017-01-11 22:02:57 ----A---- C:\Windows\system32\gdi32.dll
2017-01-11 22:02:57 ----A---- C:\Windows\system32\evr.dll
2017-01-11 22:02:57 ----A---- C:\Windows\system32\drmmgrtn.dll
2017-01-11 22:02:57 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2017-01-11 22:02:57 ----A---- C:\Windows\system32\cryptsvc.dll
2017-01-11 22:02:57 ----A---- C:\Windows\system32\clfs.sys
2017-01-11 22:02:57 ----A---- C:\Windows\system32\atmfd.dll
2017-01-11 22:02:56 ----A---- C:\Windows\SYSWOW64\WsmWmiPl.dll
2017-01-11 22:02:56 ----A---- C:\Windows\SYSWOW64\WSManMigrationPlugin.dll
2017-01-11 22:02:56 ----A---- C:\Windows\SYSWOW64\WSManHTTPConfig.exe
2017-01-11 22:02:56 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2017-01-11 22:02:56 ----A---- C:\Windows\SYSWOW64\user32.dll
2017-01-11 22:02:56 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-01-11 22:02:56 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2017-01-11 22:02:56 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-01-11 22:02:56 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2017-01-11 22:02:56 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2017-01-11 22:02:56 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2017-01-11 22:02:56 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2017-01-11 22:02:56 ----A---- C:\Windows\system32\wow64win.dll
2017-01-11 22:02:56 ----A---- C:\Windows\system32\usp10.dll
2017-01-11 22:02:56 ----A---- C:\Windows\system32\srcore.dll
2017-01-11 22:02:56 ----A---- C:\Windows\system32\qdvd.dll
2017-01-11 22:02:56 ----A---- C:\Windows\system32\mfplat.dll
2017-01-11 22:02:56 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2017-01-11 22:02:56 ----A---- C:\Windows\system32\drivers\cng.sys
2017-01-11 22:02:56 ----A---- C:\Windows\system32\davclnt.dll
2017-01-11 22:02:56 ----A---- C:\Windows\system32\cryptui.dll
2017-01-11 22:02:56 ----A---- C:\Windows\system32\conhost.exe
2017-01-11 22:02:56 ----A---- C:\Windows\system32\AudioSes.dll
2017-01-11 22:02:56 ----A---- C:\Windows\system32\AudioEng.dll
2017-01-11 22:02:56 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-01-11 22:02:55 ----A---- C:\Windows\SYSWOW64\WsmAuto.dll
2017-01-11 22:02:55 ----A---- C:\Windows\SYSWOW64\usp10.dll
2017-01-11 22:02:55 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-01-11 22:02:55 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2017-01-11 22:02:55 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-01-11 22:02:55 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-01-11 22:02:55 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2017-01-11 22:02:55 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2017-01-11 22:02:55 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2017-01-11 22:02:55 ----A---- C:\Windows\system32\WsmAuto.dll
2017-01-11 22:02:55 ----A---- C:\Windows\system32\winsrv.dll
2017-01-11 22:02:55 ----A---- C:\Windows\system32\rpchttp.dll
2017-01-11 22:02:55 ----A---- C:\Windows\system32\pcasvc.dll
2017-01-11 22:02:55 ----A---- C:\Windows\system32\ncrypt.dll
2017-01-11 22:02:55 ----A---- C:\Windows\system32\msiexec.exe
2017-01-11 22:02:55 ----A---- C:\Windows\system32\EncDump.dll
2017-01-11 22:02:55 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-01-11 22:02:55 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2017-01-11 22:02:55 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-01-11 22:02:55 ----A---- C:\Windows\system32\drivers\dfsc.sys
2017-01-11 22:02:55 ----A---- C:\Windows\system32\cryptnet.dll
2017-01-11 22:02:54 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2017-01-11 22:02:54 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-01-11 22:02:54 ----A---- C:\Windows\system32\wow64.dll
2017-01-11 22:02:54 ----A---- C:\Windows\system32\wmploc.DLL
2017-01-11 22:02:54 ----A---- C:\Windows\system32\mfps.dll
2017-01-11 22:02:54 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-01-11 22:02:54 ----A---- C:\Windows\system32\consent.exe
2017-01-11 22:02:54 ----A---- C:\Windows\system32\certcli.dll
2017-01-11 22:02:54 ----A---- C:\Windows\system32\bcdedit.exe
2017-01-11 22:02:54 ----A---- C:\Windows\system32\adtschema.dll
2017-01-11 22:02:53 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-01-11 22:02:53 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-01-11 22:02:53 ----A---- C:\Windows\system32\rstrui.exe
2017-01-11 22:02:53 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-01-11 22:02:53 ----A---- C:\Windows\system32\drivers\bowser.sys
2017-01-11 22:02:53 ----A---- C:\Windows\system32\drivers\appid.sys
2017-01-11 22:02:53 ----A---- C:\Windows\system32\cryptsp.dll
2017-01-11 22:02:53 ----A---- C:\Windows\system32\audiodg.exe
2017-01-11 22:02:53 ----A---- C:\Windows\system32\appidsvc.dll
2017-01-11 22:02:52 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-01-11 22:02:52 ----A---- C:\Windows\SYSWOW64\mfps.dll
2017-01-11 22:02:52 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2017-01-11 22:02:52 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-01-11 22:02:52 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-01-11 22:02:52 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-01-11 22:02:52 ----A---- C:\Windows\SYSWOW64\adsmsext.dll
2017-01-11 22:02:52 ----A---- C:\Windows\system32\wdigest.dll
2017-01-11 22:02:52 ----A---- C:\Windows\system32\TSpkg.dll
2017-01-11 22:02:52 ----A---- C:\Windows\system32\smss.exe
2017-01-11 22:02:52 ----A---- C:\Windows\system32\input.dll
2017-01-11 22:02:52 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-01-11 22:02:52 ----A---- C:\Windows\system32\csrsrv.dll
2017-01-11 22:02:52 ----A---- C:\Windows\system32\bcrypt.dll
2017-01-11 22:02:52 ----A---- C:\Windows\system32\appinfo.dll
2017-01-11 22:02:52 ----A---- C:\Windows\system32\appidapi.dll
2017-01-11 22:02:52 ----A---- C:\Windows\system32\adsmsext.dll
2017-01-11 22:02:51 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-01-11 22:02:51 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2017-01-11 22:02:51 ----A---- C:\Windows\SYSWOW64\input.dll
2017-01-11 22:02:51 ----A---- C:\Windows\SYSWOW64\hlink.dll
2017-01-11 22:02:51 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-01-11 22:02:51 ----A---- C:\Windows\system32\msscp.dll
2017-01-11 22:02:51 ----A---- C:\Windows\system32\hlink.dll
2017-01-11 22:02:51 ----A---- C:\Windows\system32\cryptbase.dll
2017-01-11 22:02:51 ----A---- C:\Windows\system32\asycfilt.dll
2017-01-11 22:02:51 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-01-11 22:02:50 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-01-11 22:02:50 ----A---- C:\Windows\system32\msihnd.dll
2017-01-11 22:02:49 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-01-11 22:02:49 ----A---- C:\Windows\SYSWOW64\nlsbres.dll
2017-01-11 22:02:49 ----A---- C:\Windows\SYSWOW64\msscp.dll
2017-01-11 22:02:49 ----A---- C:\Windows\system32\nlsbres.dll
2017-01-11 22:02:48 ----A---- C:\Windows\system32\secur32.dll
2017-01-11 22:02:48 ----A---- C:\Windows\system32\lsass.exe
2017-01-11 22:02:47 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-01-11 22:02:47 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2017-01-11 22:02:47 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-01-11 22:02:47 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-01-11 22:02:47 ----A---- C:\Windows\system32\sspicli.dll
2017-01-11 22:02:47 ----A---- C:\Windows\system32\ntvdm64.dll
2017-01-11 22:02:47 ----A---- C:\Windows\system32\msnetobj.dll
2017-01-11 22:02:47 ----A---- C:\Windows\system32\msaudite.dll
2017-01-11 22:02:47 ----A---- C:\Windows\system32\auditpol.exe
2017-01-11 22:02:46 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-01-11 22:02:46 ----A---- C:\Windows\system32\srclient.dll
2017-01-11 22:02:45 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-01-11 22:02:45 ----A---- C:\Windows\system32\pcadm.dll
2017-01-11 22:02:45 ----A---- C:\Windows\system32\credssp.dll
2017-01-11 22:02:44 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-01-11 22:02:44 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-01-11 22:02:44 ----A---- C:\Windows\system32\rrinstaller.exe
2017-01-11 22:02:44 ----A---- C:\Windows\system32\mfpmp.exe
2017-01-11 22:02:43 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2017-01-11 22:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-01-11 22:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-01-11 22:02:42 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-01-11 22:02:42 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2017-01-11 22:02:42 ----A---- C:\Windows\system32\pcawrk.exe
2017-01-11 22:02:42 ----A---- C:\Windows\system32\atmlib.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-01-11 22:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-01-11 22:02:41 ----A---- C:\Windows\SYSWOW64\wsmprovhost.exe
2017-01-11 22:02:41 ----A---- C:\Windows\SYSWOW64\wsmplpxy.dll
2017-01-11 22:02:41 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-01-11 22:02:41 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2017-01-11 22:02:41 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-01-11 22:02:41 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-01-11 22:02:41 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-01-11 22:02:41 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-01-11 22:02:41 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-01-11 22:02:41 ----A---- C:\Windows\system32\wsmprovhost.exe
2017-01-11 22:02:41 ----A---- C:\Windows\system32\wsmplpxy.dll
2017-01-11 22:02:41 ----A---- C:\Windows\system32\wow64cpu.dll
2017-01-11 22:02:41 ----A---- C:\Windows\system32\sspisrv.dll
2017-01-11 22:02:41 ----A---- C:\Windows\system32\spwmp.dll
2017-01-11 22:02:41 ----A---- C:\Windows\system32\pcalua.exe
2017-01-11 22:02:41 ----A---- C:\Windows\system32\msmmsp.dll
2017-01-11 22:02:41 ----A---- C:\Windows\system32\lpk.dll
2017-01-11 22:02:41 ----A---- C:\Windows\system32\fontsub.dll
2017-01-11 22:02:41 ----A---- C:\Windows\system32\dxmasf.dll
2017-01-11 22:02:41 ----A---- C:\Windows\system32\dciman32.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-01-11 22:02:40 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-01-11 22:02:40 ----A---- C:\Windows\SYSWOW64\WsmRes.dll
2017-01-11 22:02:40 ----A---- C:\Windows\SYSWOW64\user.exe
2017-01-11 22:02:40 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-01-11 22:02:40 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-01-11 22:02:40 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2017-01-11 22:02:40 ----A---- C:\Windows\SYSWOW64\mferror.dll
2017-01-11 22:02:40 ----A---- C:\Windows\SYSWOW64\INETRES.dll
2017-01-11 22:02:40 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2017-01-11 22:02:40 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-01-11 22:02:40 ----A---- C:\Windows\system32\WsmRes.dll
2017-01-11 22:02:40 ----A---- C:\Windows\system32\tzres.dll
2017-01-11 22:02:40 ----A---- C:\Windows\system32\pcaevts.dll
2017-01-11 22:02:40 ----A---- C:\Windows\system32\msobjs.dll
2017-01-11 22:02:40 ----A---- C:\Windows\system32\msimsg.dll
2017-01-11 22:02:40 ----A---- C:\Windows\system32\mferror.dll
2017-01-11 22:02:40 ----A---- C:\Windows\system32\INETRES.dll
2017-01-11 22:02:40 ----A---- C:\Windows\system32\apisetschema.dll
2017-01-11 22:02:22 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2017-01-11 22:02:22 ----A---- C:\Windows\system32\poqexec.exe

======List of files/folders modified in the last 1 month======

2017-01-26 23:51:43 ----D---- C:\Windows\Temp
2017-01-26 23:51:43 ----D---- C:\Program Files\trend micro
2017-01-26 22:18:56 ----D---- C:\Windows\system32\config
2017-01-26 22:16:18 ----D---- C:\Windows\inf
2017-01-26 22:16:18 ----AD---- C:\Windows
2017-01-26 22:04:58 ----D---- C:\ProgramData\PDFC
2017-01-26 01:30:21 ----D---- C:\Users\Henrich\AppData\Roaming\vlc
2017-01-26 00:57:35 ----D---- C:\Windows\System32
2017-01-26 00:57:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-26 00:34:53 ----D---- C:\moje
2017-01-26 00:12:34 ----D---- C:\AdwCleaner
2017-01-25 22:28:12 ----D---- C:\Windows\Tasks
2017-01-25 22:28:12 ----D---- C:\Windows\system32\Tasks
2017-01-24 21:05:37 ----SHD---- C:\System Volume Information
2017-01-22 22:47:21 ----SHD---- C:\Windows\Installer
2017-01-22 22:47:00 ----D---- C:\Windows\SysWOW64
2017-01-20 22:39:53 ----D---- C:\Users\Henrich\AppData\Roaming\Skype
2017-01-20 22:38:59 ----D---- C:\ProgramData\Skype
2017-01-18 23:40:13 ----D---- C:\Windows\Microsoft.NET
2017-01-18 23:38:09 ----RSD---- C:\Windows\assembly
2017-01-17 23:31:16 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2017-01-17 23:30:15 ----D---- C:\Program Files\Microsoft Office 15
2017-01-11 22:31:18 ----D---- C:\Windows\debug
2017-01-11 22:21:20 ----D---- C:\Windows\winsxs
2017-01-11 22:17:08 ----D---- C:\Windows\system32\drivers
2017-01-11 22:16:56 ----D---- C:\Program Files\Internet Explorer
2017-01-11 22:16:55 ----D---- C:\Program Files\Windows Media Player
2017-01-11 22:16:53 ----D---- C:\Program Files (x86)\Internet Explorer
2017-01-11 22:16:52 ----D---- C:\Windows\SYSWOW64\sk-SK
2017-01-11 22:16:52 ----D---- C:\Windows\SYSWOW64\migration
2017-01-11 22:16:52 ----D---- C:\Windows\SYSWOW64\Dism
2017-01-11 22:16:52 ----D---- C:\Program Files (x86)\Windows Media Player
2017-01-11 22:16:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-01-11 22:16:47 ----D---- C:\Windows\SYSWOW64\en-US
2017-01-11 22:16:36 ----D---- C:\Windows\system32\migration
2017-01-11 22:16:35 ----D---- C:\Windows\system32\sk-SK
2017-01-11 22:16:35 ----D---- C:\Windows\system32\Dism
2017-01-11 22:16:34 ----D---- C:\Windows\system32\cs-CZ
2017-01-11 22:16:30 ----D---- C:\Windows\system32\en-US
2017-01-11 22:16:16 ----D---- C:\Windows\AppPatch
2017-01-11 22:16:12 ----D---- C:\Windows\system32\Boot
2017-01-11 22:11:08 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-01-11 22:08:27 ----D---- C:\Windows\system32\MRT
2017-01-11 22:05:49 ----AC---- C:\Windows\system32\MRT.exe
2017-01-11 21:56:11 ----D---- C:\Windows\system32\catroot2
2017-01-10 23:03:08 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-01-10 23:03:06 ----D---- C:\Windows\system32\Macromed
2017-01-10 23:03:03 ----D---- C:\Windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2015-08-05 36608]
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-11-10 84616]
R0 hpdskflt;HP Filter; C:\Windows\system32\drivers\hpdskflt.sys [2013-07-23 30520]
R0 iaStorA;iaStorA; C:\Windows\system32\drivers\iaStorA.sys [2015-05-29 646408]
R0 iaStorF;iaStorF; C:\Windows\system32\drivers\iaStorF.sys [2015-05-29 30960]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3hcs.sys [2016-10-26 22800]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PinFile;PinFile; C:\Windows\system32\DRIVERS\PinFile.sys [2014-12-05 49856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SDDisk2K;SDDisk2K; C:\Windows\system32\DRIVERS\SDDisk2K.sys [2014-12-05 228544]
R0 SDDToki;SDDToki; C:\Windows\system32\DRIVERS\SDDToki.sys [2014-12-05 131264]
R0 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2011-12-27 90608]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-11-10 262792]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-11-10 197248]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-11-10 208520]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-11-10 61568]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-11-10 153216]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\drivers\Accelerometer.sys [2013-07-23 43320]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-01-13 21645320]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-01-13 676360]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2014-02-28 23760]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2014-02-28 4749008]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D; C:\Windows\system32\DRIVERS\e1d62x64.sys [2013-07-13 495376]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2013-11-19 26936]
R3 IceKore;IceKore; C:\Windows\system32\DRIVERS\IceKore.sys [2014-03-04 411608]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2016-03-23 4924304]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2016-10-26 390416]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2016-10-26 799504]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\drivers\TeeDriverx64.sys [2013-09-16 99288]
R3 rtsuvc;HP HD Webcam [Fixed]; C:\Windows\system32\DRIVERS\rtsuvc.sys [2013-08-02 8873688]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [2013-09-04 34544]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2013-08-16 551936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\drivers\SynTP.sys [2013-09-04 524016]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-04-24 96768]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2012-09-24 165688]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2013-10-29 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2013-10-29 80384]
S3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-12-03 598808]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-05-01 184144]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2012-03-06 210984]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\drivers\btwrchid.sys [2012-03-06 21544]
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [2013-06-13 65752]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-07-07 16088]
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys [2014-07-07 30424]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-07-15 455440]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTSPER;Realtek PCIE Card Reader - PER; C:\Windows\system32\DRIVERS\RtsPer.sys [2013-08-21 429272]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 SmbDrv;SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [2013-09-04 30448]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-01-13 255504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2012-12-07 1005944]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2016-12-13 3042032]
R2 CreoService;Služba HP Trust Circles; C:\Program Files\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [2014-03-07 1927128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CtAgentService;Absolute Software Agent Service; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [2013-08-14 7168]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-09-18 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-09-18 298760]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2013-09-14 500048]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-11-10 2771848]
R2 HPFSService;HP File Sanitizer; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2013-08-07 1758424]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2014-05-16 683296]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2013-07-23 43320]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-07 31776]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-05-22 18672]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2016-03-23 344184]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-09-16 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2016-08-10 1719040]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2013-08-16 339456]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2013-07-03 3223144]
R3 hpCMSrv;HP Connection Manager 4 Service; c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2013-09-18 1445176]
R3 hpqcaslwmiex;HP CASL Framework Service; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [2016-06-03 1031704]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2013-08-23 1232056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-12-01 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-12-01 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10 270936]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-12-01 50864]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2016-03-23 279160]
S3 FLCDLOCK;HP Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2013-09-06 567608]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-12-13 172488]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-02-01 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2013-02-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2015-06-10 155520]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-03-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-12-01 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-12-01 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-12-01 139944]

-----------------EOF-----------------

#2 Příspěvek od **Roli** » 27 led 2017 18:08

Zdravím,

smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.

Spusť skener Cure It podle TOHOTO návodu

po skončení skenu mi sem nakopíruj výsledky - stačí konec logu se souhrnem.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)

shrike · #3 Příspěvek od **shrike** » 27 led 2017 21:28

zdravim posílam adwclean log

# AdwCleaner v6.043 - Logfile created 27/01/2017 at 21:09:34
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-27.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Henrich - HENRICH-HP
# Running from : C:\Users\Henrich\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C10].txt - [2318 Bytes] - [26/01/2017 00:12:34]
C:\AdwCleaner\AdwCleaner[C11].txt - [851 Bytes] - [27/01/2017 21:09:34]
C:\AdwCleaner\AdwCleaner[C1].txt - [2864 Bytes] - [03/11/2015 00:37:12]
C:\AdwCleaner\AdwCleaner[C2].txt - [2101 Bytes] - [17/01/2016 23:58:42]
C:\AdwCleaner\AdwCleaner[C3].txt - [1258 Bytes] - [25/07/2016 19:45:51]
C:\AdwCleaner\AdwCleaner[C4].txt - [1425 Bytes] - [21/08/2016 09:37:24]
C:\AdwCleaner\AdwCleaner[C5].txt - [1572 Bytes] - [22/09/2016 22:57:46]
C:\AdwCleaner\AdwCleaner[C6].txt - [1718 Bytes] - [23/09/2016 21:07:52]
C:\AdwCleaner\AdwCleaner[C7].txt - [1864 Bytes] - [27/09/2016 07:47:00]

shrike · #4 Příspěvek od **shrike** » 27 led 2017 21:31

dále posílam konec logu cure it:

Total 8724255308 bytes in 28840 files scanned (34049 objects)
Total 28805 files (34009 objects) are clean
There are no infected objects detected
Total 40 files are raised error condition
Scan time is 00:09:32.222

#5 Příspěvek od **Roli** » 30 led 2017 18:12

Ještě pro jistotu se podíváme hlouběji.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

shrike · #6 Příspěvek od **shrike** » 30 led 2017 23:12

tak tady je log z combofixu

ComboFix 17-01-29.01 - Henrich 30.01.2017 22:52:12.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8105.5756 [GMT 1:00]
Spuštěný z: c:\users\Henrich\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.407.0 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Personální firewall *Disabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.407.0 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\HP Support Framework\HPSF_Config1.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-12-28 do 2017-01-30 )))))))))))))))))))))))))))))))
.
.
2017-01-30 21:57 . 2017-01-30 21:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-30 21:49 . 2017-01-30 21:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3534FBC7-E4AB-4AA1-88E2-DD0EA7337565}\offreg.5716.dll
2017-01-28 09:10 . 2017-01-09 12:45 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3534FBC7-E4AB-4AA1-88E2-DD0EA7337565}\mpengine.dll
2017-01-27 20:13 . 2017-01-27 20:13 -------- d-----w- c:\users\Henrich\Doctor Web
2017-01-11 21:02 . 2016-11-09 16:33 1941504 ----a-w- c:\windows\system32\authui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-11 21:05 . 2014-03-18 22:52 135657872 -c--a-w- c:\windows\system32\MRT.exe
2017-01-10 22:03 . 2013-10-28 23:59 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-10 22:03 . 2013-10-28 23:59 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-05 18:52 . 2017-01-11 21:02 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-01-05 17:43 . 2017-01-11 21:02 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-01-05 17:43 . 2017-01-11 21:02 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-12-01 01:18 . 2016-12-01 01:18 875712 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2016-12-01 01:18 . 2016-12-01 01:18 536768 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2016-12-01 01:18 . 2016-12-01 01:18 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-12-01 01:18 . 2016-12-01 01:18 18088 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-12-01 01:18 . 2016-12-01 01:18 18088 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-12-01 01:18 . 2016-12-01 01:18 18088 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-12-01 00:37 . 2016-12-01 00:37 869576 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-12-01 00:37 . 2016-12-01 00:37 678600 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-12-01 00:37 . 2016-12-01 00:37 29888 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-12-01 00:37 . 2016-12-01 00:37 18088 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-12-01 00:37 . 2016-12-01 00:37 18088 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-12-01 00:37 . 2016-12-01 00:37 18088 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-11-12 18:14 . 2017-01-11 21:03 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-11-12 17:40 . 2017-01-11 21:03 230400 ----a-w- c:\windows\SysWow64\webcheck.dll
2016-11-10 21:24 . 2016-11-10 21:24 153216 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-11-10 21:24 . 2016-04-14 13:09 61568 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-11-10 21:24 . 2015-07-14 13:29 84616 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-11-10 21:24 . 2015-07-14 13:29 262792 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-11-10 21:24 . 2015-07-14 13:29 208520 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-11-10 21:24 . 2015-07-14 13:29 197248 ----a-w- c:\windows\system32\drivers\ehdrv.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-18 22:15 222920 ----a-w- c:\users\Henrich\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-18 22:15 222920 ----a-w- c:\users\Henrich\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-18 22:15 222920 ----a-w- c:\users\Henrich\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\+1TBIcon]
@="{B9C55E85-DED6-4911-82F3-83CF1CAB2898}"
[HKEY_CLASSES_ROOT\CLSID\{B9C55E85-DED6-4911-82F3-83CF1CAB2898}]
2014-03-07 09:55 133592 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Trust Circles\tbicon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"="c:\users\Henrich\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-11-11 144008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2013-09-18 185144]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2016-10-26 296216]
"AccelerometerSysTrayApplet"="c:\program files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" [2013-07-24 77088]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2013-06-24 167488]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2013-08-05 111576]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2013-08-07 490760]
"HP File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe" [2013-08-07 2213592]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2014-05-16 336672]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-19 767176]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2016-08-10 1193728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-12-7 1393528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLCDLOCK;HP Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PinFile;PinFile;c:\windows\system32\DRIVERS\PinFile.sys;c:\windows\SYSNATIVE\DRIVERS\PinFile.sys [x]
S0 SDDisk2K;SDDisk2K;c:\windows\system32\DRIVERS\SDDisk2K.sys;c:\windows\SYSNATIVE\DRIVERS\SDDisk2K.sys [x]
S0 SDDToki;SDDToki;c:\windows\system32\DRIVERS\SDDToki.sys;c:\windows\SYSNATIVE\DRIVERS\SDDToki.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CreoService;Služba HP Trust Circles;c:\program files\Hewlett-Packard\HP Trust Circles\CreoSvc.exe;c:\program files\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [x]
S2 CtAgentService;Absolute Software Agent Service;c:\program files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe;c:\program files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 HPFSService;HP File Sanitizer;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 hpqcaslwmiex;HP CASL Framework Service;c:\program files (x86)\HP\Shared\hpqwmiex.exe;c:\program files (x86)\HP\Shared\hpqwmiex.exe [x]
S3 IceKore;IceKore;c:\windows\system32\DRIVERS\IceKore.sys;c:\windows\SYSNATIVE\DRIVERS\IceKore.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 rtsuvc;HP HD Webcam [Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-12-23 18:10 323152 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2017-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-28 22:03]
.
2017-01-30 c:\windows\Tasks\HPCeeScheduleForHenrich.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12 13:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-18 22:15 261832 ----a-w- c:\users\Henrich\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-18 22:15 261832 ----a-w- c:\users\Henrich\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-18 22:15 261832 ----a-w- c:\users\Henrich\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-01 11:58 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-01 11:58 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-01 11:58 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\+1TBIcon]
@="{B9C55E85-DED6-4911-82F3-83CF1CAB2898}"
[HKEY_CLASSES_ROOT\CLSID\{B9C55E85-DED6-4911-82F3-83CF1CAB2898}]
2014-03-07 09:55 147928 ----a-w- c:\program files\Hewlett-Packard\HP Trust Circles\tbicon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CryptoMill Refresh"="c:\program files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-08-16 1703424]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2014-02-28 7032320]
"RtsCM"="RTSCM64.EXE" [2013-08-02 147160]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2015-06-01 36352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2016-03-23 382072]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com?pc=CMNTDFJS
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
mStart Page = hxxp://www.bing.com?pc=CMNTDFJS
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Henrich\AppData\Roaming\Mozilla\Firefox\Profiles\iu8qkcj6.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{56D27851-B9A6-430F-875A-E2D7A3802C7B} - c:\program files (x86)\InstallShield Installation Information\{56D27851-B9A6-430F-875A-E2D7A3802C7B}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-01-30 23:00:15
ComboFix-quarantined-files.txt 2017-01-30 22:00
.
Před spuštěním: Volných bajtů: 560 604 393 472
Po spuštění: Volných bajtů: 560 056 594 432
.
- - End Of File - - 6D46EE3918D74EEE1031C56BBDE306BB
A36C5E4F47E84449FF07ED3517B43A31

#7 Příspěvek od **Roli** » 31 led 2017 17:24

Bezva, uklidíme

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Pak dej vědět jak se PC chová.

shrike · #8 Příspěvek od **shrike** » 31 led 2017 23:04

Je to lepší. Už není až tak pomalý. To pročištění pomohlo.
Díky moc.

#9 Příspěvek od **Roli** » 01 úno 2017 17:34

shrike píše:Díky moc.

Není zač a

VIRY.CZ

prosím o kontrolu

prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu