Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
USB KLUC - location: cmd (C:\Windows\System32) ????
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
USB KLUC - location: cmd (C:\Windows\System32) ????
Zdravím, mám win 7 Prof. , vložený usb kľúč hlási nasledovné : Nový zväzok /K/ ten otvorím zobrazia sa mi ikony, ale každá jedna ikona mi zobrazuje umiestnenie súboru :
Umiestnenie : cmd (C:/Windows/system32 . Ked súbor vymažem, tak sa opäť vráti.
Robí to pri FAT32. aj pri NTFS. Ked pripojím hard disk , tak všetko zobrazuje správne. Neviem si poradiť , kde je chyba. Ked som spustil AdwCleaner, tak mi nasiel 81 hrozieb ! Dal som to vycistit a pocitac sa vypol / akoby restartoval/ po spusteni nahlásil , ze doslo k neocakavanemu ukonceniu, znova som spustil Adwcleaner a zase 81 hrozieb.
Dakujem za každú radu !
Umiestnenie : cmd (C:/Windows/system32 . Ked súbor vymažem, tak sa opäť vráti.
Robí to pri FAT32. aj pri NTFS. Ked pripojím hard disk , tak všetko zobrazuje správne. Neviem si poradiť , kde je chyba. Ked som spustil AdwCleaner, tak mi nasiel 81 hrozieb ! Dal som to vycistit a pocitac sa vypol / akoby restartoval/ po spusteni nahlásil , ze doslo k neocakavanemu ukonceniu, znova som spustil Adwcleaner a zase 81 hrozieb.
Dakujem za každú radu !
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
ahoj,
no ked sa to vracia aj po preformatovani kluca, tak musis mat zavireny PC
Vloz log FRST
no ked sa to vracia aj po preformatovani kluca, tak musis mat zavireny PC
Vloz log FRST
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2017
Ran by Kamil (administrator) on KAMIL-PC (26-05-2017 16:49:09)
Running from C:\Users\Kamil\Desktop
Loaded Profiles: Kamil (Available Profiles: Kamil)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Hagel Technologies Ltd) C:\Program Files\DU Meter\DUMeterSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Home Theater v4\pcee4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\Kamil\AppData\Local\Temp\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\Kamil\AppData\Roaming\skype.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Duality Software) C:\Program Files\DS Clock\dsclock.exe
(Hagel Technologies Ltd) C:\Program Files\DU Meter\DUMeter.exe
(© 2015 Microsoft Corporation) C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
() C:\Users\Kamil\AppData\Local\Temp\Chrome.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(svchost) C:\Users\Kamil\AppData\Roaming\svchost.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10807912 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [Dolby Home Theater v4] => C:\Program Files\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2131856 2016-07-14] (AimerSoft)
HKLM\...\Run: [334fc1ca84202a37bea9b0d5c44d7119] => C:\Users\Kamil\AppData\Local\Temp\Chrome.exe .. [305152 2017-03-29] () <===== ATTENTION
HKLM\...\Run: [windows] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\windows.vbs"
HKLM\...\Run: [b9bef0b2c7e7a3d4ec4ebdd0dac24a5e] => C:\Users\Kamil\AppData\Local\Temp\taskmgr.exe .. [269824 2017-03-23] () <===== ATTENTION
HKLM\...\Run: [tmpB731] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
HKLM\...\Run: [Microsoft Office] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs" <===== ATTENTION
HKLM\...\Run: [javaupdate] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs" <===== ATTENTION
HKLM\...\Run: [380efc0a6172e4bd4d84b88e6c8fe787] => C:\Users\Kamil\AppData\Roaming\svchost.exe .. [640000 2017-03-29] (svchost)
HKLM\...\Run: [Launch_Manager] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\Launch_Manager.vbs"
HKLM\...\Run: [tmp9F3E] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs" <===== ATTENTION
HKLM\...\Run: [tmpBE24] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs" <===== ATTENTION
HKLM\...\Run: [8424898cc4c927994d288319a361b825] => C:\Users\Kamil\AppData\Roaming\skype.exe .. [302080 2017-04-20] ()
HKLM\...\Run: [tmp897A] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp897A.tmp.vbs"
HKLM\...\Run: [tmp8BF9] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp8BF9.tmp.vbs"
HKLM\...\Run: [tmp453B] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.sk/sk.special-uninstallation-fe ... sxLVRSTTMy (the data entry has 68 more characters).
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [DS Clock] => C:\Program Files\DS Clock\dsclock.exe [323584 2003-06-06] (Duality Software)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [DU Meter] => C:\Program Files\DU Meter\DUMeter.exe [2585360 2007-11-13] (Hagel Technologies Ltd)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [BingSvc] => C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Nektra OEAPI] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [OEXPRESS] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [334fc1ca84202a37bea9b0d5c44d7119] => C:\Users\Kamil\AppData\Local\Temp\Chrome.exe .. [305152 2017-03-29] () <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [windows] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\windows.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [b9bef0b2c7e7a3d4ec4ebdd0dac24a5e] => C:\Users\Kamil\AppData\Local\Temp\taskmgr.exe .. [269824 2017-03-23] () <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmpB731] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Microsoft Office] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [javaupdate] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [380efc0a6172e4bd4d84b88e6c8fe787] => C:\Users\Kamil\AppData\Roaming\svchost.exe .. [640000 2017-03-29] (svchost)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Launch_Manager] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\Launch_Manager.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp9F3E] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmpBE24] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [8424898cc4c927994d288319a361b825] => C:\Users\Kamil\AppData\Roaming\skype.exe .. [302080 2017-04-20] ()
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp897A] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp897A.tmp.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp8BF9] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp8BF9.tmp.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp453B] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\CurrentVersion\Windows: [Load] C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {1ef66738-8982-11e1-b4f6-50e549c82b33} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {20d18bee-8afd-11e1-bee2-50e549c82b33} - H:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {20d18bf5-8afd-11e1-bee2-50e549c82b33} - H:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {4c21ac2d-8bc9-11e1-a4e2-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {4c21ac47-8bc9-11e1-a4e2-50e549c82b33} - F:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {e33bde52-a7dd-11e1-8e2a-50e549c82b33} - I:\NokiaPCIA_Autorun.exe
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\334fc1ca84202a37bea9b0d5c44d7119.exe [2017-03-29] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\380efc0a6172e4bd4d84b88e6c8fe787.exe [2017-03-29] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9bef0b2c7e7a3d4ec4ebdd0dac24a5e.exe [2017-03-23] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch_Manager.vbs [2017-03-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp453B.tmp.vbs [2017-05-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp897A.tmp.vbs [2017-05-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp8BF9.tmp.vbs [2017-05-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp9F3E.tmp.vbs [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpB731.tmp.vbs [2017-03-17] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpBE24.tmp.vbs [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2017-01-14] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7CE69006-A9F5-4F2A-9FC9-BA743A4AF9ED}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D620EBB2-40AB-4CB4-B107-5F6BCF8B53C0}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3867848799-1210266518-3605795662-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3867848799-1210266518-3605795662-1000 -> {0A6D159E-F157-4191-8DB8-0CF6D57C157D} URL = hxxp://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2016-12-29] ()
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29] ()
Handler: WSKVAllmytubechrome - No CLSID Value -
FireFox:
========
FF DefaultProfile: ht3jbfth.default-1368257689736
FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 [2017-05-26]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> Google
FF Homepage: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> hxxp://www.google.sk/
FF Keyword.URL: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-02-02]
FF Extension: (YouTube mp3) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\info@youtube-mp3.org.xpi [2017-01-03]
FF Extension: (Translate This!) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2017-01-03]
FF Extension: (Google™ Translator) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2017-01-01]
FF Extension: (Translator Widget) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-Gz4hrxvpY3RFJw@jetpack.xpi [2017-02-20]
FF Extension: (S3.Google Translator) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\s3google@translator.xpi [2017-02-20]
FF Extension: (Google Translator for Firefox) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\translator@zoli.bod.xpi [2017-02-20]
FF Extension: (Walnut2 for Firefox) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{080955ad-b8bb-4500-806f-d2b9ad73d72e}.xpi [2017-03-29]
FF Extension: (Walnut for Firefox) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2017-01-05]
FF Extension: (Video DownloadHelper) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-24]
FF Extension: (Online Translator Toolbar) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}.xpi [2017-02-20]
FF Extension: (Flash and Video Download) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-03-01]
FF Extension: (Adblock Plus) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\searchplugins\bing-.xml [2016-12-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default [2017-05-26]
CHR Extension: (Internet Speed Test) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeghledigokaedmpimgnfplidhdhlchg [2017-04-24]
CHR Extension: (YouTube) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-18]
CHR Extension: (Adblock Plus) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-26]
CHR Extension: (Google Search) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-18]
CHR Extension: (Reklama blocker na Facebook ™) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgjckeibmdfndlflobjhddhmemajjld [2017-05-25]
CHR Extension: (uBlock Adblock Plus) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecnmmdccnkogcidionikojplkjfgie [2017-04-23]
CHR Extension: (AdBlock) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-24]
CHR Extension: (Zoom) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2017-03-27]
CHR Extension: (Skype) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-08]
CHR Extension: (Kontrola pošty Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-03-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Hover Zoom+) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2017-04-23]
CHR Extension: (Gmail) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]
CHR Extension: (Chrome Media Router) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-25]
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [72864 2011-03-01] (Atheros Commnucations) [File not signed]
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [1382672 2007-10-15] (Hagel Technologies Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [931896 2016-06-15] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2905656 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2018360 2016-06-15] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2012-04-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2017-03-28] (Advanced Micro Devices Inc.)
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-03-01] (Atheros)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [43680 2011-03-01] (Windows (R) Win 7 DDK provider)
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-03-01] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-01] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-03-01] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-03-01] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-03-01] (Atheros)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-03-28] (IVT Corporation.)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-01] (Atheros)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-18] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2017-03-28] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2017-03-28] (Etron Technology Inc)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-03-12] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2015-08-21] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27704 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [171072 2016-10-06] (Prolific Technology Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [685816 2012-04-19] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [22728 2017-03-07] (SlimWare Utilities, Inc.)
R1 VD_FileDisk; C:\Windows\system32\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation) [File not signed]
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [25632 2016-02-29] (Wondershare)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-26 16:49 - 2017-05-26 16:49 - 00030234 _____ C:\Users\Kamil\Desktop\FRST.txt
2017-05-26 16:48 - 2017-05-26 16:49 - 00000000 ____D C:\FRST
2017-05-26 16:47 - 2017-05-26 16:47 - 01770496 _____ (Farbar) C:\Users\Kamil\Desktop\FRST.exe
2017-05-26 06:01 - 2017-05-26 06:01 - 00248320 _____ C:\Windows\Minidump\052617-12214-01.dmp
2017-05-26 05:47 - 2017-05-26 05:47 - 00257008 _____ C:\Windows\Minidump\052617-13182-01.dmp
2017-05-26 05:30 - 2017-05-26 06:01 - 313762832 _____ C:\Windows\MEMORY.DMP
2017-05-26 05:30 - 2017-05-26 05:31 - 00276336 _____ C:\Windows\Minidump\052617-21481-01.dmp
2017-05-26 05:25 - 2017-05-26 05:58 - 00000000 ____D C:\AdwCleaner
2017-05-26 05:25 - 2017-05-26 05:25 - 04110280 _____ C:\Users\Kamil\Downloads\AdwCleaner.exe
2017-05-25 14:25 - 2017-05-25 14:25 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Google
2017-05-25 07:20 - 2017-05-25 07:21 - 03138176 _____ (ESET) C:\Users\Kamil\Downloads\eset_nod32_antivirus_live_installer(1).exe
2017-05-24 20:14 - 2017-05-24 20:15 - 03837542 _____ C:\Users\Kamil\Downloads\hc5450_80_pss_slksk.pdf
2017-05-24 20:14 - 2017-05-24 20:14 - 18970730 _____ C:\Users\Kamil\Downloads\hc5450_80_dfu_slk.pdf
2017-05-24 19:24 - 2017-05-24 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-24 19:24 - 2017-05-24 19:24 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-05-24 19:23 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-05-24 17:47 - 2017-05-24 17:47 - 00107528 _____ C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
2017-05-24 17:44 - 2017-05-24 17:44 - 00107581 _____ C:\Users\Kamil\AppData\Roaming\tmp8BF9.tmp.vbs
2017-05-24 17:44 - 2017-05-24 17:44 - 00107581 _____ C:\Users\Kamil\AppData\Roaming\tmp897A.tmp.vbs
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-26 16:49 - 2017-04-20 21:17 - 00009647 _____ C:\Users\Kamil\AppData\Roaming\skype.exe.tmp
2017-05-26 16:39 - 2016-12-05 17:12 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Skype
2017-05-26 16:39 - 2012-04-18 20:27 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA.job
2017-05-26 06:16 - 2017-04-25 14:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-05-26 06:09 - 2009-07-14 06:34 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-26 06:09 - 2009-07-14 06:34 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-26 06:06 - 2010-11-20 23:01 - 00008582 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-26 06:01 - 2013-06-07 21:14 - 00000000 ____D C:\Windows\Minidump
2017-05-26 06:01 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-25 18:39 - 2012-04-18 20:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core.job
2017-05-25 15:33 - 2012-09-14 13:01 - 00000775 _____ C:\Users\Public\Desktop\Jewel Quest III.lnk
2017-05-24 19:38 - 2016-06-26 06:21 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\vlc
2017-05-24 19:24 - 2016-12-28 17:06 - 00000000 ___RD C:\Program Files\Skype
2017-05-24 19:24 - 2016-12-25 20:55 - 00002701 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-24 19:24 - 2016-12-05 17:12 - 00000000 ____D C:\ProgramData\Skype
2017-05-24 19:22 - 2017-03-21 17:41 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-24 18:18 - 2012-07-19 16:59 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-05-24 18:18 - 2012-07-19 16:59 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-05-24 18:18 - 2012-07-19 16:59 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-24 17:43 - 2017-03-12 20:58 - 00000000 ____D C:\ProgramData\IObit
2017-05-24 17:38 - 2017-03-28 17:19 - 00002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-24 17:28 - 2017-03-29 05:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
==================== Files in the root of some directories =======
2017-03-24 16:41 - 2017-03-24 16:41 - 0640000 _____ (svchost) C:\Users\Kamil\AppData\Roaming\Adobe Flash.exe
2017-03-24 16:49 - 2017-03-24 16:49 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\Launch_Manager.vbs
2017-04-20 21:17 - 2017-04-20 21:17 - 0302080 _____ () C:\Users\Kamil\AppData\Roaming\skype.exe
2017-04-20 21:17 - 2017-05-26 16:49 - 0009647 _____ () C:\Users\Kamil\AppData\Roaming\skype.exe.tmp
2017-03-24 16:41 - 2017-03-29 05:30 - 0640000 _____ (svchost) C:\Users\Kamil\AppData\Roaming\svchost.exe
2017-05-24 17:47 - 2017-05-24 17:47 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
2017-05-24 17:44 - 2017-05-24 17:44 - 0107581 _____ () C:\Users\Kamil\AppData\Roaming\tmp897A.tmp.vbs
2017-05-24 17:44 - 2017-05-24 17:44 - 0107581 _____ () C:\Users\Kamil\AppData\Roaming\tmp8BF9.tmp.vbs
2017-03-17 16:53 - 2017-03-17 16:53 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs
2017-03-12 20:58 - 2017-01-14 16:00 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\windows.vbs
2015-10-27 19:05 - 2016-12-21 07:39 - 0057344 _____ () C:\Users\Kamil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-19 20:57 - 2015-06-19 20:57 - 0000986 _____ () C:\Users\Kamil\AppData\Local\recently-used.xbel
2016-07-22 17:35 - 2016-07-22 17:35 - 0000017 _____ () C:\Users\Kamil\AppData\Local\resmon.resmoncfg
2012-08-19 09:54 - 2012-08-19 09:55 - 0000202 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Users\Kamil\AppData\Local\Temp\Chrome.exe ..
C:\Users\Kamil\AppData\Local\Temp\taskmgr.exe ..
Some files in TEMP:
====================
2017-03-29 05:30 - 2017-03-29 05:30 - 0305152 _____ () C:\Users\Kamil\AppData\Local\Temp\Chrome.exe
2017-05-24 19:20 - 2017-05-24 19:22 - 58128344 _____ (Skype Technologies S.A.) C:\Users\Kamil\AppData\Local\Temp\SkypeSetup.exe
2017-03-17 16:29 - 2017-03-23 05:55 - 0269824 ____N () C:\Users\Kamil\AppData\Local\Temp\taskmgr.exe
2017-04-20 21:17 - 2017-04-20 21:17 - 0302080 _____ () C:\Users\Kamil\AppData\Local\Temp\tmpB99.tmp.exe
2017-05-24 19:22 - 2017-05-24 19:22 - 14456872 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-24 18:06
==================== End of FRST.txt ============================
Ran by Kamil (administrator) on KAMIL-PC (26-05-2017 16:49:09)
Running from C:\Users\Kamil\Desktop
Loaded Profiles: Kamil (Available Profiles: Kamil)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Hagel Technologies Ltd) C:\Program Files\DU Meter\DUMeterSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Home Theater v4\pcee4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\Kamil\AppData\Local\Temp\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\Kamil\AppData\Roaming\skype.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Duality Software) C:\Program Files\DS Clock\dsclock.exe
(Hagel Technologies Ltd) C:\Program Files\DU Meter\DUMeter.exe
(© 2015 Microsoft Corporation) C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
() C:\Users\Kamil\AppData\Local\Temp\Chrome.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(svchost) C:\Users\Kamil\AppData\Roaming\svchost.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10807912 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [Dolby Home Theater v4] => C:\Program Files\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2131856 2016-07-14] (AimerSoft)
HKLM\...\Run: [334fc1ca84202a37bea9b0d5c44d7119] => C:\Users\Kamil\AppData\Local\Temp\Chrome.exe .. [305152 2017-03-29] () <===== ATTENTION
HKLM\...\Run: [windows] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\windows.vbs"
HKLM\...\Run: [b9bef0b2c7e7a3d4ec4ebdd0dac24a5e] => C:\Users\Kamil\AppData\Local\Temp\taskmgr.exe .. [269824 2017-03-23] () <===== ATTENTION
HKLM\...\Run: [tmpB731] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
HKLM\...\Run: [Microsoft Office] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs" <===== ATTENTION
HKLM\...\Run: [javaupdate] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs" <===== ATTENTION
HKLM\...\Run: [380efc0a6172e4bd4d84b88e6c8fe787] => C:\Users\Kamil\AppData\Roaming\svchost.exe .. [640000 2017-03-29] (svchost)
HKLM\...\Run: [Launch_Manager] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\Launch_Manager.vbs"
HKLM\...\Run: [tmp9F3E] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs" <===== ATTENTION
HKLM\...\Run: [tmpBE24] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs" <===== ATTENTION
HKLM\...\Run: [8424898cc4c927994d288319a361b825] => C:\Users\Kamil\AppData\Roaming\skype.exe .. [302080 2017-04-20] ()
HKLM\...\Run: [tmp897A] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp897A.tmp.vbs"
HKLM\...\Run: [tmp8BF9] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp8BF9.tmp.vbs"
HKLM\...\Run: [tmp453B] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.sk/sk.special-uninstallation-fe ... sxLVRSTTMy (the data entry has 68 more characters).
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [DS Clock] => C:\Program Files\DS Clock\dsclock.exe [323584 2003-06-06] (Duality Software)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [DU Meter] => C:\Program Files\DU Meter\DUMeter.exe [2585360 2007-11-13] (Hagel Technologies Ltd)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [BingSvc] => C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Nektra OEAPI] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [OEXPRESS] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [334fc1ca84202a37bea9b0d5c44d7119] => C:\Users\Kamil\AppData\Local\Temp\Chrome.exe .. [305152 2017-03-29] () <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [windows] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\windows.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [b9bef0b2c7e7a3d4ec4ebdd0dac24a5e] => C:\Users\Kamil\AppData\Local\Temp\taskmgr.exe .. [269824 2017-03-23] () <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmpB731] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Microsoft Office] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [javaupdate] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [380efc0a6172e4bd4d84b88e6c8fe787] => C:\Users\Kamil\AppData\Roaming\svchost.exe .. [640000 2017-03-29] (svchost)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Launch_Manager] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\Launch_Manager.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp9F3E] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmpBE24] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [8424898cc4c927994d288319a361b825] => C:\Users\Kamil\AppData\Roaming\skype.exe .. [302080 2017-04-20] ()
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp897A] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp897A.tmp.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp8BF9] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp8BF9.tmp.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp453B] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\CurrentVersion\Windows: [Load] C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {1ef66738-8982-11e1-b4f6-50e549c82b33} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {20d18bee-8afd-11e1-bee2-50e549c82b33} - H:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {20d18bf5-8afd-11e1-bee2-50e549c82b33} - H:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {4c21ac2d-8bc9-11e1-a4e2-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {4c21ac47-8bc9-11e1-a4e2-50e549c82b33} - F:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {e33bde52-a7dd-11e1-8e2a-50e549c82b33} - I:\NokiaPCIA_Autorun.exe
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\334fc1ca84202a37bea9b0d5c44d7119.exe [2017-03-29] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\380efc0a6172e4bd4d84b88e6c8fe787.exe [2017-03-29] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9bef0b2c7e7a3d4ec4ebdd0dac24a5e.exe [2017-03-23] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch_Manager.vbs [2017-03-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp453B.tmp.vbs [2017-05-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp897A.tmp.vbs [2017-05-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp8BF9.tmp.vbs [2017-05-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp9F3E.tmp.vbs [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpB731.tmp.vbs [2017-03-17] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpBE24.tmp.vbs [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2017-01-14] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7CE69006-A9F5-4F2A-9FC9-BA743A4AF9ED}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D620EBB2-40AB-4CB4-B107-5F6BCF8B53C0}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3867848799-1210266518-3605795662-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3867848799-1210266518-3605795662-1000 -> {0A6D159E-F157-4191-8DB8-0CF6D57C157D} URL = hxxp://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2016-12-29] ()
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29] ()
Handler: WSKVAllmytubechrome - No CLSID Value -
FireFox:
========
FF DefaultProfile: ht3jbfth.default-1368257689736
FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 [2017-05-26]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> Google
FF Homepage: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> hxxp://www.google.sk/
FF Keyword.URL: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-02-02]
FF Extension: (YouTube mp3) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\info@youtube-mp3.org.xpi [2017-01-03]
FF Extension: (Translate This!) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2017-01-03]
FF Extension: (Google™ Translator) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2017-01-01]
FF Extension: (Translator Widget) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-Gz4hrxvpY3RFJw@jetpack.xpi [2017-02-20]
FF Extension: (S3.Google Translator) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\s3google@translator.xpi [2017-02-20]
FF Extension: (Google Translator for Firefox) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\translator@zoli.bod.xpi [2017-02-20]
FF Extension: (Walnut2 for Firefox) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{080955ad-b8bb-4500-806f-d2b9ad73d72e}.xpi [2017-03-29]
FF Extension: (Walnut for Firefox) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2017-01-05]
FF Extension: (Video DownloadHelper) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-24]
FF Extension: (Online Translator Toolbar) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}.xpi [2017-02-20]
FF Extension: (Flash and Video Download) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-03-01]
FF Extension: (Adblock Plus) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\searchplugins\bing-.xml [2016-12-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default [2017-05-26]
CHR Extension: (Internet Speed Test) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeghledigokaedmpimgnfplidhdhlchg [2017-04-24]
CHR Extension: (YouTube) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-18]
CHR Extension: (Adblock Plus) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-26]
CHR Extension: (Google Search) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-18]
CHR Extension: (Reklama blocker na Facebook ™) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgjckeibmdfndlflobjhddhmemajjld [2017-05-25]
CHR Extension: (uBlock Adblock Plus) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecnmmdccnkogcidionikojplkjfgie [2017-04-23]
CHR Extension: (AdBlock) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-24]
CHR Extension: (Zoom) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2017-03-27]
CHR Extension: (Skype) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-08]
CHR Extension: (Kontrola pošty Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-03-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Hover Zoom+) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2017-04-23]
CHR Extension: (Gmail) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]
CHR Extension: (Chrome Media Router) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-25]
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [72864 2011-03-01] (Atheros Commnucations) [File not signed]
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [1382672 2007-10-15] (Hagel Technologies Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [931896 2016-06-15] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2905656 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2018360 2016-06-15] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2012-04-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2017-03-28] (Advanced Micro Devices Inc.)
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-03-01] (Atheros)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [43680 2011-03-01] (Windows (R) Win 7 DDK provider)
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-03-01] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-01] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-03-01] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-03-01] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-03-01] (Atheros)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-03-28] (IVT Corporation.)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-01] (Atheros)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-18] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2017-03-28] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2017-03-28] (Etron Technology Inc)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-03-12] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2015-08-21] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27704 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [171072 2016-10-06] (Prolific Technology Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [685816 2012-04-19] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [22728 2017-03-07] (SlimWare Utilities, Inc.)
R1 VD_FileDisk; C:\Windows\system32\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation) [File not signed]
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [25632 2016-02-29] (Wondershare)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-26 16:49 - 2017-05-26 16:49 - 00030234 _____ C:\Users\Kamil\Desktop\FRST.txt
2017-05-26 16:48 - 2017-05-26 16:49 - 00000000 ____D C:\FRST
2017-05-26 16:47 - 2017-05-26 16:47 - 01770496 _____ (Farbar) C:\Users\Kamil\Desktop\FRST.exe
2017-05-26 06:01 - 2017-05-26 06:01 - 00248320 _____ C:\Windows\Minidump\052617-12214-01.dmp
2017-05-26 05:47 - 2017-05-26 05:47 - 00257008 _____ C:\Windows\Minidump\052617-13182-01.dmp
2017-05-26 05:30 - 2017-05-26 06:01 - 313762832 _____ C:\Windows\MEMORY.DMP
2017-05-26 05:30 - 2017-05-26 05:31 - 00276336 _____ C:\Windows\Minidump\052617-21481-01.dmp
2017-05-26 05:25 - 2017-05-26 05:58 - 00000000 ____D C:\AdwCleaner
2017-05-26 05:25 - 2017-05-26 05:25 - 04110280 _____ C:\Users\Kamil\Downloads\AdwCleaner.exe
2017-05-25 14:25 - 2017-05-25 14:25 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Google
2017-05-25 07:20 - 2017-05-25 07:21 - 03138176 _____ (ESET) C:\Users\Kamil\Downloads\eset_nod32_antivirus_live_installer(1).exe
2017-05-24 20:14 - 2017-05-24 20:15 - 03837542 _____ C:\Users\Kamil\Downloads\hc5450_80_pss_slksk.pdf
2017-05-24 20:14 - 2017-05-24 20:14 - 18970730 _____ C:\Users\Kamil\Downloads\hc5450_80_dfu_slk.pdf
2017-05-24 19:24 - 2017-05-24 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-24 19:24 - 2017-05-24 19:24 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-05-24 19:23 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-05-24 19:23 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-05-24 17:47 - 2017-05-24 17:47 - 00107528 _____ C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
2017-05-24 17:44 - 2017-05-24 17:44 - 00107581 _____ C:\Users\Kamil\AppData\Roaming\tmp8BF9.tmp.vbs
2017-05-24 17:44 - 2017-05-24 17:44 - 00107581 _____ C:\Users\Kamil\AppData\Roaming\tmp897A.tmp.vbs
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-26 16:49 - 2017-04-20 21:17 - 00009647 _____ C:\Users\Kamil\AppData\Roaming\skype.exe.tmp
2017-05-26 16:39 - 2016-12-05 17:12 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Skype
2017-05-26 16:39 - 2012-04-18 20:27 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA.job
2017-05-26 06:16 - 2017-04-25 14:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-05-26 06:09 - 2009-07-14 06:34 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-26 06:09 - 2009-07-14 06:34 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-26 06:06 - 2010-11-20 23:01 - 00008582 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-26 06:01 - 2013-06-07 21:14 - 00000000 ____D C:\Windows\Minidump
2017-05-26 06:01 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-25 18:39 - 2012-04-18 20:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core.job
2017-05-25 15:33 - 2012-09-14 13:01 - 00000775 _____ C:\Users\Public\Desktop\Jewel Quest III.lnk
2017-05-24 19:38 - 2016-06-26 06:21 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\vlc
2017-05-24 19:24 - 2016-12-28 17:06 - 00000000 ___RD C:\Program Files\Skype
2017-05-24 19:24 - 2016-12-25 20:55 - 00002701 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-24 19:24 - 2016-12-05 17:12 - 00000000 ____D C:\ProgramData\Skype
2017-05-24 19:22 - 2017-03-21 17:41 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-24 18:18 - 2012-07-19 16:59 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-05-24 18:18 - 2012-07-19 16:59 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-05-24 18:18 - 2012-07-19 16:59 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-24 17:43 - 2017-03-12 20:58 - 00000000 ____D C:\ProgramData\IObit
2017-05-24 17:38 - 2017-03-28 17:19 - 00002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-24 17:28 - 2017-03-29 05:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
==================== Files in the root of some directories =======
2017-03-24 16:41 - 2017-03-24 16:41 - 0640000 _____ (svchost) C:\Users\Kamil\AppData\Roaming\Adobe Flash.exe
2017-03-24 16:49 - 2017-03-24 16:49 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\Launch_Manager.vbs
2017-04-20 21:17 - 2017-04-20 21:17 - 0302080 _____ () C:\Users\Kamil\AppData\Roaming\skype.exe
2017-04-20 21:17 - 2017-05-26 16:49 - 0009647 _____ () C:\Users\Kamil\AppData\Roaming\skype.exe.tmp
2017-03-24 16:41 - 2017-03-29 05:30 - 0640000 _____ (svchost) C:\Users\Kamil\AppData\Roaming\svchost.exe
2017-05-24 17:47 - 2017-05-24 17:47 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
2017-05-24 17:44 - 2017-05-24 17:44 - 0107581 _____ () C:\Users\Kamil\AppData\Roaming\tmp897A.tmp.vbs
2017-05-24 17:44 - 2017-05-24 17:44 - 0107581 _____ () C:\Users\Kamil\AppData\Roaming\tmp8BF9.tmp.vbs
2017-03-17 16:53 - 2017-03-17 16:53 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs
2017-03-12 20:58 - 2017-01-14 16:00 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\windows.vbs
2015-10-27 19:05 - 2016-12-21 07:39 - 0057344 _____ () C:\Users\Kamil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-19 20:57 - 2015-06-19 20:57 - 0000986 _____ () C:\Users\Kamil\AppData\Local\recently-used.xbel
2016-07-22 17:35 - 2016-07-22 17:35 - 0000017 _____ () C:\Users\Kamil\AppData\Local\resmon.resmoncfg
2012-08-19 09:54 - 2012-08-19 09:55 - 0000202 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Users\Kamil\AppData\Local\Temp\Chrome.exe ..
C:\Users\Kamil\AppData\Local\Temp\taskmgr.exe ..
Some files in TEMP:
====================
2017-03-29 05:30 - 2017-03-29 05:30 - 0305152 _____ () C:\Users\Kamil\AppData\Local\Temp\Chrome.exe
2017-05-24 19:20 - 2017-05-24 19:22 - 58128344 _____ (Skype Technologies S.A.) C:\Users\Kamil\AppData\Local\Temp\SkypeSetup.exe
2017-03-17 16:29 - 2017-03-23 05:55 - 0269824 ____N () C:\Users\Kamil\AppData\Local\Temp\taskmgr.exe
2017-04-20 21:17 - 2017-04-20 21:17 - 0302080 _____ () C:\Users\Kamil\AppData\Local\Temp\tmpB99.tmp.exe
2017-05-24 19:22 - 2017-05-24 19:22 - 14456872 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-24 18:06
==================== End of FRST.txt ============================
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
Zdravím, niečo podobné : https://forum.avast.com/index.php?topic=138715.0
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
Je to zas***** az po strop
Vycisti PC s CureIT https://forum.viry.cz/viewtopic.php?f=29&t=151000
Vycisti PC s CureIT https://forum.viry.cz/viewtopic.php?f=29&t=151000
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
Zdravim, spustil som Curelt , nasiel 19 hrozieb, spustil som liecenie a zhodilo mi to komplet Windows, poptom naskocil a nasledovala hlaska, ze Win bol predcasne ukonceny ! To iste sa stalo aj ked som pouzil program AdwCleaner. Neviem ako dalej....
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
Skus zopakovat liecenie s CureIT zopakovat v nudzovom rezime PC
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
Spustil som to v nudzovom rezime, z 19 hrozieb sa mi podarilo vymazat 17, 2 hrozby vymazat nechcelo.
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
Zdravim, stiahol som Dr.Web , scan 81 hrozieb dal liecenie - vsetko ok. Dr.Web Curelt scan 0 hrozieb.
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
Super
Vycisti PC s CClenerom, vcetne registrov
Restart PC
Vycisti PC sAdwcleanerom, ak nepojde normal, tak v nudzovom
Doinstaluj MSIE11
Vloz log Frst, zajtra docistime
Vycisti PC s CClenerom, vcetne registrov
Restart PC
Vycisti PC sAdwcleanerom, ak nepojde normal, tak v nudzovom
Doinstaluj MSIE11
Vloz log Frst, zajtra docistime
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
Logfile of random's system information tool 1.10 (written by random/random)
Run by Kamil at 2017-05-29 09:04:16
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 49 GB (45%) free of 110 GB
Total RAM: 3069 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:05:11, on 29. 5. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwantispam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Dolby Home Theater v4\pcee4.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Program Files\DrWeb\spideragent.exe
C:\Program Files\DS Clock\dsclock.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe
C:\Program Files\DrWeb\tips.exe
C:\Windows\system32\taskeng.exe
C:\Users\Kamil\Desktop\RSIT.exe
C:\Program Files\trend micro\Kamil.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE4
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
O4 - HKLM\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs"
O4 - HKLM\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs"
O4 - HKLM\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs"
O4 - HKLM\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs"
O4 - HKLM\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
O4 - HKLM\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\spideragent.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.sk/sk.special-uninstalla ... =10.0.1432
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [BingSvc] C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
O4 - HKCU\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs"
O4 - HKCU\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs"
O4 - HKCU\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs"
O4 - HKCU\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs"
O4 - HKCU\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
O4 - HKCU\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 8424898cc4c927994d288319a361b825.exe
O4 - Startup: Launch_Manager.vbs
O4 - Startup: tmp453B.tmp.vbs
O4 - Startup: tmp9F3E.tmp.vbs
O4 - Startup: tmpB731.tmp.vbs
O4 - Startup: tmpBE24.tmp.vbs
O4 - Startup: windows.vbs
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: WSKVAllmytubechrome - (no CLSID) - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: Dr.Web Control Service (DrWebAVService) - Doctor Web, Ltd. - C:\Program Files\DrWeb\dwservice.exe
O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
O23 - Service: Dr.Web Net Filtering Service (DrWebNetFilter) - Doctor Web, Ltd. - C:\Program Files\DrWeb\dwnetfilter.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 10589 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core.job - C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA.job - C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=SK216DF&PC=SK216&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\extensions\
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\searchplugins\
bing-.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-03-01 60576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29 798771]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-08-09 10807912]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [2011-08-09 1571432]
"Dolby Home Theater v4"=C:\Program Files\Dolby Home Theater v4\pcee4.exe [2011-06-01 506712]
"NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15 2398776]
"ShadowPlay"=C:\Windows\system32\nvspcap.dll [2016-06-15 1377984]
"Aimersoft Helper Compact.exe"=C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2016-07-14 2131856]
"tmpB731"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs []
"Microsoft Office"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs []
"javaupdate"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs []
"tmp9F3E"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs []
"tmpBE24"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs []
"8424898cc4c927994d288319a361b825"=C:\Users\Kamil\AppData\Roaming\skype.exe [2017-04-20 302080]
"tmp453B"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs []
"SpIDerAgent"=C:\Program Files\DrWeb\spideragent.exe [2017-05-28 17992432]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.sk/sk.special-uninstalla ... =10.0.1432 []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DS Clock"=C:\Program Files\DS Clock\dsclock.exe [2003-06-06 323584]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]
""= []
"BingSvc"=C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05 144008]
"Nektra OEAPI"= []
"OEXPRESS"= []
"tmpB731"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs []
"Microsoft Office"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs []
"javaupdate"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs []
"tmp9F3E"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs []
"tmpBE24"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs []
"8424898cc4c927994d288319a361b825"=C:\Users\Kamil\AppData\Roaming\skype.exe [2017-04-20 302080]
"tmp453B"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2017-05-04 27716568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25 1162360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
C:\Program Files\Bluetooth Suite\AthBtTray.exe [2011-03-01 302240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
C:\Program Files\Bluetooth Suite\BtvStack.exe [2011-03-01 490656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe /c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2010-06-16 2736128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [2009-05-26 651264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-12-21 1090040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
8424898cc4c927994d288319a361b825.exe
Launch_Manager.vbs
tmp453B.tmp.vbs
tmp9F3E.tmp.vbs
tmpB731.tmp.vbs
tmpBE24.tmp.vbs
windows.vbs
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebEngine]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DrWebEngine]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"midi7"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-05-28 14:36:47 ----D---- C:\rsit
2017-05-28 14:36:47 ----D---- C:\Program Files\trend micro
2017-05-28 08:42:57 ----D---- C:\Program Files\Common Files\Skype
2017-05-28 07:17:43 ----HD---- C:\DrWeb Archive
2017-05-28 07:16:52 ----SHD---- C:\DrWeb Quarantine
2017-05-28 07:13:31 ----A---- C:\Windows\system32\drivers\dwsguard32.dll
2017-05-28 07:13:31 ----A---- C:\Windows\system32\drivers\dwprot.sys
2017-05-28 07:13:30 ----A---- C:\Windows\system32\drivers\dwdg.sys
2017-05-28 07:13:30 ----A---- C:\Windows\system32\drivers\dw_wfp.sys
2017-05-28 07:13:23 ----A---- C:\Windows\system32\drivers\spiderg3.sys
2017-05-28 07:12:49 ----D---- C:\Program Files\Common Files\AV
2017-05-28 07:12:48 ----D---- C:\Program Files\Common Files\Doctor Web
2017-05-28 07:12:21 ----D---- C:\Program Files\DrWeb
2017-05-28 07:09:47 ----D---- C:\ProgramData\Doctor Web
2017-05-27 09:42:55 ----A---- C:\Windows\system32\ucrtbase.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-05-27 09:42:28 ----A---- C:\Users\Kamil\AppData\Roaming\skype.exe.tmp
2017-05-26 19:26:45 ----D---- C:\ProgramData\ESET
2017-05-26 19:26:45 ----D---- C:\Program Files\ESET
2017-05-26 16:48:17 ----D---- C:\FRST
2017-05-26 05:25:19 ----D---- C:\AdwCleaner
2017-05-25 14:25:00 ----D---- C:\Users\Kamil\AppData\Roaming\Google
2017-05-24 17:47:09 ----A---- C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
======List of files/folders modified in the last 1 month======
2017-05-29 09:03:09 ----D---- C:\Windows\Prefetch
2017-05-29 08:57:32 ----D---- C:\Windows\Temp
2017-05-29 08:38:05 ----D---- C:\Users\Kamil\AppData\Roaming\Skype
2017-05-28 16:40:47 ----D---- C:\Windows\System32
2017-05-28 16:40:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-05-28 15:40:05 ----SHD---- C:\System Volume Information
2017-05-28 15:36:19 ----D---- C:\Windows\system32\config
2017-05-28 14:59:40 ----D---- C:\Windows\inf
2017-05-28 14:36:47 ----RD---- C:\Program Files
2017-05-28 14:26:18 ----HD---- C:\ProgramData
2017-05-28 14:26:18 ----D---- C:\Windows\system32\drivers
2017-05-28 14:17:37 ----D---- C:\Windows
2017-05-28 14:15:16 ----D---- C:\Windows\Minidump
2017-05-28 10:53:45 ----D---- C:\Users\Kamil\AppData\Roaming\vlc
2017-05-28 08:43:01 ----SHD---- C:\Windows\Installer
2017-05-28 08:43:01 ----D---- C:\ProgramData\Skype
2017-05-28 08:42:57 ----RD---- C:\Program Files\Skype
2017-05-28 08:42:57 ----D---- C:\Program Files\Common Files
2017-05-28 07:20:05 ----SD---- C:\ProgramData\Microsoft
2017-05-28 07:13:34 ----D---- C:\Windows\system32\Tasks
2017-05-27 10:35:59 ----D---- C:\Windows\Tasks
2017-05-27 10:35:59 ----D---- C:\Windows\system32\wfp
2017-05-27 10:35:59 ----D---- C:\Windows\system32\wbem
2017-05-27 10:35:59 ----D---- C:\Windows\system32\DriverStore
2017-05-27 10:35:59 ----D---- C:\Windows\system32\CodeIntegrity
2017-05-27 10:35:59 ----D---- C:\Windows\system32\catroot2
2017-05-27 10:35:59 ----D---- C:\Windows\AppCompat
2017-05-27 10:35:57 ----D---- C:\Program Files\TC UP
2017-05-27 10:35:36 ----D---- C:\Windows\registration
2017-05-27 10:33:48 ----D---- C:\Windows\system32\LogFiles
2017-05-27 10:33:12 ----D---- C:\Windows\winsxs
2017-05-27 09:43:00 ----D---- C:\Windows\system32\catroot
2017-05-24 19:22:36 ----D---- C:\ProgramData\Package Cache
2017-05-24 18:18:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-05-24 18:18:08 ----D---- C:\Windows\system32\Macromed
2017-05-24 17:43:35 ----D---- C:\ProgramData\IObit
2017-05-24 17:28:28 ----D---- C:\Program Files\Mozilla Maintenance Service
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 DwDevGuard;Dr.Web Device Guard; C:\Windows\system32\drivers\dwdg.sys [2017-05-28 166384]
R0 DwProt;DrWeb Protection; C:\Windows\system32\drivers\dwprot.sys [2017-05-28 403848]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 SpiderG3;DrWeb file system scanner; C:\Windows\system32\drivers\spiderg3.sys [2017-05-28 252120]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 DrWebWfp;DrWebWfp; C:\Windows\system32\drivers\dw_wfp.sys [2017-05-28 135816]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\system32\drivers\HWiNFO32.SYS [2017-03-12 23840]
R1 VD_FileDisk;VD_FileDisk; C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 npf;NetGroup Packet Filter Driver; \??\C:\Windows\system32\drivers\npf.sys [2015-08-21 36600]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-03-01 24736]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2017-03-28 51328]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2017-03-28 71552]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-08-12 3645160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2015-07-25 171352]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-15 27704]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2016-04-14 50744]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2017-03-28 783360]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2015-04-30 20256]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-04-19 685816]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-03-01 34976]
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [2011-03-01 43680]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys [2010-01-05 1500160]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-03-01 259232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 141088]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2017-03-28 47504]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-03-01 242336]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-02-28 92032]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-11-16 18560]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-11-16 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2012-11-16 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2012-11-16 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-10-17 19072]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 Ser2plx86;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2016-10-06 171072]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TrueSight;TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [2017-05-27 35064]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-11-16 8192]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-11-16 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-04-25 83056]
R2 AtherosSvc;AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [2011-03-01 72864]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DrWebAVService;Dr.Web Control Service; C:\Program Files\DrWeb\dwservice.exe [2017-05-28 11644832]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-06-15 931896]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-06-16 73728]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-06-15 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-06-15 2018360]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-07-23 671048]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-04-19 66872]
R3 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2017-05-28 2177488]
R3 DrWebNetFilter;Dr.Web Net Filtering Service; C:\Program Files\DrWeb\dwnetfilter.exe [2017-05-28 5085144]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-06-15 2905656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-28 153752]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2017-04-05 317400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-24 271864]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-07-09 46528]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-28 153752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-25 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-12-19 732648]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------
Run by Kamil at 2017-05-29 09:04:16
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 49 GB (45%) free of 110 GB
Total RAM: 3069 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:05:11, on 29. 5. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwantispam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Dolby Home Theater v4\pcee4.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Program Files\DrWeb\spideragent.exe
C:\Program Files\DS Clock\dsclock.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe
C:\Program Files\DrWeb\tips.exe
C:\Windows\system32\taskeng.exe
C:\Users\Kamil\Desktop\RSIT.exe
C:\Program Files\trend micro\Kamil.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE4
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
O4 - HKLM\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs"
O4 - HKLM\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs"
O4 - HKLM\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs"
O4 - HKLM\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs"
O4 - HKLM\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
O4 - HKLM\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\spideragent.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.sk/sk.special-uninstalla ... =10.0.1432
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [BingSvc] C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
O4 - HKCU\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs"
O4 - HKCU\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs"
O4 - HKCU\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs"
O4 - HKCU\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs"
O4 - HKCU\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
O4 - HKCU\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 8424898cc4c927994d288319a361b825.exe
O4 - Startup: Launch_Manager.vbs
O4 - Startup: tmp453B.tmp.vbs
O4 - Startup: tmp9F3E.tmp.vbs
O4 - Startup: tmpB731.tmp.vbs
O4 - Startup: tmpBE24.tmp.vbs
O4 - Startup: windows.vbs
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: WSKVAllmytubechrome - (no CLSID) - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: Dr.Web Control Service (DrWebAVService) - Doctor Web, Ltd. - C:\Program Files\DrWeb\dwservice.exe
O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
O23 - Service: Dr.Web Net Filtering Service (DrWebNetFilter) - Doctor Web, Ltd. - C:\Program Files\DrWeb\dwnetfilter.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 10589 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core.job - C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA.job - C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=SK216DF&PC=SK216&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\extensions\
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\searchplugins\
bing-.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-03-01 60576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29 798771]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-08-09 10807912]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [2011-08-09 1571432]
"Dolby Home Theater v4"=C:\Program Files\Dolby Home Theater v4\pcee4.exe [2011-06-01 506712]
"NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15 2398776]
"ShadowPlay"=C:\Windows\system32\nvspcap.dll [2016-06-15 1377984]
"Aimersoft Helper Compact.exe"=C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2016-07-14 2131856]
"tmpB731"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs []
"Microsoft Office"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs []
"javaupdate"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs []
"tmp9F3E"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs []
"tmpBE24"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs []
"8424898cc4c927994d288319a361b825"=C:\Users\Kamil\AppData\Roaming\skype.exe [2017-04-20 302080]
"tmp453B"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs []
"SpIDerAgent"=C:\Program Files\DrWeb\spideragent.exe [2017-05-28 17992432]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.sk/sk.special-uninstalla ... =10.0.1432 []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DS Clock"=C:\Program Files\DS Clock\dsclock.exe [2003-06-06 323584]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]
""= []
"BingSvc"=C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05 144008]
"Nektra OEAPI"= []
"OEXPRESS"= []
"tmpB731"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs []
"Microsoft Office"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs []
"javaupdate"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs []
"tmp9F3E"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs []
"tmpBE24"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs []
"8424898cc4c927994d288319a361b825"=C:\Users\Kamil\AppData\Roaming\skype.exe [2017-04-20 302080]
"tmp453B"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2017-05-04 27716568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25 1162360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
C:\Program Files\Bluetooth Suite\AthBtTray.exe [2011-03-01 302240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
C:\Program Files\Bluetooth Suite\BtvStack.exe [2011-03-01 490656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe /c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2010-06-16 2736128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [2009-05-26 651264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-12-21 1090040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
8424898cc4c927994d288319a361b825.exe
Launch_Manager.vbs
tmp453B.tmp.vbs
tmp9F3E.tmp.vbs
tmpB731.tmp.vbs
tmpBE24.tmp.vbs
windows.vbs
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebEngine]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DrWebEngine]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"midi7"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-05-28 14:36:47 ----D---- C:\rsit
2017-05-28 14:36:47 ----D---- C:\Program Files\trend micro
2017-05-28 08:42:57 ----D---- C:\Program Files\Common Files\Skype
2017-05-28 07:17:43 ----HD---- C:\DrWeb Archive
2017-05-28 07:16:52 ----SHD---- C:\DrWeb Quarantine
2017-05-28 07:13:31 ----A---- C:\Windows\system32\drivers\dwsguard32.dll
2017-05-28 07:13:31 ----A---- C:\Windows\system32\drivers\dwprot.sys
2017-05-28 07:13:30 ----A---- C:\Windows\system32\drivers\dwdg.sys
2017-05-28 07:13:30 ----A---- C:\Windows\system32\drivers\dw_wfp.sys
2017-05-28 07:13:23 ----A---- C:\Windows\system32\drivers\spiderg3.sys
2017-05-28 07:12:49 ----D---- C:\Program Files\Common Files\AV
2017-05-28 07:12:48 ----D---- C:\Program Files\Common Files\Doctor Web
2017-05-28 07:12:21 ----D---- C:\Program Files\DrWeb
2017-05-28 07:09:47 ----D---- C:\ProgramData\Doctor Web
2017-05-27 09:42:55 ----A---- C:\Windows\system32\ucrtbase.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-05-27 09:42:28 ----A---- C:\Users\Kamil\AppData\Roaming\skype.exe.tmp
2017-05-26 19:26:45 ----D---- C:\ProgramData\ESET
2017-05-26 19:26:45 ----D---- C:\Program Files\ESET
2017-05-26 16:48:17 ----D---- C:\FRST
2017-05-26 05:25:19 ----D---- C:\AdwCleaner
2017-05-25 14:25:00 ----D---- C:\Users\Kamil\AppData\Roaming\Google
2017-05-24 17:47:09 ----A---- C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
======List of files/folders modified in the last 1 month======
2017-05-29 09:03:09 ----D---- C:\Windows\Prefetch
2017-05-29 08:57:32 ----D---- C:\Windows\Temp
2017-05-29 08:38:05 ----D---- C:\Users\Kamil\AppData\Roaming\Skype
2017-05-28 16:40:47 ----D---- C:\Windows\System32
2017-05-28 16:40:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-05-28 15:40:05 ----SHD---- C:\System Volume Information
2017-05-28 15:36:19 ----D---- C:\Windows\system32\config
2017-05-28 14:59:40 ----D---- C:\Windows\inf
2017-05-28 14:36:47 ----RD---- C:\Program Files
2017-05-28 14:26:18 ----HD---- C:\ProgramData
2017-05-28 14:26:18 ----D---- C:\Windows\system32\drivers
2017-05-28 14:17:37 ----D---- C:\Windows
2017-05-28 14:15:16 ----D---- C:\Windows\Minidump
2017-05-28 10:53:45 ----D---- C:\Users\Kamil\AppData\Roaming\vlc
2017-05-28 08:43:01 ----SHD---- C:\Windows\Installer
2017-05-28 08:43:01 ----D---- C:\ProgramData\Skype
2017-05-28 08:42:57 ----RD---- C:\Program Files\Skype
2017-05-28 08:42:57 ----D---- C:\Program Files\Common Files
2017-05-28 07:20:05 ----SD---- C:\ProgramData\Microsoft
2017-05-28 07:13:34 ----D---- C:\Windows\system32\Tasks
2017-05-27 10:35:59 ----D---- C:\Windows\Tasks
2017-05-27 10:35:59 ----D---- C:\Windows\system32\wfp
2017-05-27 10:35:59 ----D---- C:\Windows\system32\wbem
2017-05-27 10:35:59 ----D---- C:\Windows\system32\DriverStore
2017-05-27 10:35:59 ----D---- C:\Windows\system32\CodeIntegrity
2017-05-27 10:35:59 ----D---- C:\Windows\system32\catroot2
2017-05-27 10:35:59 ----D---- C:\Windows\AppCompat
2017-05-27 10:35:57 ----D---- C:\Program Files\TC UP
2017-05-27 10:35:36 ----D---- C:\Windows\registration
2017-05-27 10:33:48 ----D---- C:\Windows\system32\LogFiles
2017-05-27 10:33:12 ----D---- C:\Windows\winsxs
2017-05-27 09:43:00 ----D---- C:\Windows\system32\catroot
2017-05-24 19:22:36 ----D---- C:\ProgramData\Package Cache
2017-05-24 18:18:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-05-24 18:18:08 ----D---- C:\Windows\system32\Macromed
2017-05-24 17:43:35 ----D---- C:\ProgramData\IObit
2017-05-24 17:28:28 ----D---- C:\Program Files\Mozilla Maintenance Service
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 DwDevGuard;Dr.Web Device Guard; C:\Windows\system32\drivers\dwdg.sys [2017-05-28 166384]
R0 DwProt;DrWeb Protection; C:\Windows\system32\drivers\dwprot.sys [2017-05-28 403848]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 SpiderG3;DrWeb file system scanner; C:\Windows\system32\drivers\spiderg3.sys [2017-05-28 252120]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 DrWebWfp;DrWebWfp; C:\Windows\system32\drivers\dw_wfp.sys [2017-05-28 135816]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\system32\drivers\HWiNFO32.SYS [2017-03-12 23840]
R1 VD_FileDisk;VD_FileDisk; C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 npf;NetGroup Packet Filter Driver; \??\C:\Windows\system32\drivers\npf.sys [2015-08-21 36600]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-03-01 24736]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2017-03-28 51328]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2017-03-28 71552]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-08-12 3645160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2015-07-25 171352]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-15 27704]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2016-04-14 50744]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2017-03-28 783360]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2015-04-30 20256]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-04-19 685816]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-03-01 34976]
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [2011-03-01 43680]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys [2010-01-05 1500160]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-03-01 259232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 141088]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2017-03-28 47504]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-03-01 242336]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-02-28 92032]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-11-16 18560]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-11-16 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2012-11-16 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2012-11-16 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-10-17 19072]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 Ser2plx86;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2016-10-06 171072]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TrueSight;TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [2017-05-27 35064]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-11-16 8192]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-11-16 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-04-25 83056]
R2 AtherosSvc;AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [2011-03-01 72864]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DrWebAVService;Dr.Web Control Service; C:\Program Files\DrWeb\dwservice.exe [2017-05-28 11644832]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-06-15 931896]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-06-16 73728]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-06-15 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-06-15 2018360]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-07-23 671048]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-04-19 66872]
R3 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2017-05-28 2177488]
R3 DrWebNetFilter;Dr.Web Net Filtering Service; C:\Program Files\DrWeb\dwnetfilter.exe [2017-05-28 5085144]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-06-15 2905656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-28 153752]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2017-04-05 317400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-24 271864]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-07-09 46528]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-28 153752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-25 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-12-19 732648]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
ako to mozme odvirit ked necitas co pisem
mal si nainstalovat MSIE11 a vloazit log FRST
mal si nainstalovat MSIE11 a vloazit log FRST
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
Mea culpa, ospravedlnujem sa ! Teraz som asi tri tyzdne mimo dom , vykonam potrebne, ked sa vratim domov.
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
V pohode, posli mi potom SZ
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: USB KLUC - location: cmd (C:\Windows\System32) ????
Zdravim,
Logfile of random's system information tool 1.10 (written by random/random)
Run by Kamil at 2017-06-21 19:21:45
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 32 GB (29%) free of 110 GB
Total RAM: 3069 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:21:47, on 21. 6. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Dolby Home Theater v4\pcee4.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Windows\System32\wscript.exe
C:\Users\Kamil\AppData\Roaming\skype.exe
C:\Program Files\DS Clock\dsclock.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Skype\Browser\SkypeBrowserHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kamil\Downloads\RSIT.exe
C:\Program Files\trend micro\Kamil.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE4
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
O4 - HKLM\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs"
O4 - HKLM\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs"
O4 - HKLM\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs"
O4 - HKLM\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs"
O4 - HKLM\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
O4 - HKLM\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.sk/sk.special-uninstalla ... =10.0.1432
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [BingSvc] C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
O4 - HKCU\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs"
O4 - HKCU\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs"
O4 - HKCU\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs"
O4 - HKCU\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs"
O4 - HKCU\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
O4 - HKCU\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 8424898cc4c927994d288319a361b825.exe
O4 - Startup: Launch_Manager.vbs
O4 - Startup: tmp453B.tmp.vbs
O4 - Startup: tmp9F3E.tmp.vbs
O4 - Startup: tmpB731.tmp.vbs
O4 - Startup: tmpBE24.tmp.vbs
O4 - Startup: windows.vbs
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: WSKVAllmytubechrome - (no CLSID) - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 9959 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core.job - C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA.job - C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=SK216DF&PC=SK216&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.131 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\extensions\
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\searchplugins\
bing-.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-03-01 60576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29 798771]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-08-09 10807912]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [2011-08-09 1571432]
"Dolby Home Theater v4"=C:\Program Files\Dolby Home Theater v4\pcee4.exe [2011-06-01 506712]
"NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15 2398776]
"ShadowPlay"=C:\Windows\system32\nvspcap.dll [2016-06-15 1377984]
"Aimersoft Helper Compact.exe"=C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2016-07-14 2131856]
"tmpB731"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs []
"Microsoft Office"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs []
"javaupdate"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs []
"tmp9F3E"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs []
"tmpBE24"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs []
"8424898cc4c927994d288319a361b825"=C:\Users\Kamil\AppData\Roaming\skype.exe [2017-04-20 302080]
"tmp453B"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.sk/sk.special-uninstalla ... =10.0.1432 []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DS Clock"=C:\Program Files\DS Clock\dsclock.exe [2003-06-06 323584]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]
""= []
"BingSvc"=C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05 144008]
"Nektra OEAPI"= []
"OEXPRESS"= []
"tmpB731"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs []
"Microsoft Office"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs []
"javaupdate"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs []
"tmp9F3E"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs []
"tmpBE24"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs []
"8424898cc4c927994d288319a361b825"=C:\Users\Kamil\AppData\Roaming\skype.exe [2017-04-20 302080]
"tmp453B"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2017-05-04 27716568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25 1162360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
C:\Program Files\Bluetooth Suite\AthBtTray.exe [2011-03-01 302240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
C:\Program Files\Bluetooth Suite\BtvStack.exe [2011-03-01 490656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe /c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2010-06-16 2736128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [2009-05-26 651264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-12-21 1090040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
8424898cc4c927994d288319a361b825.exe
Launch_Manager.vbs
tmp453B.tmp.vbs
tmp9F3E.tmp.vbs
tmpB731.tmp.vbs
tmpBE24.tmp.vbs
windows.vbs
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"midi7"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-06-21 18:13:46 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-21 18:13:46 ----A---- C:\Windows\system32\elshyph.dll
2017-06-21 18:13:44 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2017-06-21 18:13:44 ----A---- C:\Windows\system32\msls31.dll
2017-06-21 18:13:44 ----A---- C:\Windows\system32\jsIntl.dll
2017-06-21 18:13:43 ----A---- C:\Windows\system32\wininet.dll
2017-06-21 18:13:43 ----A---- C:\Windows\system32\urlmon.dll
2017-06-21 18:13:43 ----A---- C:\Windows\system32\msrating.dll
2017-06-21 18:13:43 ----A---- C:\Windows\system32\jsproxy.dll
2017-06-21 18:13:43 ----A---- C:\Windows\system32\iertutil.dll
2017-06-21 18:13:42 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-21 18:13:42 ----A---- C:\Windows\system32\dxtrans.dll
2017-06-21 18:13:42 ----A---- C:\Windows\system32\dxtmsft.dll
2017-06-21 18:13:41 ----A---- C:\Windows\system32\url.dll
2017-06-21 18:13:41 ----A---- C:\Windows\system32\iesetup.dll
2017-06-21 18:13:41 ----A---- C:\Windows\system32\iernonce.dll
2017-06-21 18:13:41 ----A---- C:\Windows\system32\ieapfltr.dll
2017-06-21 18:13:41 ----A---- C:\Windows\system32\ieapfltr.dat
2017-06-21 18:13:41 ----A---- C:\Windows\system32\ie4uinit.exe
2017-06-21 18:13:41 ----A---- C:\Windows\system32\icardie.dll
2017-06-21 18:13:40 ----A---- C:\Windows\system32\webcheck.dll
2017-06-21 18:13:40 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-06-21 18:13:40 ----A---- C:\Windows\system32\mshtmled.dll
2017-06-21 18:13:40 ----A---- C:\Windows\system32\licmgr10.dll
2017-06-21 18:13:40 ----A---- C:\Windows\system32\inseng.dll
2017-06-21 18:13:40 ----A---- C:\Windows\system32\iedkcs32.dll
2017-06-21 18:13:39 ----A---- C:\Windows\system32\wextract.exe
2017-06-21 18:13:39 ----A---- C:\Windows\system32\vbscript.dll
2017-06-21 18:13:39 ----A---- C:\Windows\system32\msfeeds.dll
2017-06-21 18:13:39 ----A---- C:\Windows\system32\iexpress.exe
2017-06-21 18:13:38 ----A---- C:\Windows\system32\mshtml.dll
2017-06-21 18:13:37 ----A---- C:\Windows\system32\pngfilt.dll
2017-06-21 18:13:37 ----A---- C:\Windows\system32\occache.dll
2017-06-21 18:13:37 ----A---- C:\Windows\system32\mshta.exe
2017-06-21 18:13:37 ----A---- C:\Windows\system32\ieUnatt.exe
2017-06-21 18:13:37 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-06-21 18:13:36 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-06-21 18:13:36 ----A---- C:\Windows\system32\jscript.dll
2017-06-21 18:13:36 ----A---- C:\Windows\system32\imgutil.dll
2017-06-21 18:13:36 ----A---- C:\Windows\system32\iepeers.dll
2017-06-21 18:13:36 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-06-21 18:13:36 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-06-21 18:13:35 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2017-06-21 18:13:35 ----A---- C:\Windows\system32\msfeedssync.exe
2017-06-21 18:13:35 ----A---- C:\Windows\system32\msfeedsbs.dll
2017-06-21 18:13:35 ----A---- C:\Windows\system32\jscript9diag.dll
2017-06-21 18:13:35 ----A---- C:\Windows\system32\IEAdvpack.dll
2017-06-21 18:13:34 ----A---- C:\Windows\system32\mshtmler.dll
2017-06-21 18:13:34 ----A---- C:\Windows\system32\jscript9.dll
2017-06-21 18:13:34 ----A---- C:\Windows\system32\ieui.dll
2017-06-21 18:13:34 ----A---- C:\Windows\system32\iesysprep.dll
2017-06-21 18:13:33 ----A---- C:\Windows\system32\ieframe.dll
2017-06-21 18:13:09 ----A---- C:\Windows\system32\tdh.dll
2017-06-21 18:13:09 ----A---- C:\Windows\system32\smss.exe
2017-06-21 18:13:09 ----A---- C:\Windows\system32\ntkrnlpa.exe
2017-06-21 18:13:09 ----A---- C:\Windows\system32\ntdll.dll
2017-06-21 18:13:09 ----A---- C:\Windows\system32\advapi32.dll
2017-06-21 18:13:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-06-21 18:13:08 ----A---- C:\Windows\system32\csrsrv.dll
2017-06-21 18:13:00 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-06-21 18:13:00 ----A---- C:\Windows\system32\drivers\netio.sys
2017-06-21 18:13:00 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2017-06-21 18:12:59 ----A---- C:\Windows\system32\mswsock.dll
2017-06-21 18:12:59 ----A---- C:\Windows\system32\drivers\afd.sys
2017-06-21 18:12:53 ----A---- C:\Windows\system32\taskhost.exe
2017-06-21 18:12:40 ----A---- C:\Windows\system32\winsrv.dll
2017-06-21 18:12:40 ----A---- C:\Windows\system32\kernel32.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-21 18:12:39 ----A---- C:\Windows\system32\KernelBase.dll
2017-06-21 18:12:39 ----A---- C:\Windows\system32\conhost.exe
2017-06-21 18:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-21 18:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-21 18:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-21 18:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-21 18:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-21 18:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-21 18:12:09 ----A---- C:\Windows\system32\d3d11.dll
2017-05-28 14:36:47 ----D---- C:\rsit
2017-05-28 14:36:47 ----D---- C:\Program Files\trend micro
2017-05-28 08:42:57 ----D---- C:\Program Files\Common Files\Skype
2017-05-28 07:17:43 ----HD---- C:\DrWeb Archive
2017-05-28 07:16:52 ----SHD---- C:\DrWeb Quarantine
2017-05-28 07:12:21 ----D---- C:\Program Files\DrWeb.delete-later-431717
2017-05-28 07:09:47 ----D---- C:\ProgramData\Doctor Web
2017-05-27 09:42:55 ----A---- C:\Windows\system32\ucrtbase.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-05-27 09:42:28 ----A---- C:\Users\Kamil\AppData\Roaming\skype.exe.tmp
2017-05-26 19:26:45 ----D---- C:\ProgramData\ESET
2017-05-26 19:26:45 ----D---- C:\Program Files\ESET
2017-05-26 16:48:17 ----D---- C:\FRST
2017-05-26 05:25:19 ----D---- C:\AdwCleaner
2017-05-25 14:25:00 ----D---- C:\Users\Kamil\AppData\Roaming\Google
2017-05-24 17:47:09 ----A---- C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
======List of files/folders modified in the last 1 month======
2017-06-21 19:12:04 ----D---- C:\Users\Kamil\AppData\Roaming\Skype
2017-06-21 19:11:46 ----D---- C:\Windows\Prefetch
2017-06-21 19:00:39 ----D---- C:\Windows\system32\config
2017-06-21 18:50:07 ----D---- C:\Windows\rescache
2017-06-21 18:29:23 ----D---- C:\Windows\System32
2017-06-21 18:29:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-06-21 18:24:47 ----D---- C:\Program Files\Common Files
2017-06-21 18:23:49 ----RD---- C:\Program Files
2017-06-21 18:23:45 ----D---- C:\Windows\system32\drivers
2017-06-21 18:23:34 ----SHD---- C:\System Volume Information
2017-06-21 18:18:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-06-21 18:18:38 ----D---- C:\Windows\system32\Macromed
2017-06-21 18:18:36 ----D---- C:\Windows\Temp
2017-06-21 18:17:31 ----D---- C:\Windows\winsxs
2017-06-21 18:17:15 ----D---- C:\Windows\Panther
2017-06-21 18:15:45 ----D---- C:\Windows\system32\sk-SK
2017-06-21 18:15:45 ----D---- C:\Windows\system32\migration
2017-06-21 18:15:45 ----D---- C:\Windows\system32\en-US
2017-06-21 18:15:45 ----D---- C:\Windows\PolicyDefinitions
2017-06-21 18:15:45 ----D---- C:\Program Files\Internet Explorer
2017-06-21 18:15:44 ----RSD---- C:\Windows\Fonts
2017-06-21 18:15:18 ----D---- C:\Windows\Logs
2017-06-21 18:15:09 ----D---- C:\Windows\system32\catroot
2017-06-21 18:14:50 ----D---- C:\Windows\system32\catroot2
2017-05-29 14:43:18 ----D---- C:\Windows
2017-05-29 12:26:38 ----D---- C:\Users\Kamil\AppData\Roaming\vlc
2017-05-28 14:59:40 ----D---- C:\Windows\inf
2017-05-28 14:26:18 ----HD---- C:\ProgramData
2017-05-28 14:15:16 ----D---- C:\Windows\Minidump
2017-05-28 08:43:01 ----SHD---- C:\Windows\Installer
2017-05-28 08:43:01 ----D---- C:\ProgramData\Skype
2017-05-28 08:42:57 ----RD---- C:\Program Files\Skype
2017-05-28 07:20:05 ----SD---- C:\ProgramData\Microsoft
2017-05-28 07:13:34 ----D---- C:\Windows\system32\Tasks
2017-05-27 10:35:59 ----D---- C:\Windows\Tasks
2017-05-27 10:35:59 ----D---- C:\Windows\system32\wfp
2017-05-27 10:35:59 ----D---- C:\Windows\system32\wbem
2017-05-27 10:35:59 ----D---- C:\Windows\system32\DriverStore
2017-05-27 10:35:59 ----D---- C:\Windows\system32\CodeIntegrity
2017-05-27 10:35:59 ----D---- C:\Windows\AppCompat
2017-05-27 10:35:57 ----D---- C:\Program Files\TC UP
2017-05-27 10:35:36 ----D---- C:\Windows\registration
2017-05-27 10:33:48 ----D---- C:\Windows\system32\LogFiles
2017-05-24 19:22:36 ----D---- C:\ProgramData\Package Cache
2017-05-24 17:43:35 ----D---- C:\ProgramData\IObit
2017-05-24 17:28:28 ----D---- C:\Program Files\Mozilla Maintenance Service
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\system32\drivers\HWiNFO32.SYS [2017-03-12 23840]
R1 VD_FileDisk;VD_FileDisk; C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 npf;NetGroup Packet Filter Driver; \??\C:\Windows\system32\drivers\npf.sys [2015-08-21 36600]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-03-01 24736]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2017-03-28 51328]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2017-03-28 71552]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-08-12 3645160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2015-07-25 171352]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-15 27704]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2016-04-14 50744]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2017-03-28 783360]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-04-19 685816]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-03-01 34976]
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [2011-03-01 43680]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys [2010-01-05 1500160]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-03-01 259232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 141088]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2017-03-28 47504]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-03-01 242336]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-02-28 92032]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-11-16 18560]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-11-16 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2012-11-16 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2012-11-16 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-10-17 19072]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 Ser2plx86;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2016-10-06 171072]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TrueSight;TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [2017-05-27 35064]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-11-16 8192]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-11-16 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2015-04-30 20256]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 WsAudioDevice_383;WsAudioDevice_383; C:\Windows\system32\drivers\WsAudioDevice_383.sys [2016-02-29 25632]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-04-25 83056]
R2 AtherosSvc;AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [2011-03-01 72864]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-06-15 931896]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-06-16 73728]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-06-15 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-06-15 2018360]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-07-23 671048]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-04-19 66872]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-06-15 2905656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-28 153752]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2017-04-05 317400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-21 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-07-09 46528]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-28 153752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-06-21 102912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-25 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-12-19 732648]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Kamil at 2017-06-21 19:21:45
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 32 GB (29%) free of 110 GB
Total RAM: 3069 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:21:47, on 21. 6. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Dolby Home Theater v4\pcee4.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Windows\System32\wscript.exe
C:\Users\Kamil\AppData\Roaming\skype.exe
C:\Program Files\DS Clock\dsclock.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Skype\Browser\SkypeBrowserHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kamil\Downloads\RSIT.exe
C:\Program Files\trend micro\Kamil.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE4
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
O4 - HKLM\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs"
O4 - HKLM\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs"
O4 - HKLM\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs"
O4 - HKLM\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs"
O4 - HKLM\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
O4 - HKLM\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.sk/sk.special-uninstalla ... =10.0.1432
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [BingSvc] C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
O4 - HKCU\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs"
O4 - HKCU\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs"
O4 - HKCU\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs"
O4 - HKCU\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs"
O4 - HKCU\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
O4 - HKCU\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 8424898cc4c927994d288319a361b825.exe
O4 - Startup: Launch_Manager.vbs
O4 - Startup: tmp453B.tmp.vbs
O4 - Startup: tmp9F3E.tmp.vbs
O4 - Startup: tmpB731.tmp.vbs
O4 - Startup: tmpBE24.tmp.vbs
O4 - Startup: windows.vbs
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: WSKVAllmytubechrome - (no CLSID) - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 9959 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core.job - C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA.job - C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=SK216DF&PC=SK216&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.131 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\extensions\
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\searchplugins\
bing-.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-03-01 60576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29 798771]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-08-09 10807912]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [2011-08-09 1571432]
"Dolby Home Theater v4"=C:\Program Files\Dolby Home Theater v4\pcee4.exe [2011-06-01 506712]
"NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15 2398776]
"ShadowPlay"=C:\Windows\system32\nvspcap.dll [2016-06-15 1377984]
"Aimersoft Helper Compact.exe"=C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2016-07-14 2131856]
"tmpB731"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs []
"Microsoft Office"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs []
"javaupdate"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs []
"tmp9F3E"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs []
"tmpBE24"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs []
"8424898cc4c927994d288319a361b825"=C:\Users\Kamil\AppData\Roaming\skype.exe [2017-04-20 302080]
"tmp453B"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.sk/sk.special-uninstalla ... =10.0.1432 []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DS Clock"=C:\Program Files\DS Clock\dsclock.exe [2003-06-06 323584]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]
""= []
"BingSvc"=C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05 144008]
"Nektra OEAPI"= []
"OEXPRESS"= []
"tmpB731"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs []
"Microsoft Office"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs []
"javaupdate"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs []
"tmp9F3E"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs []
"tmpBE24"=wscript.exe //B C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs []
"8424898cc4c927994d288319a361b825"=C:\Users\Kamil\AppData\Roaming\skype.exe [2017-04-20 302080]
"tmp453B"=wscript.exe //B C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2017-05-04 27716568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25 1162360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
C:\Program Files\Bluetooth Suite\AthBtTray.exe [2011-03-01 302240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
C:\Program Files\Bluetooth Suite\BtvStack.exe [2011-03-01 490656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe /c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2010-06-16 2736128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [2009-05-26 651264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-12-21 1090040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
8424898cc4c927994d288319a361b825.exe
Launch_Manager.vbs
tmp453B.tmp.vbs
tmp9F3E.tmp.vbs
tmpB731.tmp.vbs
tmpBE24.tmp.vbs
windows.vbs
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"midi7"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-06-21 18:13:46 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-21 18:13:46 ----A---- C:\Windows\system32\elshyph.dll
2017-06-21 18:13:44 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2017-06-21 18:13:44 ----A---- C:\Windows\system32\msls31.dll
2017-06-21 18:13:44 ----A---- C:\Windows\system32\jsIntl.dll
2017-06-21 18:13:43 ----A---- C:\Windows\system32\wininet.dll
2017-06-21 18:13:43 ----A---- C:\Windows\system32\urlmon.dll
2017-06-21 18:13:43 ----A---- C:\Windows\system32\msrating.dll
2017-06-21 18:13:43 ----A---- C:\Windows\system32\jsproxy.dll
2017-06-21 18:13:43 ----A---- C:\Windows\system32\iertutil.dll
2017-06-21 18:13:42 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-21 18:13:42 ----A---- C:\Windows\system32\dxtrans.dll
2017-06-21 18:13:42 ----A---- C:\Windows\system32\dxtmsft.dll
2017-06-21 18:13:41 ----A---- C:\Windows\system32\url.dll
2017-06-21 18:13:41 ----A---- C:\Windows\system32\iesetup.dll
2017-06-21 18:13:41 ----A---- C:\Windows\system32\iernonce.dll
2017-06-21 18:13:41 ----A---- C:\Windows\system32\ieapfltr.dll
2017-06-21 18:13:41 ----A---- C:\Windows\system32\ieapfltr.dat
2017-06-21 18:13:41 ----A---- C:\Windows\system32\ie4uinit.exe
2017-06-21 18:13:41 ----A---- C:\Windows\system32\icardie.dll
2017-06-21 18:13:40 ----A---- C:\Windows\system32\webcheck.dll
2017-06-21 18:13:40 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-06-21 18:13:40 ----A---- C:\Windows\system32\mshtmled.dll
2017-06-21 18:13:40 ----A---- C:\Windows\system32\licmgr10.dll
2017-06-21 18:13:40 ----A---- C:\Windows\system32\inseng.dll
2017-06-21 18:13:40 ----A---- C:\Windows\system32\iedkcs32.dll
2017-06-21 18:13:39 ----A---- C:\Windows\system32\wextract.exe
2017-06-21 18:13:39 ----A---- C:\Windows\system32\vbscript.dll
2017-06-21 18:13:39 ----A---- C:\Windows\system32\msfeeds.dll
2017-06-21 18:13:39 ----A---- C:\Windows\system32\iexpress.exe
2017-06-21 18:13:38 ----A---- C:\Windows\system32\mshtml.dll
2017-06-21 18:13:37 ----A---- C:\Windows\system32\pngfilt.dll
2017-06-21 18:13:37 ----A---- C:\Windows\system32\occache.dll
2017-06-21 18:13:37 ----A---- C:\Windows\system32\mshta.exe
2017-06-21 18:13:37 ----A---- C:\Windows\system32\ieUnatt.exe
2017-06-21 18:13:37 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-06-21 18:13:36 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-06-21 18:13:36 ----A---- C:\Windows\system32\jscript.dll
2017-06-21 18:13:36 ----A---- C:\Windows\system32\imgutil.dll
2017-06-21 18:13:36 ----A---- C:\Windows\system32\iepeers.dll
2017-06-21 18:13:36 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-06-21 18:13:36 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-06-21 18:13:35 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2017-06-21 18:13:35 ----A---- C:\Windows\system32\msfeedssync.exe
2017-06-21 18:13:35 ----A---- C:\Windows\system32\msfeedsbs.dll
2017-06-21 18:13:35 ----A---- C:\Windows\system32\jscript9diag.dll
2017-06-21 18:13:35 ----A---- C:\Windows\system32\IEAdvpack.dll
2017-06-21 18:13:34 ----A---- C:\Windows\system32\mshtmler.dll
2017-06-21 18:13:34 ----A---- C:\Windows\system32\jscript9.dll
2017-06-21 18:13:34 ----A---- C:\Windows\system32\ieui.dll
2017-06-21 18:13:34 ----A---- C:\Windows\system32\iesysprep.dll
2017-06-21 18:13:33 ----A---- C:\Windows\system32\ieframe.dll
2017-06-21 18:13:09 ----A---- C:\Windows\system32\tdh.dll
2017-06-21 18:13:09 ----A---- C:\Windows\system32\smss.exe
2017-06-21 18:13:09 ----A---- C:\Windows\system32\ntkrnlpa.exe
2017-06-21 18:13:09 ----A---- C:\Windows\system32\ntdll.dll
2017-06-21 18:13:09 ----A---- C:\Windows\system32\advapi32.dll
2017-06-21 18:13:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-06-21 18:13:08 ----A---- C:\Windows\system32\csrsrv.dll
2017-06-21 18:13:00 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-06-21 18:13:00 ----A---- C:\Windows\system32\drivers\netio.sys
2017-06-21 18:13:00 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2017-06-21 18:12:59 ----A---- C:\Windows\system32\mswsock.dll
2017-06-21 18:12:59 ----A---- C:\Windows\system32\drivers\afd.sys
2017-06-21 18:12:53 ----A---- C:\Windows\system32\taskhost.exe
2017-06-21 18:12:40 ----A---- C:\Windows\system32\winsrv.dll
2017-06-21 18:12:40 ----A---- C:\Windows\system32\kernel32.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-21 18:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-21 18:12:39 ----A---- C:\Windows\system32\KernelBase.dll
2017-06-21 18:12:39 ----A---- C:\Windows\system32\conhost.exe
2017-06-21 18:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-21 18:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-21 18:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-21 18:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-21 18:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-21 18:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-21 18:12:09 ----A---- C:\Windows\system32\d3d11.dll
2017-05-28 14:36:47 ----D---- C:\rsit
2017-05-28 14:36:47 ----D---- C:\Program Files\trend micro
2017-05-28 08:42:57 ----D---- C:\Program Files\Common Files\Skype
2017-05-28 07:17:43 ----HD---- C:\DrWeb Archive
2017-05-28 07:16:52 ----SHD---- C:\DrWeb Quarantine
2017-05-28 07:12:21 ----D---- C:\Program Files\DrWeb.delete-later-431717
2017-05-28 07:09:47 ----D---- C:\ProgramData\Doctor Web
2017-05-27 09:42:55 ----A---- C:\Windows\system32\ucrtbase.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-05-27 09:42:55 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-05-27 09:42:28 ----A---- C:\Users\Kamil\AppData\Roaming\skype.exe.tmp
2017-05-26 19:26:45 ----D---- C:\ProgramData\ESET
2017-05-26 19:26:45 ----D---- C:\Program Files\ESET
2017-05-26 16:48:17 ----D---- C:\FRST
2017-05-26 05:25:19 ----D---- C:\AdwCleaner
2017-05-25 14:25:00 ----D---- C:\Users\Kamil\AppData\Roaming\Google
2017-05-24 17:47:09 ----A---- C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
======List of files/folders modified in the last 1 month======
2017-06-21 19:12:04 ----D---- C:\Users\Kamil\AppData\Roaming\Skype
2017-06-21 19:11:46 ----D---- C:\Windows\Prefetch
2017-06-21 19:00:39 ----D---- C:\Windows\system32\config
2017-06-21 18:50:07 ----D---- C:\Windows\rescache
2017-06-21 18:29:23 ----D---- C:\Windows\System32
2017-06-21 18:29:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-06-21 18:24:47 ----D---- C:\Program Files\Common Files
2017-06-21 18:23:49 ----RD---- C:\Program Files
2017-06-21 18:23:45 ----D---- C:\Windows\system32\drivers
2017-06-21 18:23:34 ----SHD---- C:\System Volume Information
2017-06-21 18:18:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-06-21 18:18:38 ----D---- C:\Windows\system32\Macromed
2017-06-21 18:18:36 ----D---- C:\Windows\Temp
2017-06-21 18:17:31 ----D---- C:\Windows\winsxs
2017-06-21 18:17:15 ----D---- C:\Windows\Panther
2017-06-21 18:15:45 ----D---- C:\Windows\system32\sk-SK
2017-06-21 18:15:45 ----D---- C:\Windows\system32\migration
2017-06-21 18:15:45 ----D---- C:\Windows\system32\en-US
2017-06-21 18:15:45 ----D---- C:\Windows\PolicyDefinitions
2017-06-21 18:15:45 ----D---- C:\Program Files\Internet Explorer
2017-06-21 18:15:44 ----RSD---- C:\Windows\Fonts
2017-06-21 18:15:18 ----D---- C:\Windows\Logs
2017-06-21 18:15:09 ----D---- C:\Windows\system32\catroot
2017-06-21 18:14:50 ----D---- C:\Windows\system32\catroot2
2017-05-29 14:43:18 ----D---- C:\Windows
2017-05-29 12:26:38 ----D---- C:\Users\Kamil\AppData\Roaming\vlc
2017-05-28 14:59:40 ----D---- C:\Windows\inf
2017-05-28 14:26:18 ----HD---- C:\ProgramData
2017-05-28 14:15:16 ----D---- C:\Windows\Minidump
2017-05-28 08:43:01 ----SHD---- C:\Windows\Installer
2017-05-28 08:43:01 ----D---- C:\ProgramData\Skype
2017-05-28 08:42:57 ----RD---- C:\Program Files\Skype
2017-05-28 07:20:05 ----SD---- C:\ProgramData\Microsoft
2017-05-28 07:13:34 ----D---- C:\Windows\system32\Tasks
2017-05-27 10:35:59 ----D---- C:\Windows\Tasks
2017-05-27 10:35:59 ----D---- C:\Windows\system32\wfp
2017-05-27 10:35:59 ----D---- C:\Windows\system32\wbem
2017-05-27 10:35:59 ----D---- C:\Windows\system32\DriverStore
2017-05-27 10:35:59 ----D---- C:\Windows\system32\CodeIntegrity
2017-05-27 10:35:59 ----D---- C:\Windows\AppCompat
2017-05-27 10:35:57 ----D---- C:\Program Files\TC UP
2017-05-27 10:35:36 ----D---- C:\Windows\registration
2017-05-27 10:33:48 ----D---- C:\Windows\system32\LogFiles
2017-05-24 19:22:36 ----D---- C:\ProgramData\Package Cache
2017-05-24 17:43:35 ----D---- C:\ProgramData\IObit
2017-05-24 17:28:28 ----D---- C:\Program Files\Mozilla Maintenance Service
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\system32\drivers\HWiNFO32.SYS [2017-03-12 23840]
R1 VD_FileDisk;VD_FileDisk; C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 npf;NetGroup Packet Filter Driver; \??\C:\Windows\system32\drivers\npf.sys [2015-08-21 36600]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-03-01 24736]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2017-03-28 51328]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2017-03-28 71552]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-08-12 3645160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2015-07-25 171352]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-15 27704]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2016-04-14 50744]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2017-03-28 783360]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-04-19 685816]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-03-01 34976]
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [2011-03-01 43680]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys [2010-01-05 1500160]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-03-01 259232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 141088]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2017-03-28 47504]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-03-01 242336]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-02-28 92032]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-11-16 18560]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-11-16 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2012-11-16 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2012-11-16 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-10-17 19072]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 Ser2plx86;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2016-10-06 171072]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TrueSight;TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [2017-05-27 35064]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-11-16 8192]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-11-16 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2015-04-30 20256]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 WsAudioDevice_383;WsAudioDevice_383; C:\Windows\system32\drivers\WsAudioDevice_383.sys [2016-02-29 25632]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-04-25 83056]
R2 AtherosSvc;AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [2011-03-01 72864]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-06-15 931896]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-06-16 73728]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-06-15 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-06-15 2018360]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-07-23 671048]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-04-19 66872]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-06-15 2905656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-28 153752]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2017-04-05 317400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-21 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-07-09 46528]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-28 153752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-06-21 102912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-25 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-12-19 732648]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------