VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

prosim o pomoc a kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=149070

Stránka 1 z 2

prosim o pomoc a kontrolu logu

Napsal: 28 kvě 2016 12:11
od domd2u
Logfile of random's system information tool 1.10 (written by random/random)
Run by admin at 2016-05-28 13:07:11
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 34 GB (15%) free of 232 GB
Total RAM: 16272 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:07:26 PM, on 5/28/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18283)
Boot mode: Normal

Running processes:
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AntiLogger\AntiLogger.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\PSPad editor\PSPad.exe
C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
C:\Program Files\trend micro\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files (x86)\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(1).dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\DellTPad\HidMonitorSvc.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Služba Kaspersky Anti-Virus 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dell Command | Power Manager Notify (dcpm-notify) - Dell Inc. - C:\Program Files\Dell\CommandPowerManager\NotifyService.exe
O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\Windows\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: IntelUSBoverIP - Intel - C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Waves Audio Services (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12941 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
winlogon.exe
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT
C:\Windows\system32\svchost.exe -k NetworkService
taskeng.exe {039FE0F6-5E73-45A4-AC71-DB4B72D29B6B}
C:\Windows\System32\spoolsv.exe
"c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe"
"c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\DellTPad\HidMonitorSvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\esif_uf.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe"
"c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f566ba71-479f-48c9-be77-cb8ae72455af -SystemEventPortName:HostProcess-66ee43b0-1428-4811-ae7b-85a154dbb6a8 -IoCancelEventPortName:HostProcess-1690aca3-a876-4423-845a-5172e45d128b -NonStateChangingEventPortName:HostProcess-8cc2d3f3-3446-41a2-bf2f-a22fc1eaff86 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f21dc368-4c38-4585-8e43-f57babaa649d -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-09d9ae98-32aa-4f7e-aa3a-32316c68a6b3 -SystemEventPortName:HostProcess-b198eb87-70fd-4974-9b3f-9437410f99a4 -IoCancelEventPortName:HostProcess-380e7181-305b-48ec-b453-3a4edd8d52da -NonStateChangingEventPortName:HostProcess-a71e7eab-7962-497a-91fe-62894b61bfeb -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:fb1b2d71-a215-4518-803b-bc5450d7690c -DeviceGroupId:
"taskhost.exe"
"C:\Program Files\DellTPad\Apoint.exe"
"C:\Windows\TEMP\DPTF\esif_assist_64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DELLGRM
taskeng.exe {877E222E-339D-4600-B4A1-EF4BA819AD72}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" /s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6
"C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
"C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files\DellTPad\HidFind.exe"
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe "-3996194301988851388-1825721647-105010185318546001591939174140491372478-625407451
"C:\Program Files (x86)\AntiLogger\AntiLogger.exe" /minimized
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskeng.exe {D2113F7A-1DCF-49E7-BA9C-02A50F0852D2}
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\totalcmd\TOTALCMD64.EXE"
"C:\Program Files (x86)\PSPad editor\PSPad.exe" "C:\Users\admin\Desktop\vir.txt"
"C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\DRIVERS\o2flash.exe
"C:\Users\admin\Desktop\RSITx64(1).exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-715422665-10965421-2657355993-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-715422665-10965421-2657355993-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Re: prosim o pomoc a kontrolu logu

Napsal: 28 kvě 2016 15:00
od domd2u
prosim prosim, najde si nekdo minutku mrknout na log jestli vse ok? diky!

Re: prosim o pomoc a kontrolu logu

Napsal: 28 kvě 2016 18:01
od Rudy
Zdravím!
Log není kompletní.

Re: prosim o pomoc a kontrolu logu

Napsal: 02 čer 2016 09:37
od domd2u
Zdravim, sorry nahravam kompletni ve 2 postech:

1 cast:
Logfile of random's system information tool 1.10 (written by random/random)
Run by admin at 2016-06-02 10:30:59
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 34 GB (15%) free of 232 GB
Total RAM: 16272 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:00 AM, on 6/2/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(1).dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\DellTPad\HidMonitorSvc.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Služba Kaspersky Anti-Virus 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dell Command | Power Manager Notify (dcpm-notify) - Dell Inc. - C:\Program Files\Dell\CommandPowerManager\NotifyService.exe
O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\Windows\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: IntelUSBoverIP - Intel - C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Waves Audio Services (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12875 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DELLGRM
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe"
"c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\DellTPad\HidMonitorSvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe" -r
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\esif_uf.exe
"C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe"
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ee69482e-f8e2-473a-8a61-34d97cac2cf3 -SystemEventPortName:HostProcess-c3a4ddc9-fbc0-450f-8f7c-2f686ac4c8c7 -IoCancelEventPortName:HostProcess-1aec357e-37d6-4db5-86ae-4ac12bd556b2 -NonStateChangingEventPortName:HostProcess-2cc15e7c-c119-4168-8964-aeba67877a0e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:31dd5a65-ec0e-4637-a348-9c771888a4e7 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d59d598e-24f2-4461-adf3-31922bca2a6e -SystemEventPortName:HostProcess-438ad3e1-b5af-4c7a-bf4f-fc01eab6f07f -IoCancelEventPortName:HostProcess-8b3c9180-8b6a-4536-bcd2-96c3dc915025 -NonStateChangingEventPortName:HostProcess-9aad58a4-4cc7-40cb-91b0-ceeefaad8ab5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0299bc32-c7ee-4e8e-aef3-3e035b92b148 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Program Files\DellTPad\Apoint.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe" -hidden
"C:\Windows\TEMP\DPTF\esif_assist_64.exe"
"C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" /s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6
"C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
"C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files\DellTPad\HidFind.exe"
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe "-7722525351189203944611956839172870931160591315371629331-12002801571777139714
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\system32\GWX\GWX.exe"
taskeng.exe {592B5FF3-0922-4B53-837A-B49CFD090B70}
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Winamp\winamp.exe" -Embedding

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Acrobat /VERSION:11.0 /MODE:2
"taskhost.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\admin\Desktop\RSITx64.exe"

======Scheduled tasks folder======

Re: prosim o pomoc a kontrolu logu

Napsal: 02 čer 2016 09:48
od domd2u
Rudy pomoc :) Nemuzu za boha zkopirovat a vlozit cely obsah log.txt.

co s tim?

Re: prosim o pomoc a kontrolu logu

Napsal: 02 čer 2016 17:22
od Rudy
Pokud vám fórum hlásí, že text má více než 100 000 znaků, rozdělte ho do více postů.

Re: prosim o pomoc a kontrolu logu

Napsal: 03 čer 2016 04:05
od domd2u
Logfile of random's system information tool 1.10 (written by random/random)
Run by admin at 2016-06-02 10:49:13
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 34 GB (15%) free of 232 GB
Total RAM: 16272 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:14 AM, on 6/2/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat_sl.exe
C:\Program Files\trend micro\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(1).dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\DellTPad\HidMonitorSvc.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Služba Kaspersky Anti-Virus 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dell Command | Power Manager Notify (dcpm-notify) - Dell Inc. - C:\Program Files\Dell\CommandPowerManager\NotifyService.exe
O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\Windows\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: IntelUSBoverIP - Intel - C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Waves Audio Services (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12874 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
winlogon.exe
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT
C:\Windows\system32\svchost.exe -k NetworkService
taskeng.exe {800724AC-597A-4D00-9D0C-3BF20DAB6ACB}
C:\Windows\System32\spoolsv.exe
"c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe"
"c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\DellTPad\HidMonitorSvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe" -r
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\esif_uf.exe
"C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe"
C:\Windows\system32\IProsetMonitor.exe
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe"
"c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f2e2c9f9-fb37-4df1-bcbf-708d93421380 -SystemEventPortName:HostProcess-9f4965cb-c495-4c63-9d15-4f69dbe6119e -IoCancelEventPortName:HostProcess-8bf2929b-de84-45ab-8297-822c143928e7 -NonStateChangingEventPortName:HostProcess-497d3068-05e7-4f6e-b637-e36ae6680e79 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:554ccfc1-8d53-487f-82db-dc74d42b1746 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5fce9fc6-c9bf-497e-88ed-d1027d716da8 -SystemEventPortName:HostProcess-d7ff84e2-9ad6-4723-b25c-6662d50f1b4c -IoCancelEventPortName:HostProcess-cf1035f1-865a-4c3b-8eca-880e28071da5 -NonStateChangingEventPortName:HostProcess-7df8ea9c-48d3-489b-9306-8c0731e3ad16 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9e47db25-5776-4338-8d27-2380c0e3f4ae -DeviceGroupId:
"taskhost.exe"
"C:\Program Files\DellTPad\Apoint.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe" -hidden
"C:\Windows\TEMP\DPTF\esif_assist_64.exe"
"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DELLGRM
taskeng.exe {4EF369BC-41FF-4FA1-A8BB-8DE56A01455D}
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"Apntex.exe"
"C:\Program Files\DellTPad\HidFind.exe"
\??\C:\Windows\system32\conhost.exe "-1460968434576443519-1957507483737331202-1106767430-12155586571682050209664114295
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /cr
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" /s
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6
"C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
"C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe"
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat_sl.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\sppsvc.exe
taskeng.exe {989F89EB-5C43-4271-8118-53994D9AA873}
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\admin\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.com/"
prefs.js - "extensions.enabledItems" - "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35, en-GB@dictionaries.addons.mozilla.org:1.19.1, cs@dictionaries.addons.mozilla.org:1.0.2, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, firebug@software.joehewitt.com:1.6.2, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5, {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1, headings@niquelheadings.net:1.05.7, {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {8061ddcf-3632-4287-8d8a-133e219ae838}:0.9.7, {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7, {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1, {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2, bkmrksync@nokia.com:1.0.0.736, {25A1388B-6B18-46c3-BEBA-A81915D0DE8F}:1.7.4, rankchecker@seobook.com:1.8, ro-RO@www.archeus.ro:1.11, {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3, {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1, {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36, seo4firefox@seobook.com:3.3.8, seo@profesional:1.1.1, {ea614400-e918-4741-9a97-7a972ff7c30b}:2.1.14, {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19, sqlime@security.compass:0.4.5, {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1, {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5, en-US@dictionaries.addons.mozilla.org:5.0.1, {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3, {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9, firegestures@xuldev.org:1.6.2, xmlfiller@software602.cz:3.16.1, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2, 2020Player@2020Technologies.com:4.5.4.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\extensions\
support@lastpass.com
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\searchplugins\
firmycz.xml
jyxo.xml
jyxocz.xml
majestic-seo.xml
mapycz.xml
s-amazon.xml
wikipedia-cs.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29 163720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}]
Kaspersky Protection plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-06 800216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29 163720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01 629256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29 141192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}]
Kaspersky Protection plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-06 584664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29 141192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29 163720]
{3507FA00-ADA2-4A02-99B9-51AD26CA9120} - Kaspersky Protection toolbar - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-06 800216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29 141192]
{3507FA00-ADA2-4A02-99B9-51AD26CA9120} - Kaspersky Protection toolbar - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-06 584664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2015-05-29 736552]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-12-09 7666392]
"RtHDVBg_MAXX6"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-05 1391472]
"WavesSvc"=C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [2014-10-03 606296]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2014-06-25 36352]
"ISCT Tray"=C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2015-07-13 5860656]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-03-09 462712]
"Eraser"=C:\Program Files\Eraser\Eraser.exe [2015-09-03 1074088]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2016-03-19 176952]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [2015-12-07 7823336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-05-13 8721624]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2015-06-29 3498728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTibMounterMonitor]
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-29 1022152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger]
C:\Program Files (x86)\AntiLogger\AntiLogger.exe [2014-12-30 14679464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2016-03-19 176952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-09-04 55349888]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-11-04 296208]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2014-11-10 136992]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-29 1022152]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2015-06-29 3498728]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2016-05-07 23745808]

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\KEYCRY~1\KeyCrypt64(1).dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=60
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - "C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2016-06-02 10:48:29 ----A---- C:\Windows\system32\FNTCACHE.DAT
2016-06-01 17:27:09 ----D---- C:\ProgramData\9e703957-2a93-4223-b4aa-5ef2c45d29a2
2016-05-31 16:24:44 ----SHD---- C:\$RECYCLE.BIN
2016-05-31 16:24:40 ----A---- C:\ComboFix.txt
2016-05-28 13:33:43 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-05-28 13:33:43 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-05-28 13:33:43 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-05-28 13:33:43 ----A---- C:\Windows\system32\iernonce.dll
2016-05-28 13:33:43 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-05-28 13:33:43 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-05-28 13:33:42 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-28 13:33:42 ----A---- C:\Windows\system32\inseng.dll
2016-05-28 13:33:42 ----A---- C:\Windows\system32\ie4uinit.exe
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\urlmon.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\occache.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-28 13:33:41 ----A---- C:\Windows\system32\msfeeds.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\iedkcs32.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\dxtrans.dll
2016-05-28 13:33:40 ----A---- C:\Windows\system32\iesetup.dll
2016-05-28 13:33:40 ----A---- C:\Windows\system32\iertutil.dll
2016-05-28 13:33:40 ----A---- C:\Windows\system32\ieapfltr.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-05-28 13:33:39 ----A---- C:\Windows\system32\vbscript.dll
2016-05-28 13:33:39 ----A---- C:\Windows\system32\jsproxy.dll
2016-05-28 13:33:39 ----A---- C:\Windows\system32\ieui.dll
2016-05-28 13:33:39 ----A---- C:\Windows\system32\ieframe.dll
2016-05-28 13:33:39 ----A---- C:\Windows\system32\dxtmsft.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\wininet.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\webcheck.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\mshtmled.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\jscript9diag.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\jscript9.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\jscript.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\ieUnatt.exe
2016-05-28 13:33:37 ----A---- C:\Windows\system32\msrating.dll
2016-05-28 13:33:37 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-05-28 13:33:37 ----A---- C:\Windows\system32\mshtml.dll
2016-05-28 13:32:54 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-05-28 13:32:54 ----A---- C:\Windows\system32\tzres.dll
2016-05-28 13:32:53 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2016-05-28 13:32:53 ----A---- C:\Windows\system32\d3d10level9.dll
2016-05-28 13:07:11 ----D---- C:\rsit
2016-05-28 13:07:11 ----D---- C:\Program Files\trend micro
2016-05-28 13:05:15 ----A---- C:\Windows\system32\win32k.sys
2016-05-28 13:05:14 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2016-05-28 13:05:14 ----A---- C:\Windows\system32\gdi32.dll
2016-05-28 13:05:14 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2016-05-28 13:05:14 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2016-05-28 13:05:14 ----A---- C:\Windows\system32\cdd.dll
2016-05-28 13:05:13 ----A---- C:\Windows\system32\jnwmon.dll
2016-05-28 13:04:43 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2016-05-28 13:04:43 ----A---- C:\Windows\system32\InkEd.dll
2016-05-28 13:04:42 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-05-28 13:04:42 ----A---- C:\Windows\system32\rpcrt4.dll
2016-05-28 13:04:42 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-05-28 13:04:42 ----A---- C:\Windows\system32\lsasrv.dll
2016-05-28 13:04:42 ----A---- C:\Windows\system32\kerberos.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\wow64win.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\winsrv.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\TSpkg.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\srcore.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\smss.exe
2016-05-28 13:04:41 ----A---- C:\Windows\system32\schannel.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\ntdll.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\msv1_0.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\KernelBase.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\kernel32.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-05-28 13:04:41 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-05-28 13:04:41 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-05-28 13:04:41 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-05-28 13:04:41 ----A---- C:\Windows\system32\certcli.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\advapi32.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\wow64cpu.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\wow64.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\wdigest.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\sspisrv.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\sspicli.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\srclient.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\secur32.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\rstrui.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\rpchttp.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\ntvdm64.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\ncrypt.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\lsass.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-05-28 13:04:40 ----A---- C:\Windows\system32\drivers\appid.sys
2016-05-28 13:04:40 ----A---- C:\Windows\system32\csrsrv.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\cryptbase.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\credssp.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\conhost.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\auditpol.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\appidsvc.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\appidapi.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\user.exe
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-05-28 13:04:39 ----A---- C:\Windows\system32\msobjs.dll
2016-05-28 13:04:39 ----A---- C:\Windows\system32\msaudite.dll
2016-05-28 13:04:39 ----A---- C:\Windows\system32\apisetschema.dll
2016-05-28 13:04:39 ----A---- C:\Windows\system32\adtschema.dll
2016-05-28 12:46:35 ----A---- C:\Windows\zip.exe
2016-05-28 12:46:35 ----A---- C:\Windows\SWSC.exe
2016-05-28 12:46:35 ----A---- C:\Windows\SWREG.exe
2016-05-28 12:46:35 ----A---- C:\Windows\sed.exe
2016-05-28 12:46:35 ----A---- C:\Windows\PEV.exe
2016-05-28 12:46:35 ----A---- C:\Windows\NIRCMD.exe
2016-05-28 12:46:35 ----A---- C:\Windows\MBR.exe
2016-05-28 12:46:35 ----A---- C:\Windows\grep.exe
2016-05-28 12:46:30 ----D---- C:\Qoobox
2016-05-28 12:46:20 ----D---- C:\Windows\erdnt
2016-05-28 12:45:53 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2016-05-28 12:45:53 ----A---- C:\Windows\system32\WindowsCodecs.dll

======List of files/folders modified in the last 1 month======

2016-06-02 10:49:08 ----D---- C:\Windows\Temp
2016-06-02 10:48:42 ----D---- C:\Windows\system32\config
2016-06-02 10:48:41 ----D---- C:\Windows\System32
2016-06-02 10:48:41 ----D---- C:\ProgramData\Kaspersky Lab
2016-06-02 10:48:41 ----A---- C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-02 10:48:35 ----SHD---- C:\System Volume Information
2016-06-02 09:47:00 ----D---- C:\Users\admin\AppData\Roaming\vlc
2016-06-02 07:36:09 ----D---- C:\Windows\inf
2016-06-02 07:35:30 ----D---- C:\Windows
2016-06-01 22:44:53 ----D---- C:\Users\admin\AppData\Roaming\qBittorrent
2016-06-01 21:11:20 ----D---- C:\Windows\system32\LogFiles
2016-06-01 17:37:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-06-01 17:28:44 ----D---- C:\Windows\system32\drivers
2016-06-01 17:28:24 ----SHD---- C:\Windows\Installer
2016-06-01 17:28:18 ----D---- C:\Windows\system32\DriverStore
2016-06-01 17:27:58 ----D---- C:\Windows\SysWOW64
2016-06-01 17:27:57 ----D---- C:\Program Files (x86)\Intel
2016-06-01 17:27:09 ----D---- C:\ProgramData
2016-06-01 17:21:14 ----D---- C:\Program Files (x86)\Opera
2016-06-01 17:16:36 ----D---- C:\Windows\system32\NDF
2016-06-01 14:51:56 ----D---- C:\Windows\rescache
2016-06-01 10:45:43 ----D---- C:\Windows\system32\catroot
2016-05-31 16:23:07 ----A---- C:\Windows\system.ini
2016-05-31 16:23:02 ----D---- C:\Windows\system32\drivers\etc
2016-05-31 16:21:11 ----D---- C:\Windows\SYSWOW64\drivers
2016-05-31 16:21:11 ----D---- C:\Windows\AppPatch
2016-05-31 16:21:10 ----D---- C:\Program Files (x86)\Common Files
2016-05-31 10:43:48 ----D---- C:\Windows\debug
2016-05-31 08:31:15 ----D---- C:\Program Files\CCleaner
2016-05-30 15:04:50 ----D---- C:\Windows\Registration
2016-05-30 10:51:40 ----D---- C:\Windows\Microsoft.NET
2016-05-30 10:49:08 ----RSD---- C:\Windows\assembly
2016-05-29 13:39:51 ----D---- C:\Windows\winsxs
2016-05-28 13:45:11 ----D---- C:\Windows\SYSWOW64\en-US
2016-05-28 13:45:10 ----SD---- C:\Windows\SYSWOW64\GWX
2016-05-28 13:45:10 ----SD---- C:\Windows\system32\GWX
2016-05-28 13:45:10 ----D---- C:\Windows\SYSWOW64\sk-SK
2016-05-28 13:45:10 ----D---- C:\Windows\SYSWOW64\pl-PL
2016-05-28 13:45:10 ----D---- C:\Windows\SYSWOW64\hu-HU
2016-05-28 13:45:10 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-05-28 13:45:10 ----D---- C:\Windows\system32\sk-SK
2016-05-28 13:45:10 ----D---- C:\Windows\system32\pl-PL
2016-05-28 13:45:10 ----D---- C:\Windows\system32\hu-HU
2016-05-28 13:45:10 ----D---- C:\Windows\system32\en-US
2016-05-28 13:45:10 ----D---- C:\Windows\system32\cs-CZ
2016-05-28 13:45:10 ----D---- C:\Windows\system32\appraiser
2016-05-28 13:45:10 ----D---- C:\Windows\ehome
2016-05-28 13:45:10 ----D---- C:\Program Files\Windows Journal
2016-05-28 13:45:10 ----D---- C:\Program Files\Internet Explorer
2016-05-28 13:45:10 ----D---- C:\Program Files (x86)\Internet Explorer
2016-05-28 13:45:09 ----D---- C:\Windows\system32\Boot
2016-05-28 13:39:23 ----D---- C:\Windows\system32\MRT
2016-05-28 13:34:50 ----A---- C:\Windows\system32\MRT.exe
2016-05-28 13:32:44 ----D---- C:\Windows\system32\catroot2
2016-05-28 13:07:11 ----RD---- C:\Program Files
2016-05-24 21:08:21 ----RSD---- C:\Windows\Fonts
2016-05-13 23:01:16 ----D---- C:\Windows\system32\Tasks
2016-05-12 21:59:42 ----HD---- C:\GrandeDevice
2016-05-12 21:03:47 ----D---- C:\Program Files (x86)\Dropbox
2016-05-11 03:41:57 ----RD---- C:\Program Files (x86)
2016-05-11 03:41:56 ----D---- C:\Windows\Tasks
2016-05-10 09:05:48 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak); C:\Windows\system32\DRIVERS\cm_km.sys [2015-07-06 389816]
R0 iaStorA;iaStorA; C:\Windows\system32\drivers\iaStorA.sys [2014-06-07 670056]
R0 iaStorF;iaStorF; C:\Windows\system32\drivers\iaStorF.sys [2014-06-07 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-11-04 22800]
R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2015-06-22 478392]
R0 klbackupdisk;Kaspersky Lab klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [2015-06-06 53432]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
R1 AntiLog32;AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [2015-07-06 49752]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 klbackupflt;Kaspersky Lab klbackupflt; C:\Windows\system32\DRIVERS\klbackupflt.sys [2015-06-27 70000]
R1 klhk;Kaspersky Lab service driver; C:\Windows\system32\DRIVERS\klhk.sys [2016-05-26 237480]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2016-05-26 943536]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2016-05-26 49240]
R1 klpd;Kaspersky Lab format recognizer driver; C:\Windows\system32\DRIVERS\klpd.sys [2015-12-06 41352]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2015-06-11 65208]
R1 Klwtp;Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [2015-06-16 103096]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2015-06-23 187056]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2015-07-06 231376]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 kldisk;kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [2016-03-16 77728]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2014-05-07 11576]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\system32\DRIVERS\Apfiltr.sys [2015-10-05 610048]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2015-06-12 80384]
R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2015-10-13 141800]
R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2015-10-16 1545704]
R3 cvusbdrv;Dell ControlVault; C:\Windows\System32\Drivers\cvusbdrv.sys [2014-10-15 61664]
R3 dptf_acpi;dptf_acpi; C:\Windows\system32\DRIVERS\dptf_acpi.sys [2015-10-30 55784]
R3 dptf_cpu;dptf_cpu; C:\Windows\system32\DRIVERS\dptf_cpu.sys [2015-10-30 52200]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D; C:\Windows\system32\DRIVERS\e1d62x64.sys [2015-08-05 501216]
R3 esif_lf;esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [2015-10-30 260072]
R3 ibtusb;Intel(R) Wireless Bluetooth(R); C:\Windows\system32\DRIVERS\ibtusb.sys [2016-02-20 306448]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2016-03-02 7904232]
R3 ikbevent;Intel Upper keyboard Class Filter Driver; C:\Windows\system32\DRIVERS\ikbevent.sys [2015-07-13 22216]
R3 imsevent;Intel Upper Mouse Class Filter Driver; C:\Windows\system32\DRIVERS\imsevent.sys [2015-07-13 22728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTDVHD64.sys [2014-12-11 2640728]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-11-04 387344]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-11-04 797456]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2014-10-17 27000]
R3 keycrypt;keycrypt; C:\Windows\system32\DRIVERS\KeyCrypt64.sys [2014-12-30 76520]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-12-06 181640]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2015-06-06 41144]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2015-06-07 41648]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-11-10 129312]
R3 NAL;Nal Service ; \??\C:\Windows\system32\Drivers\iqvw64e.sys [2014-02-26 34568]
R3 NETwNs64;___ Intel(R) Wireless Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\Netwsw02.sys [2014-11-17 3425768]
R3 O2FJ2RDR;O2FJ2RDR; C:\Windows\system32\DRIVERS\O2FJ2w7x64.sys [2014-05-14 210592]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service; C:\Windows\system32\DRIVERS\ST_Accel.sys [2014-04-21 75952]
R3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2015-12-30 27136]
R3 usb3Hub;UoIP Hub; C:\Windows\system32\DRIVERS\usb3Hub.sys [2014-10-15 213296]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2015-06-12 42496]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [2016-03-04 127456]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2015-06-12 552960]
S3 btmaudio;Intel Bluetooth Audio Service; C:\Windows\system32\drivers\btmaud.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 INETMON;INETMON; \??\C:\Windows\System32\Drivers\INETMON.sys [2014-05-27 25800]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2014-10-17 38264]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-12-08 481032]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver; C:\Windows\system32\DRIVERS\ISCTD.sys [2014-05-27 44744]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2015-01-16 23040]
S3 netvsc;netvsc; C:\Windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RT-USB;Ross-Tech USB driver; C:\Windows\system32\drivers\RT-USB64.SYS [2010-06-16 70984]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 SynthVid;SynthVid; C:\Windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
S3 Tpm;TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2015-07-13 54784]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-06-29 81088]
R2 ApHidMonitorService;Alps HID Monitor Service; C:\Program Files\DellTPad\HidMonitorSvc.exe [2015-09-25 96000]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-03-02 83768]
R2 AVP16.0.0;Služba Kaspersky Anti-Virus 16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [2015-12-06 194000]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2015-10-15 1198120]
R2 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2015-10-28 1722408]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2015-10-15 1161256]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service; c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2014-10-15 1044872]
R2 Credential Vault Host Storage;Credential Vault Host Storage; c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2014-10-15 38792]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 esifsvc;ESIF Upper Framework Service; C:\Windows\SysWOW64\esif_uf.exe [2015-10-30 1392792]
R2 iBtSiva;Intel Bluetooth Service; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [2016-02-27 171640]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2016-03-02 365032]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2014-04-23 260360]
R2 IntelUSBoverIP;IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [2014-10-15 394184]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-08-19 291032]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2016-03-19 651576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-06 134512]
S2 Dell Foundation Services;Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [2016-01-15 119656]
S2 DellDigitalDelivery;Dell Digital Delivery Service; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2015-03-16 237448]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03 107848]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-06-25 16232]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2015-07-13 209712]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-11-10 158496]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2014-11-10 409376]
S2 O2FLASH;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [2014-03-07 65536]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2016-03-02 292832]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-06 134512]
S3 dcpm-notify;Dell Command | Power Manager Notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [2015-06-10 85216]
S3 Dell.CommandPowerManager.Service;Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe [2009-07-14 9728]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03 107848]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-04-23 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-05-13 887256]
S3 iumsvc;Intel(R) Update Manager; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25 178312]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 vssbrigde64;vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [2015-07-09 144640]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

Re: prosim o pomoc a kontrolu logu

Napsal: 03 čer 2016 04:06
od domd2u
tak se mi to podarilo. Neslo to z nejakeho duvodu v PSPADU :(

dik za kontrolu

Re: prosim o pomoc a kontrolu logu

Napsal: 03 čer 2016 17:53
od Rudy
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: prosim o pomoc a kontrolu logu

Napsal: 03 čer 2016 18:16
od domd2u
tady diky:

# AdwCleaner v5.119 - Logfile created 03/06/2016 at 19:12:45
# Updated 30/05/2016 by Xplode
# Database : 2016-05-30.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : admin - DELLADMIN
# Running from : C:\Users\admin\Desktop\adwcleaner_5.119.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\9e703957-2a93-4223-b4aa-5ef2c45d29a2
[#] Folder Deleted : C:\ProgramData\Application Data\9e703957-2a93-4223-b4aa-5ef2c45d29a2
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPlayer
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPlayer
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoViewer
[-] Folder Deleted : C:\Program Files (x86)\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\VideoPlayer
[#] Folder Deleted : C:\Program Files (x86)\VideoPlayer
[-] Folder Deleted : C:\Program Files (x86)\VideoViewer
[-] Folder Deleted : C:\Users\admin\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoViewer
[-] Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\ConduitCommon
[-] Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[-] Folder Deleted : C:\Users\admin\AppData\Local\CrashRpt

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BF85F37-ECD3-462C-8F41-902FD170F42E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{13128F4B-AB64-44DF-B196-1CE085007398}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{33DD7AC6-C23E-432E-8103-5F199F775D33}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C81DCEEB-4F70-497A-B8B5-E16727825B43}
[-] Key Deleted : HKCU\Software\WIN

***** [ Web browsers ] *****

[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.CTID", "CT2786678");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.CurrentServerDate", "13-12-2011");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.DSInstall", false);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Tue Dec 13 2011 00:14:57 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Tue Dec 13 2011 08:43:02 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 232);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Tue Dec 13 2011 08:43:05 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Tue Dec 13 2011 08:43:05 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Tue Dec 13 2011 08:43:05 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Tue Dec 13 2011 08:43:05 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Tue Dec 13 2011 08:43:05 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Tue Dec 13 2011 08:43:05 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Tue Dec 13 2011 08:43:05 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Tue Dec 13 2011 08:43:05 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Tue Dec 13 2011 08:43:05 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Tue Dec 13 2011 08:43:05 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Tue Dec 13 2011 08:43:05 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FirstServerDate", "13-12-2011");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FirstTime", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FirstTimeFF3", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.FixPageNotFoundErrors", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.HPInstall", false);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.HomepageBeforeUnload", "hxxp://novinky.cz/");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.Initialize", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 2);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.InstallationId", "ConduitXPEIntegration");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.InstallationType", "ConduitXPEIntegration");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.InstalledDate", "Tue Dec 13 2011 00:14:45 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.IsGrouping", false);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.IsInitSetupIni", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.IsMulticommunity", false);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Dec 13 2011 00:14:52 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.LastLogin_3.8.1.0", "Tue Dec 13 2011 08:43:02 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.LatestVersion", "3.8.1.0");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.Locale", "en");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.8.1.0");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "Seznam");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Dec 13 2011 00:14:46 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SendProtectorDataViaLogin", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Dec 13 2011 00:14:44 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Dec 13 2011 08:43:01 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.SettingsLastUpdate", "1321973052");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Tue Dec 13 2011 00:14:44 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.Uninstall", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.UserID", "UN57631710957243341");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.WeatherNetwork", "");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.WeatherPollDate", "Tue Dec 13 2011 08:43:05 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.WeatherUnit", "C");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.alertChannelId", "1178763");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "5475652044656320313320323031312030303A31343A353420474D542B30313030");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Tue Dec 13 2011 08:43:03 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.initDone", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.myStuffEnabled", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804,1000034,129526967958500204,129309489763975460,5690698542593514850,129309485163350924,12931541142425[...]
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.revertSettingsEnabled", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.testingCtid", "");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Dec 13 2011 00:14:48 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Tue Dec 13 2011 00:14:55 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CT2786678.usagesFlag", 1);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1321973053\"");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/CZ", "\"0\"");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1313448428\"");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"93602d2a60e927e3ca51f1ad15996f04\"");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d81252562c31be757300e4205a85371\"");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dominik\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\r1xzmwfk.default\\conduitCommon\\modules\\3.8.1.0");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.cz/search?ie=UTF-8&oe=UTF-8& ... &gfns=1&q=");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Dec 13 2011 00:14:47 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.globalUserId", "53e9d43c-c28b-4de4-8833-27f00175b485");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Dec 13 2011 00:15:00 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Dec 13 2011 01:15:08 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Dec 13 2011 00:14:44 GMT+0100");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.notifications.userId", "b75a7064-79e9-4863-a149-1685c3ea6f3e");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://novinky.cz/");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Seznam");
[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\prefs.js] Deleted : user_pref("extensions.sxipper2.ignorepartialmapsubmit.0d2278985a8b085814692eb333323450", true);

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [28295 bytes] - [03/06/2016 19:12:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [27612 bytes] - [03/06/2016 19:12:01]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [28443 bytes] ##########

Re: prosim o pomoc a kontrolu logu

Napsal: 03 čer 2016 18:46
od Rudy
Dejte nový log RSIT.

Re: prosim o pomoc a kontrolu logu

Napsal: 03 čer 2016 20:40
od domd2u
Logfile of random's system information tool 1.10 (written by random/random)
Run by admin at 2016-06-03 21:36:39
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 32 GB (14%) free of 232 GB
Total RAM: 16272 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:36:44 PM, on 6/3/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
C:\Program Files (x86)\qBittorrent\qbittorrent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\DellTPad\HidMonitorSvc.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Služba Kaspersky Anti-Virus 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dell Command | Power Manager Notify (dcpm-notify) - Dell Inc. - C:\Program Files\Dell\CommandPowerManager\NotifyService.exe
O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\Windows\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: IntelUSBoverIP - Intel - C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Waves Audio Services (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13068 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
winlogon.exe
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe"
"c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\DellTPad\HidMonitorSvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe" -r
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\esif_uf.exe
"C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe"
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e9d6b0d6-045c-4ffd-8306-be389916c931 -SystemEventPortName:HostProcess-71e3fa25-9c98-4ee6-984a-16e04f52e77d -IoCancelEventPortName:HostProcess-3bfa7c0a-9f3a-4c7e-a1ed-4c273b1f48bf -NonStateChangingEventPortName:HostProcess-e29044d3-1b04-417a-adad-f5e0d2099090 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ac148bd1-356b-44e7-a7e5-574209505ee3 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-30d3b762-cec3-4cb1-8dab-3a320b85ea58 -SystemEventPortName:HostProcess-5954990d-ab8b-476e-979f-17428fec5ace -IoCancelEventPortName:HostProcess-995aff90-135e-474d-a760-8e91228f4ada -NonStateChangingEventPortName:HostProcess-61f41ece-a928-4ee6-8128-15dcc40fb442 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:18a28489-9bf3-41d6-9df3-7a0d8d8987f2 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k bthsvcs
"taskhost.exe"
"C:\Program Files\DellTPad\Apoint.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe" -hidden
"C:\Windows\TEMP\DPTF\esif_assist_64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DELLGRM
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" /s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6
"C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
"C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe"
"C:\Program Files\DellTPad\HidFind.exe"
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe "-10549653632089950036969499430175020954-12305420243357411478112219502002385878
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\system32\GWX\GWX.exe"
taskeng.exe {64F1BD40-BD0D-47F0-8A6E-3C5016ABEFBA}
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /firstrunupdate 0
"C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\DRIVERS\o2flash.exe
"C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\qBittorrent\qbittorrent.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=50.0.2661.102 --handshake-handle=0xd4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5712.0.1321709786\921398576" --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,12,15,24,53,71 --gpu-vendor-id=0x8086 --gpu-device-id=0x1616 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=20.19.15.4390 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention,brotli-encoding<BrotliEncoding --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=en-US --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrotliEncoding/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PreRead/Default/*QUIC/EnabledLoadServerInfoTimeoutSrttMultiplier50/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_69/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_07/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="5712.2.1031968087\204555492" /prefetch:1

taskeng.exe {5832F71E-843D-442C-9F8B-ABBC33A3CC6C}
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-71beab0a-cbc2-4416-b327-bba9fc6aea17 -SystemEventPortName:HostProcess-ae19d0a4-7840-472f-a324-1787b7ab2ee8 -IoCancelEventPortName:HostProcess-d445163a-495d-4c1a-818a-8427a52cf9ff -NonStateChangingEventPortName:HostProcess-0f3e7887-88a0-4307-ae99-5f5dae8efffd -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9c8a5a7b-d26a-4c96-825c-51f660e9d8b7 -DeviceGroupId:WpdFsGroup
"C:\totalcmd\TOTALCMD64.EXE"
C:\Windows\system32\sppsvc.exe

"C:\Users\admin\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.holkynajisto.cz/"
prefs.js - "extensions.enabledItems" - "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35, en-GB@dictionaries.addons.mozilla.org:1.19.1, cs@dictionaries.addons.mozilla.org:1.0.2, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, firebug@software.joehewitt.com:1.6.2, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5, {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1, headings@niquelheadings.net:1.05.7, {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {8061ddcf-3632-4287-8d8a-133e219ae838}:0.9.7, {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7, {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1, {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2, bkmrksync@nokia.com:1.0.0.736, {25A1388B-6B18-46c3-BEBA-A81915D0DE8F}:1.7.4, rankchecker@seobook.com:1.8, ro-RO@www.archeus.ro:1.11, {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3, {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1, {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36, seo4firefox@seobook.com:3.3.8, seo@profesional:1.1.1, {ea614400-e918-4741-9a97-7a972ff7c30b}:2.1.14, {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19, sqlime@security.compass:0.4.5, {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1, {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5, en-US@dictionaries.addons.mozilla.org:5.0.1, {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3, {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9, firegestures@xuldev.org:1.6.2, xmlfiller@software602.cz:3.16.1, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2, 2020Player@2020Technologies.com:4.5.4.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\extensions\
support@lastpass.com
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\searchplugins\
firmycz.xml
jyxo.xml
jyxocz.xml
majestic-seo.xml
mapycz.xml
s-amazon.xml
wikipedia-cs.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29 163720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}]
Kaspersky Protection plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-06 800216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29 163720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01 629256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29 141192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}]
Kaspersky Protection plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-06 584664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29 141192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29 163720]
{3507FA00-ADA2-4A02-99B9-51AD26CA9120} - Kaspersky Protection toolbar - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-06 800216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29 141192]
{3507FA00-ADA2-4A02-99B9-51AD26CA9120} - Kaspersky Protection toolbar - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-06 584664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2015-05-29 736552]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-12-09 7666392]
"RtHDVBg_MAXX6"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-05 1391472]
"WavesSvc"=C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [2014-10-03 606296]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2014-06-25 36352]
"ISCT Tray"=C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2015-07-13 5860656]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-03-09 462712]
"Eraser"=C:\Program Files\Eraser\Eraser.exe [2015-09-03 1074088]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2016-03-19 176952]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [2015-12-07 7823336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-05-13 8721624]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2015-06-29 3498728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTibMounterMonitor]
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-29 1022152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger]
C:\Program Files (x86)\AntiLogger\AntiLogger.exe /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2016-03-19 176952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-09-04 55349888]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-11-04 296208]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2014-11-10 136992]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-29 1022152]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2015-06-29 3498728]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2016-05-31 23972712]

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=60
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - "C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2016-06-03 19:11:30 ----D---- C:\AdwCleaner
2016-06-02 16:54:13 ----A---- C:\Windows\system32\FNTCACHE.DAT
2016-05-31 16:24:44 ----SHD---- C:\$RECYCLE.BIN
2016-05-31 16:24:40 ----A---- C:\ComboFix.txt
2016-05-28 13:33:43 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-05-28 13:33:43 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-05-28 13:33:43 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-05-28 13:33:43 ----A---- C:\Windows\system32\iernonce.dll
2016-05-28 13:33:43 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-05-28 13:33:43 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-05-28 13:33:42 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-28 13:33:42 ----A---- C:\Windows\system32\inseng.dll
2016-05-28 13:33:42 ----A---- C:\Windows\system32\ie4uinit.exe
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\urlmon.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\occache.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-28 13:33:41 ----A---- C:\Windows\system32\msfeeds.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\iedkcs32.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\dxtrans.dll
2016-05-28 13:33:40 ----A---- C:\Windows\system32\iesetup.dll
2016-05-28 13:33:40 ----A---- C:\Windows\system32\iertutil.dll
2016-05-28 13:33:40 ----A---- C:\Windows\system32\ieapfltr.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-05-28 13:33:39 ----A---- C:\Windows\system32\vbscript.dll
2016-05-28 13:33:39 ----A---- C:\Windows\system32\jsproxy.dll
2016-05-28 13:33:39 ----A---- C:\Windows\system32\ieui.dll
2016-05-28 13:33:39 ----A---- C:\Windows\system32\ieframe.dll
2016-05-28 13:33:39 ----A---- C:\Windows\system32\dxtmsft.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\wininet.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\webcheck.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\mshtmled.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\jscript9diag.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\jscript9.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\jscript.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\ieUnatt.exe
2016-05-28 13:33:37 ----A---- C:\Windows\system32\msrating.dll
2016-05-28 13:33:37 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-05-28 13:33:37 ----A---- C:\Windows\system32\mshtml.dll
2016-05-28 13:32:54 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-05-28 13:32:54 ----A---- C:\Windows\system32\tzres.dll
2016-05-28 13:32:53 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2016-05-28 13:32:53 ----A---- C:\Windows\system32\d3d10level9.dll
2016-05-28 13:07:11 ----D---- C:\rsit
2016-05-28 13:07:11 ----D---- C:\Program Files\trend micro
2016-05-28 13:05:15 ----A---- C:\Windows\system32\win32k.sys
2016-05-28 13:05:14 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2016-05-28 13:05:14 ----A---- C:\Windows\system32\gdi32.dll
2016-05-28 13:05:14 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2016-05-28 13:05:14 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2016-05-28 13:05:14 ----A---- C:\Windows\system32\cdd.dll
2016-05-28 13:05:13 ----A---- C:\Windows\system32\jnwmon.dll
2016-05-28 13:04:43 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2016-05-28 13:04:43 ----A---- C:\Windows\system32\InkEd.dll
2016-05-28 13:04:42 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-05-28 13:04:42 ----A---- C:\Windows\system32\rpcrt4.dll
2016-05-28 13:04:42 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-05-28 13:04:42 ----A---- C:\Windows\system32\lsasrv.dll
2016-05-28 13:04:42 ----A---- C:\Windows\system32\kerberos.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\wow64win.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\winsrv.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\TSpkg.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\srcore.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\smss.exe
2016-05-28 13:04:41 ----A---- C:\Windows\system32\schannel.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\ntdll.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\msv1_0.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\KernelBase.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\kernel32.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-05-28 13:04:41 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-05-28 13:04:41 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-05-28 13:04:41 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-05-28 13:04:41 ----A---- C:\Windows\system32\certcli.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\advapi32.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\wow64cpu.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\wow64.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\wdigest.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\sspisrv.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\sspicli.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\srclient.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\secur32.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\rstrui.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\rpchttp.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\ntvdm64.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\ncrypt.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\lsass.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-05-28 13:04:40 ----A---- C:\Windows\system32\drivers\appid.sys
2016-05-28 13:04:40 ----A---- C:\Windows\system32\csrsrv.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\cryptbase.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\credssp.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\conhost.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\auditpol.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\appidsvc.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\appidapi.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\user.exe
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-05-28 13:04:39 ----A---- C:\Windows\system32\msobjs.dll
2016-05-28 13:04:39 ----A---- C:\Windows\system32\msaudite.dll
2016-05-28 13:04:39 ----A---- C:\Windows\system32\apisetschema.dll
2016-05-28 13:04:39 ----A---- C:\Windows\system32\adtschema.dll
2016-05-28 12:46:35 ----A---- C:\Windows\zip.exe
2016-05-28 12:46:35 ----A---- C:\Windows\SWSC.exe
2016-05-28 12:46:35 ----A---- C:\Windows\SWREG.exe
2016-05-28 12:46:35 ----A---- C:\Windows\sed.exe
2016-05-28 12:46:35 ----A---- C:\Windows\PEV.exe
2016-05-28 12:46:35 ----A---- C:\Windows\NIRCMD.exe
2016-05-28 12:46:35 ----A---- C:\Windows\MBR.exe
2016-05-28 12:46:35 ----A---- C:\Windows\grep.exe
2016-05-28 12:46:30 ----D---- C:\Qoobox
2016-05-28 12:46:20 ----D---- C:\Windows\erdnt
2016-05-28 12:45:53 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2016-05-28 12:45:53 ----A---- C:\Windows\system32\WindowsCodecs.dll

======List of files/folders modified in the last 1 month======

2016-06-03 21:36:44 ----D---- C:\Windows\Temp
2016-06-03 21:35:49 ----D---- C:\Users\admin\AppData\Roaming\qBittorrent
2016-06-03 19:20:04 ----D---- C:\Windows\System32
2016-06-03 19:20:04 ----D---- C:\Windows\inf
2016-06-03 19:20:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-06-03 19:14:43 ----D---- C:\Program Files (x86)\Dropbox
2016-06-03 19:13:52 ----D---- C:\Windows\system32\config
2016-06-03 19:13:46 ----D---- C:\ProgramData\Kaspersky Lab
2016-06-03 19:13:46 ----A---- C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-03 19:13:41 ----SHD---- C:\System Volume Information
2016-06-03 19:12:48 ----RD---- C:\Program Files (x86)
2016-06-03 19:12:45 ----D---- C:\ProgramData
2016-06-03 17:57:41 ----D---- C:\Windows\system32\NDF
2016-06-03 15:57:27 ----D---- C:\Users\admin\AppData\Roaming\vlc
2016-06-02 17:02:27 ----D---- C:\Windows\system32\Tasks
2016-06-02 17:02:27 ----D---- C:\Program Files (x86)\Opera
2016-06-02 16:54:18 ----D---- C:\Windows
2016-06-02 12:00:00 ----D---- C:\Windows\system32\LogFiles
2016-06-02 10:51:59 ----D---- C:\Windows\SysWOW64
2016-06-02 10:51:59 ----D---- C:\Windows\system32\drivers
2016-06-02 10:51:58 ----SHD---- C:\Windows\Installer
2016-06-02 10:51:57 ----D---- C:\Program Files (x86)\AntiLogger
2016-06-01 17:28:18 ----D---- C:\Windows\system32\DriverStore
2016-06-01 17:27:57 ----D---- C:\Program Files (x86)\Intel
2016-06-01 14:51:56 ----D---- C:\Windows\rescache
2016-06-01 10:45:43 ----D---- C:\Windows\system32\catroot
2016-05-31 16:23:07 ----A---- C:\Windows\system.ini
2016-05-31 16:23:02 ----D---- C:\Windows\system32\drivers\etc
2016-05-31 16:21:11 ----D---- C:\Windows\SYSWOW64\drivers
2016-05-31 16:21:11 ----D---- C:\Windows\AppPatch
2016-05-31 16:21:10 ----D---- C:\Program Files (x86)\Common Files
2016-05-31 10:43:48 ----D---- C:\Windows\debug
2016-05-31 08:31:15 ----D---- C:\Program Files\CCleaner
2016-05-30 15:04:50 ----D---- C:\Windows\Registration
2016-05-30 10:51:40 ----D---- C:\Windows\Microsoft.NET
2016-05-30 10:49:08 ----RSD---- C:\Windows\assembly
2016-05-29 13:39:51 ----D---- C:\Windows\winsxs
2016-05-28 13:45:11 ----D---- C:\Windows\SYSWOW64\en-US
2016-05-28 13:45:10 ----SD---- C:\Windows\SYSWOW64\GWX
2016-05-28 13:45:10 ----SD---- C:\Windows\system32\GWX
2016-05-28 13:45:10 ----D---- C:\Windows\SYSWOW64\sk-SK
2016-05-28 13:45:10 ----D---- C:\Windows\SYSWOW64\pl-PL
2016-05-28 13:45:10 ----D---- C:\Windows\SYSWOW64\hu-HU
2016-05-28 13:45:10 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-05-28 13:45:10 ----D---- C:\Windows\system32\sk-SK
2016-05-28 13:45:10 ----D---- C:\Windows\system32\pl-PL
2016-05-28 13:45:10 ----D---- C:\Windows\system32\hu-HU
2016-05-28 13:45:10 ----D---- C:\Windows\system32\en-US
2016-05-28 13:45:10 ----D---- C:\Windows\system32\cs-CZ
2016-05-28 13:45:10 ----D---- C:\Windows\system32\appraiser
2016-05-28 13:45:10 ----D---- C:\Windows\ehome
2016-05-28 13:45:10 ----D---- C:\Program Files\Windows Journal
2016-05-28 13:45:10 ----D---- C:\Program Files\Internet Explorer
2016-05-28 13:45:10 ----D---- C:\Program Files (x86)\Internet Explorer
2016-05-28 13:45:09 ----D---- C:\Windows\system32\Boot
2016-05-28 13:39:23 ----D---- C:\Windows\system32\MRT
2016-05-28 13:34:50 ----A---- C:\Windows\system32\MRT.exe
2016-05-28 13:32:44 ----D---- C:\Windows\system32\catroot2
2016-05-28 13:07:11 ----RD---- C:\Program Files
2016-05-24 21:08:21 ----RSD---- C:\Windows\Fonts
2016-05-12 21:59:42 ----HD---- C:\GrandeDevice
2016-05-11 03:41:56 ----D---- C:\Windows\Tasks
2016-05-10 09:05:48 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak); C:\Windows\system32\DRIVERS\cm_km.sys [2015-07-06 389816]
R0 iaStorA;iaStorA; C:\Windows\system32\drivers\iaStorA.sys [2014-06-07 670056]
R0 iaStorF;iaStorF; C:\Windows\system32\drivers\iaStorF.sys [2014-06-07 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-11-04 22800]
R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2015-06-22 478392]
R0 klbackupdisk;Kaspersky Lab klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [2015-06-06 53432]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 klbackupflt;Kaspersky Lab klbackupflt; C:\Windows\system32\DRIVERS\klbackupflt.sys [2015-06-27 70000]
R1 klhk;Kaspersky Lab service driver; C:\Windows\system32\DRIVERS\klhk.sys [2016-05-26 237480]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2016-05-26 943536]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2016-05-26 49240]
R1 klpd;Kaspersky Lab format recognizer driver; C:\Windows\system32\DRIVERS\klpd.sys [2015-12-06 41352]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2015-06-11 65208]
R1 Klwtp;Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [2015-06-16 103096]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2015-06-23 187056]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2015-07-06 231376]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 kldisk;kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [2016-03-16 77728]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2014-05-07 11576]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\system32\DRIVERS\Apfiltr.sys [2015-10-05 610048]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2015-06-12 80384]
R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2015-10-13 141800]
R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2015-10-16 1545704]
R3 cvusbdrv;Dell ControlVault; C:\Windows\System32\Drivers\cvusbdrv.sys [2014-10-15 61664]
R3 dptf_acpi;dptf_acpi; C:\Windows\system32\DRIVERS\dptf_acpi.sys [2015-10-30 55784]
R3 dptf_cpu;dptf_cpu; C:\Windows\system32\DRIVERS\dptf_cpu.sys [2015-10-30 52200]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D; C:\Windows\system32\DRIVERS\e1d62x64.sys [2015-08-05 501216]
R3 esif_lf;esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [2015-10-30 260072]
R3 ibtusb;Intel(R) Wireless Bluetooth(R); C:\Windows\system32\DRIVERS\ibtusb.sys [2016-02-20 306448]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2016-03-02 7904232]
R3 ikbevent;Intel Upper keyboard Class Filter Driver; C:\Windows\system32\DRIVERS\ikbevent.sys [2015-07-13 22216]
R3 imsevent;Intel Upper Mouse Class Filter Driver; C:\Windows\system32\DRIVERS\imsevent.sys [2015-07-13 22728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTDVHD64.sys [2014-12-11 2640728]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-11-04 387344]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-11-04 797456]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2014-10-17 27000]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-12-06 181640]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2015-06-06 41144]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2015-06-07 41648]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-11-10 129312]
R3 NETwNs64;___ Intel(R) Wireless Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\Netwsw02.sys [2014-11-17 3425768]
R3 O2FJ2RDR;O2FJ2RDR; C:\Windows\system32\DRIVERS\O2FJ2w7x64.sys [2014-05-14 210592]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service; C:\Windows\system32\DRIVERS\ST_Accel.sys [2014-04-21 75952]
R3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2015-12-30 27136]
R3 usb3Hub;UoIP Hub; C:\Windows\system32\DRIVERS\usb3Hub.sys [2014-10-15 213296]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 AntiLog32;AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys []
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [2016-03-04 127456]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2015-06-12 552960]
S3 btmaudio;Intel Bluetooth Audio Service; C:\Windows\system32\drivers\btmaud.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 INETMON;INETMON; \??\C:\Windows\System32\Drivers\INETMON.sys [2014-05-27 25800]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2014-10-17 38264]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-12-08 481032]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver; C:\Windows\system32\DRIVERS\ISCTD.sys [2014-05-27 44744]
S3 keycrypt;keycrypt; C:\Windows\system32\DRIVERS\KeyCrypt64.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2015-01-16 23040]
S3 netvsc;netvsc; C:\Windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RT-USB;Ross-Tech USB driver; C:\Windows\system32\drivers\RT-USB64.SYS [2010-06-16 70984]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 SynthVid;SynthVid; C:\Windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
S3 Tpm;TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2015-07-13 54784]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2015-06-12 42496]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-06-29 81088]
R2 ApHidMonitorService;Alps HID Monitor Service; C:\Program Files\DellTPad\HidMonitorSvc.exe [2015-09-25 96000]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-03-02 83768]
R2 AVP16.0.0;Služba Kaspersky Anti-Virus 16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [2015-12-06 194000]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2015-10-15 1198120]
R2 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2015-10-28 1722408]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2015-10-15 1161256]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service; c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2014-10-15 1044872]
R2 Credential Vault Host Storage;Credential Vault Host Storage; c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2014-10-15 38792]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Dell Foundation Services;Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [2016-01-15 119656]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 esifsvc;ESIF Upper Framework Service; C:\Windows\SysWOW64\esif_uf.exe [2015-10-30 1392792]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-06-25 16232]
R2 iBtSiva;Intel Bluetooth Service; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [2016-02-27 171640]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2016-03-02 365032]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2014-04-23 260360]
R2 IntelUSBoverIP;IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [2014-10-15 394184]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-11-10 158496]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2014-11-10 409376]
R2 O2FLASH;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [2014-03-07 65536]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-08-19 291032]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2016-03-19 651576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-06 134512]
S2 DellDigitalDelivery;Dell Digital Delivery Service; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2015-03-16 237448]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03 107848]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2015-07-13 209712]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2016-03-02 292832]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-06 134512]
S3 dcpm-notify;Dell Command | Power Manager Notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [2015-06-10 85216]
S3 Dell.CommandPowerManager.Service;Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe [2009-07-14 9728]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03 107848]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-04-23 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-05-13 887256]
S3 iumsvc;Intel(R) Update Manager; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25 178312]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 vssbrigde64;vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [2015-07-09 144640]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

Re: prosim o pomoc a kontrolu logu

Napsal: 03 čer 2016 21:24
od Rudy
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:services
Bonjour Service

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Re: prosim o pomoc a kontrolu logu

Napsal: 04 čer 2016 09:58
od domd2u
vse hotovo a tady log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by admin at 2016-06-04 10:55:38
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 33 GB (14%) free of 232 GB
Total RAM: 16272 MB (87% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:55:40 AM, on 6/4/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat_sl.exe
C:\Program Files\trend micro\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\DellTPad\HidMonitorSvc.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Služba Kaspersky Anti-Virus 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dell Command | Power Manager Notify (dcpm-notify) - Dell Inc. - C:\Program Files\Dell\CommandPowerManager\NotifyService.exe
O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\Windows\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: IntelUSBoverIP - Intel - C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Waves Audio Services (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12724 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
winlogon.exe
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT
C:\Windows\system32\svchost.exe -k NetworkService
taskeng.exe {D2FA541F-668E-45EA-B4B1-089F420A6B72}
C:\Windows\System32\spoolsv.exe
"c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe"
"c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\DellTPad\HidMonitorSvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe" -r
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\esif_uf.exe
"C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe"
C:\Windows\system32\IProsetMonitor.exe
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe"
"c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-0d9d84be-f3ae-4d3d-ab53-71617b936645 -SystemEventPortName:HostProcess-4c431882-7f0a-413b-987a-40da6d8f2a52 -IoCancelEventPortName:HostProcess-3206b0ab-d96a-4e5c-9378-0bca4c8a0dd2 -NonStateChangingEventPortName:HostProcess-a6e66a2f-97d7-42c4-bf4a-8114d75a822a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e3535dd4-b577-4df6-a87e-bbb49b7c3cbe -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4b78bb7d-2d39-486d-8c78-1a17fb2de428 -SystemEventPortName:HostProcess-dec4fcda-0ab9-42bd-8639-740258714724 -IoCancelEventPortName:HostProcess-3f1817ce-a7b1-48cc-9812-8f72d778eda1 -NonStateChangingEventPortName:HostProcess-1979e0b4-3b61-46ba-8925-cf9402494757 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e7e208b1-65fc-404f-b8e7-6060018aa301 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k bthsvcs
"taskhost.exe"
"C:\Program Files\DellTPad\Apoint.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe" -hidden
"C:\Windows\TEMP\DPTF\esif_assist_64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DELLGRM
taskeng.exe {DF1A450F-5105-4BFA-AFFE-C7ECCC4093E0}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Windows\system32\Dwm.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe"
"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files\DellTPad\HidFind.exe"
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe "1820987110-9889197961423241947290384646-6392139011156708751075687361458713802
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe"
igfxEM.exe
igfxHK.exe
igfxTray.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\sppsvc.exe
taskeng.exe {58744F90-7236-4C5D-94B6-F316583E8937}
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\06042016_105221.log
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" /s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6
"C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
"C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat_sl.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\admin\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.holkynajisto.cz/"
prefs.js - "extensions.enabledItems" - "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35, en-GB@dictionaries.addons.mozilla.org:1.19.1, cs@dictionaries.addons.mozilla.org:1.0.2, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, firebug@software.joehewitt.com:1.6.2, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5, {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1, headings@niquelheadings.net:1.05.7, {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {8061ddcf-3632-4287-8d8a-133e219ae838}:0.9.7, {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7, {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1, {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2, bkmrksync@nokia.com:1.0.0.736, {25A1388B-6B18-46c3-BEBA-A81915D0DE8F}:1.7.4, rankchecker@seobook.com:1.8, ro-RO@www.archeus.ro:1.11, {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3, {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1, {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36, seo4firefox@seobook.com:3.3.8, seo@profesional:1.1.1, {ea614400-e918-4741-9a97-7a972ff7c30b}:2.1.14, {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19, sqlime@security.compass:0.4.5, {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1, {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5, en-US@dictionaries.addons.mozilla.org:5.0.1, {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3, {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9, firegestures@xuldev.org:1.6.2, xmlfiller@software602.cz:3.16.1, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2, 2020Player@2020Technologies.com:4.5.4.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\extensions\
support@lastpass.com
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hz1950h2.default\searchplugins\
firmycz.xml
jyxo.xml
jyxocz.xml
majestic-seo.xml
mapycz.xml
s-amazon.xml
wikipedia-cs.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29 163720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}]
Kaspersky Protection plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-06 800216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29 163720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01 629256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29 141192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}]
Kaspersky Protection plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-06 584664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29 141192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29 163720]
{3507FA00-ADA2-4A02-99B9-51AD26CA9120} - Kaspersky Protection toolbar - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-06 800216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29 141192]
{3507FA00-ADA2-4A02-99B9-51AD26CA9120} - Kaspersky Protection toolbar - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-06 584664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2015-05-29 736552]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-12-09 7666392]
"RtHDVBg_MAXX6"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-05 1391472]
"WavesSvc"=C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [2014-10-03 606296]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2014-06-25 36352]
"ISCT Tray"=C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2015-07-13 5860656]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-03-09 462712]
"Eraser"=C:\Program Files\Eraser\Eraser.exe [2015-09-03 1074088]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2016-03-19 176952]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [2015-12-07 7823336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-05-13 8721624]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2015-06-29 3498728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTibMounterMonitor]
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-29 1022152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger]
C:\Program Files (x86)\AntiLogger\AntiLogger.exe /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2016-03-19 176952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-09-04 55349888]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-11-04 296208]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2014-11-10 136992]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-29 1022152]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2015-06-29 3498728]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2016-05-31 23972712]

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=60
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - "C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2016-06-04 10:52:21 ----D---- C:\_OTM
2016-06-03 19:11:30 ----D---- C:\AdwCleaner
2016-06-02 16:54:13 ----A---- C:\Windows\system32\FNTCACHE.DAT
2016-05-31 16:24:44 ----SHD---- C:\$RECYCLE.BIN
2016-05-31 16:24:40 ----A---- C:\ComboFix.txt
2016-05-28 13:33:43 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-05-28 13:33:43 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-05-28 13:33:43 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-05-28 13:33:43 ----A---- C:\Windows\system32\iernonce.dll
2016-05-28 13:33:43 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-05-28 13:33:43 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-05-28 13:33:42 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-05-28 13:33:42 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-28 13:33:42 ----A---- C:\Windows\system32\inseng.dll
2016-05-28 13:33:42 ----A---- C:\Windows\system32\ie4uinit.exe
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-05-28 13:33:41 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\urlmon.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\occache.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-28 13:33:41 ----A---- C:\Windows\system32\msfeeds.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\iedkcs32.dll
2016-05-28 13:33:41 ----A---- C:\Windows\system32\dxtrans.dll
2016-05-28 13:33:40 ----A---- C:\Windows\system32\iesetup.dll
2016-05-28 13:33:40 ----A---- C:\Windows\system32\iertutil.dll
2016-05-28 13:33:40 ----A---- C:\Windows\system32\ieapfltr.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-05-28 13:33:39 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-05-28 13:33:39 ----A---- C:\Windows\system32\vbscript.dll
2016-05-28 13:33:39 ----A---- C:\Windows\system32\jsproxy.dll
2016-05-28 13:33:39 ----A---- C:\Windows\system32\ieui.dll
2016-05-28 13:33:39 ----A---- C:\Windows\system32\ieframe.dll
2016-05-28 13:33:39 ----A---- C:\Windows\system32\dxtmsft.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\wininet.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\webcheck.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\mshtmled.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\jscript9diag.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\jscript9.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\jscript.dll
2016-05-28 13:33:38 ----A---- C:\Windows\system32\ieUnatt.exe
2016-05-28 13:33:37 ----A---- C:\Windows\system32\msrating.dll
2016-05-28 13:33:37 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-05-28 13:33:37 ----A---- C:\Windows\system32\mshtml.dll
2016-05-28 13:32:54 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-05-28 13:32:54 ----A---- C:\Windows\system32\tzres.dll
2016-05-28 13:32:53 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2016-05-28 13:32:53 ----A---- C:\Windows\system32\d3d10level9.dll
2016-05-28 13:07:11 ----D---- C:\rsit
2016-05-28 13:07:11 ----D---- C:\Program Files\trend micro
2016-05-28 13:05:15 ----A---- C:\Windows\system32\win32k.sys
2016-05-28 13:05:14 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2016-05-28 13:05:14 ----A---- C:\Windows\system32\gdi32.dll
2016-05-28 13:05:14 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2016-05-28 13:05:14 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2016-05-28 13:05:14 ----A---- C:\Windows\system32\cdd.dll
2016-05-28 13:05:13 ----A---- C:\Windows\system32\jnwmon.dll
2016-05-28 13:04:43 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2016-05-28 13:04:43 ----A---- C:\Windows\system32\InkEd.dll
2016-05-28 13:04:42 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-05-28 13:04:42 ----A---- C:\Windows\system32\rpcrt4.dll
2016-05-28 13:04:42 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-05-28 13:04:42 ----A---- C:\Windows\system32\lsasrv.dll
2016-05-28 13:04:42 ----A---- C:\Windows\system32\kerberos.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-05-28 13:04:41 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\wow64win.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\winsrv.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\TSpkg.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\srcore.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\smss.exe
2016-05-28 13:04:41 ----A---- C:\Windows\system32\schannel.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\ntdll.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\msv1_0.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\KernelBase.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\kernel32.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-05-28 13:04:41 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-05-28 13:04:41 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-05-28 13:04:41 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-05-28 13:04:41 ----A---- C:\Windows\system32\certcli.dll
2016-05-28 13:04:41 ----A---- C:\Windows\system32\advapi32.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-28 13:04:40 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-05-28 13:04:40 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\wow64cpu.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\wow64.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\wdigest.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\sspisrv.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\sspicli.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\srclient.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\secur32.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\rstrui.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\rpchttp.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\ntvdm64.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\ncrypt.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\lsass.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-05-28 13:04:40 ----A---- C:\Windows\system32\drivers\appid.sys
2016-05-28 13:04:40 ----A---- C:\Windows\system32\csrsrv.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\cryptbase.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\credssp.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\conhost.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\auditpol.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\appidsvc.dll
2016-05-28 13:04:40 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-05-28 13:04:40 ----A---- C:\Windows\system32\appidapi.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-28 13:04:39 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\user.exe
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-05-28 13:04:39 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-05-28 13:04:39 ----A---- C:\Windows\system32\msobjs.dll
2016-05-28 13:04:39 ----A---- C:\Windows\system32\msaudite.dll
2016-05-28 13:04:39 ----A---- C:\Windows\system32\apisetschema.dll
2016-05-28 13:04:39 ----A---- C:\Windows\system32\adtschema.dll
2016-05-28 12:46:35 ----A---- C:\Windows\zip.exe
2016-05-28 12:46:35 ----A---- C:\Windows\SWSC.exe
2016-05-28 12:46:35 ----A---- C:\Windows\SWREG.exe
2016-05-28 12:46:35 ----A---- C:\Windows\sed.exe
2016-05-28 12:46:35 ----A---- C:\Windows\PEV.exe
2016-05-28 12:46:35 ----A---- C:\Windows\NIRCMD.exe
2016-05-28 12:46:35 ----A---- C:\Windows\MBR.exe
2016-05-28 12:46:35 ----A---- C:\Windows\grep.exe
2016-05-28 12:46:30 ----D---- C:\Qoobox
2016-05-28 12:46:20 ----D---- C:\Windows\erdnt
2016-05-28 12:45:53 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2016-05-28 12:45:53 ----A---- C:\Windows\system32\WindowsCodecs.dll

======List of files/folders modified in the last 1 month======

2016-06-04 10:55:40 ----D---- C:\Windows\Temp
2016-06-04 10:54:20 ----D---- C:\Windows\system32\config
2016-06-04 10:54:17 ----D---- C:\Windows\System32
2016-06-04 10:54:17 ----D---- C:\ProgramData\Kaspersky Lab
2016-06-04 10:54:17 ----A---- C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-04 10:54:13 ----SHD---- C:\System Volume Information
2016-06-04 10:52:30 ----D---- C:\Windows\Tasks
2016-06-04 10:42:44 ----D---- C:\Users\admin\AppData\Roaming\qBittorrent
2016-06-03 21:48:52 ----D---- C:\Users\admin\AppData\Roaming\vlc
2016-06-03 21:39:16 ----D---- C:\Windows\inf
2016-06-03 21:39:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-06-03 19:14:43 ----D---- C:\Program Files (x86)\Dropbox
2016-06-03 19:12:48 ----RD---- C:\Program Files (x86)
2016-06-03 19:12:45 ----D---- C:\ProgramData
2016-06-03 17:57:41 ----D---- C:\Windows\system32\NDF
2016-06-02 17:02:27 ----D---- C:\Windows\system32\Tasks
2016-06-02 17:02:27 ----D---- C:\Program Files (x86)\Opera
2016-06-02 16:54:18 ----D---- C:\Windows
2016-06-02 12:00:00 ----D---- C:\Windows\system32\LogFiles
2016-06-02 10:51:59 ----D---- C:\Windows\SysWOW64
2016-06-02 10:51:59 ----D---- C:\Windows\system32\drivers
2016-06-02 10:51:58 ----SHD---- C:\Windows\Installer
2016-06-02 10:51:57 ----D---- C:\Program Files (x86)\AntiLogger
2016-06-01 17:28:18 ----D---- C:\Windows\system32\DriverStore
2016-06-01 17:27:57 ----D---- C:\Program Files (x86)\Intel
2016-06-01 14:51:56 ----D---- C:\Windows\rescache
2016-06-01 10:45:43 ----D---- C:\Windows\system32\catroot
2016-05-31 16:23:07 ----A---- C:\Windows\system.ini
2016-05-31 16:23:02 ----D---- C:\Windows\system32\drivers\etc
2016-05-31 16:21:11 ----D---- C:\Windows\SYSWOW64\drivers
2016-05-31 16:21:11 ----D---- C:\Windows\AppPatch
2016-05-31 16:21:10 ----D---- C:\Program Files (x86)\Common Files
2016-05-31 10:43:48 ----D---- C:\Windows\debug
2016-05-31 08:31:15 ----D---- C:\Program Files\CCleaner
2016-05-30 15:04:50 ----D---- C:\Windows\Registration
2016-05-30 10:51:40 ----D---- C:\Windows\Microsoft.NET
2016-05-30 10:49:08 ----RSD---- C:\Windows\assembly
2016-05-29 13:39:51 ----D---- C:\Windows\winsxs
2016-05-28 13:45:11 ----D---- C:\Windows\SYSWOW64\en-US
2016-05-28 13:45:10 ----SD---- C:\Windows\SYSWOW64\GWX
2016-05-28 13:45:10 ----SD---- C:\Windows\system32\GWX
2016-05-28 13:45:10 ----D---- C:\Windows\SYSWOW64\sk-SK
2016-05-28 13:45:10 ----D---- C:\Windows\SYSWOW64\pl-PL
2016-05-28 13:45:10 ----D---- C:\Windows\SYSWOW64\hu-HU
2016-05-28 13:45:10 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-05-28 13:45:10 ----D---- C:\Windows\system32\sk-SK
2016-05-28 13:45:10 ----D---- C:\Windows\system32\pl-PL
2016-05-28 13:45:10 ----D---- C:\Windows\system32\hu-HU
2016-05-28 13:45:10 ----D---- C:\Windows\system32\en-US
2016-05-28 13:45:10 ----D---- C:\Windows\system32\cs-CZ
2016-05-28 13:45:10 ----D---- C:\Windows\system32\appraiser
2016-05-28 13:45:10 ----D---- C:\Windows\ehome
2016-05-28 13:45:10 ----D---- C:\Program Files\Windows Journal
2016-05-28 13:45:10 ----D---- C:\Program Files\Internet Explorer
2016-05-28 13:45:10 ----D---- C:\Program Files (x86)\Internet Explorer
2016-05-28 13:45:09 ----D---- C:\Windows\system32\Boot
2016-05-28 13:39:23 ----D---- C:\Windows\system32\MRT
2016-05-28 13:34:50 ----A---- C:\Windows\system32\MRT.exe
2016-05-28 13:32:44 ----D---- C:\Windows\system32\catroot2
2016-05-28 13:07:11 ----RD---- C:\Program Files
2016-05-24 21:08:21 ----RSD---- C:\Windows\Fonts
2016-05-12 21:59:42 ----HD---- C:\GrandeDevice
2016-05-10 09:05:48 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak); C:\Windows\system32\DRIVERS\cm_km.sys [2015-07-06 389816]
R0 iaStorA;iaStorA; C:\Windows\system32\drivers\iaStorA.sys [2014-06-07 670056]
R0 iaStorF;iaStorF; C:\Windows\system32\drivers\iaStorF.sys [2014-06-07 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-11-04 22800]
R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2015-06-22 478392]
R0 klbackupdisk;Kaspersky Lab klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [2015-06-06 53432]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 klbackupflt;Kaspersky Lab klbackupflt; C:\Windows\system32\DRIVERS\klbackupflt.sys [2015-06-27 70000]
R1 klhk;Kaspersky Lab service driver; C:\Windows\system32\DRIVERS\klhk.sys [2016-05-26 237480]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2016-05-26 943536]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2016-05-26 49240]
R1 klpd;Kaspersky Lab format recognizer driver; C:\Windows\system32\DRIVERS\klpd.sys [2015-12-06 41352]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2015-06-11 65208]
R1 Klwtp;Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [2015-06-16 103096]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2015-06-23 187056]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2015-07-06 231376]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 kldisk;kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [2016-03-16 77728]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2014-05-07 11576]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\system32\DRIVERS\Apfiltr.sys [2015-10-05 610048]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2015-06-12 80384]
R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2015-10-13 141800]
R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2015-10-16 1545704]
R3 cvusbdrv;Dell ControlVault; C:\Windows\System32\Drivers\cvusbdrv.sys [2014-10-15 61664]
R3 dptf_acpi;dptf_acpi; C:\Windows\system32\DRIVERS\dptf_acpi.sys [2015-10-30 55784]
R3 dptf_cpu;dptf_cpu; C:\Windows\system32\DRIVERS\dptf_cpu.sys [2015-10-30 52200]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D; C:\Windows\system32\DRIVERS\e1d62x64.sys [2015-08-05 501216]
R3 esif_lf;esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [2015-10-30 260072]
R3 ibtusb;Intel(R) Wireless Bluetooth(R); C:\Windows\system32\DRIVERS\ibtusb.sys [2016-02-20 306448]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2016-03-02 7904232]
R3 ikbevent;Intel Upper keyboard Class Filter Driver; C:\Windows\system32\DRIVERS\ikbevent.sys [2015-07-13 22216]
R3 imsevent;Intel Upper Mouse Class Filter Driver; C:\Windows\system32\DRIVERS\imsevent.sys [2015-07-13 22728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTDVHD64.sys [2014-12-11 2640728]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-11-04 387344]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-11-04 797456]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2014-10-17 27000]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-12-06 181640]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2015-06-06 41144]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2015-06-07 41648]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-11-10 129312]
R3 NAL;Nal Service ; \??\C:\Windows\system32\Drivers\iqvw64e.sys [2014-02-26 34568]
R3 NETwNs64;___ Intel(R) Wireless Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\Netwsw02.sys [2014-11-17 3425768]
R3 O2FJ2RDR;O2FJ2RDR; C:\Windows\system32\DRIVERS\O2FJ2w7x64.sys [2014-05-14 210592]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service; C:\Windows\system32\DRIVERS\ST_Accel.sys [2014-04-21 75952]
R3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2015-12-30 27136]
R3 usb3Hub;UoIP Hub; C:\Windows\system32\DRIVERS\usb3Hub.sys [2014-10-15 213296]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 AntiLog32;AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys []
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [2016-03-04 127456]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2015-06-12 552960]
S3 btmaudio;Intel Bluetooth Audio Service; C:\Windows\system32\drivers\btmaud.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 INETMON;INETMON; \??\C:\Windows\System32\Drivers\INETMON.sys [2014-05-27 25800]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2014-10-17 38264]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-12-08 481032]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver; C:\Windows\system32\DRIVERS\ISCTD.sys [2014-05-27 44744]
S3 keycrypt;keycrypt; C:\Windows\system32\DRIVERS\KeyCrypt64.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2015-01-16 23040]
S3 netvsc;netvsc; C:\Windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RT-USB;Ross-Tech USB driver; C:\Windows\system32\drivers\RT-USB64.SYS [2010-06-16 70984]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 SynthVid;SynthVid; C:\Windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
S3 Tpm;TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2015-07-13 54784]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2015-06-12 42496]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-06-29 81088]
R2 ApHidMonitorService;Alps HID Monitor Service; C:\Program Files\DellTPad\HidMonitorSvc.exe [2015-09-25 96000]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-03-02 83768]
R2 AVP16.0.0;Služba Kaspersky Anti-Virus 16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [2015-12-06 194000]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2015-10-15 1198120]
R2 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2015-10-28 1722408]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2015-10-15 1161256]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service; c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2014-10-15 1044872]
R2 Credential Vault Host Storage;Credential Vault Host Storage; c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2014-10-15 38792]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 esifsvc;ESIF Upper Framework Service; C:\Windows\SysWOW64\esif_uf.exe [2015-10-30 1392792]
R2 iBtSiva;Intel Bluetooth Service; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [2016-02-27 171640]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2016-03-02 365032]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2014-04-23 260360]
R2 IntelUSBoverIP;IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [2014-10-15 394184]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-08-19 291032]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2016-03-19 651576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-06 134512]
S2 Dell Foundation Services;Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [2016-01-15 119656]
S2 DellDigitalDelivery;Dell Digital Delivery Service; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2015-03-16 237448]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03 107848]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-06-25 16232]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2015-07-13 209712]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-11-10 158496]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2014-11-10 409376]
S2 O2FLASH;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [2014-03-07 65536]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2016-03-02 292832]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-06 134512]
S3 dcpm-notify;Dell Command | Power Manager Notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [2015-06-10 85216]
S3 Dell.CommandPowerManager.Service;Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe [2009-07-14 9728]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03 107848]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-04-23 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-05-13 887256]
S3 iumsvc;Intel(R) Update Manager; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25 178312]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 vssbrigde64;vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [2015-07-09 144640]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

Re: prosim o pomoc a kontrolu logu

Napsal: 04 čer 2016 10:29
od Rudy
Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz