Dobrý den, prosím mám problém. Sekal a vypínal se mi PC (Win 7) tak jsem to prohnal antivirem a našel pár virů. Zdálo se vše v pořádku, ale po znovuzapnutí se problém znovu ukázal. Po chvilce mi naskočí modrá obrazovka, a při vypínání a na ní chybová hláška 0000...f4 což je domnívám se škodlivý software (vir).
Také se mi tím virem stále otevírá okno prohlížeče, a naskakují nežádoucí stránky.
Děkuji za každou radu.
Logfile of random's system information tool 1.10 (written by random/random)
Run by xxx at 2018-04-10 14:14:39
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 813 MB (2%) free of 52 GB
Total RAM: 3070 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:15:51, on 10.4.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18838)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\conhost.exe
C:\Users\xxx\AppData\Roaming\Tickmill MT4 Client Terminal\terminal.exe
C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets\terminal.exe
C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets 1\terminal.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\xxx\Downloads\RSIT.exe
C:\Program Files\trend micro\xxx.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=811141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0000000000
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\xxx\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll
O2 - BHO: (no name) - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - (no file)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [BingSvc] C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\xxx\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Skype for Desktop] C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
O4 - HKCU\..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - Global Startup: blink.lnk = C:\Windows\blink.exe
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra 'Tools' menuitem: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: MlmDm - Unknown owner - C:\Program Files\MLM downline manager\Files\database\bin\mlmdmbase.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: pSP2clnt - Unknown owner - C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8866 bytes
======Scheduled tasks folder======
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\GoToMeeting\8625\g2mupdate.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\GoToMeeting\8625\g2mupload.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]
Pagealicious
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-10-05 473664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-15 774440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}]
Search@Mail.Ru - C:\Users\xxx\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2018-03-12 1584856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11 1246600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2018-03-19 167480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-05 187968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-08-15 213832]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2017-03-12 352648]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2017-03-30 16463360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2017-07-21 587288]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"=C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-13 144008]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-03-03 7348440]
"cz.seznam.software.autoupdate"=C:\Users\xxx\AppData\Roaming\Seznam.cz\szninstall.exe -c []
"cz.seznam.software.szndesktop"=C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2018-03-27 109808]
"Skype for Desktop"=C:\Program Files\Microsoft\Skype for Desktop\Skype.exe []
"Web Companion"=C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
blink.lnk - C:\Windows\blink.exe
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"vidc.tscc"=C:\Windows\system32\tsccvid.dll
"vidc.tsc2"=C:\Windows\system32\tsc2_codec32.dll
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 month======
2018-04-10 14:14:39 ----D---- C:\rsit
2018-04-08 14:23:02 ----ASH---- C:\pagefile.sys
2018-04-08 07:41:33 ----SHD---- C:\Config.Msi
2018-04-07 08:13:56 ----D---- C:\Program Files\Rozpisy pro loterie 2.05
2018-04-06 18:21:32 ----D---- C:\Program Files\Rozpisy pro Sportku - free verze 107
2018-04-06 18:15:02 ----D---- C:\Program Files\Rozpisy pro loterie 3.01
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmsckn.dll
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmorenu.dll
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmocod.dll
2018-04-06 18:14:38 ----D---- C:\Program Files\Rozpisy pro Šťastných10 (KENO10) - free verze
2018-03-31 15:15:38 ----A---- C:\Windows\system32\aswBoot.exe
======List of files/folders modified in the last 1 month======
2018-04-10 14:14:51 ----D---- C:\Windows\Prefetch
2018-04-10 14:14:41 ----D---- C:\Program Files\trend micro
2018-04-10 14:12:44 ----D---- C:\Windows\temp
2018-04-10 13:59:14 ----AD---- C:\Windows\System32
2018-04-10 13:59:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2018-04-10 13:59:09 ----D---- C:\Windows\system32\Macromed
2018-04-10 12:01:06 ----SHD---- C:\Windows\Installer
2018-04-10 05:23:58 ----D---- C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets 1
2018-04-10 05:23:43 ----D---- C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets
2018-04-10 05:22:41 ----D---- C:\Users\xxx\AppData\Roaming\Tickmill MT4 Client Terminal
2018-04-10 05:07:40 ----D---- C:\Windows\inf
2018-04-10 05:07:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-04-10 01:04:18 ----D---- C:\Windows
2018-04-10 01:02:50 ----D---- C:\Windows\Minidump
2018-04-09 12:59:52 ----D---- C:\Users\xxx\AppData\Roaming\RoboForex - MetaTrader 4
2018-04-08 16:46:29 ----D---- C:\Users\xxx\AppData\Roaming\Telegram Desktop
2018-04-08 08:21:31 ----D---- C:\Windows\Tasks
2018-04-07 12:33:00 ----RD---- C:\Program Files
2018-04-07 12:33:00 ----D---- C:\Users\xxx\AppData\Roaming\MetaQuotes
2018-04-06 18:21:26 ----A---- C:\Windows\GPInstall.exe
2018-04-05 13:46:03 ----D---- C:\Users\xxx\AppData\Roaming\Seznam.cz
2018-04-02 20:27:53 ----D---- C:\Program Files\Opera
2018-03-31 20:37:13 ----D---- C:\Windows\system32\Tasks
2018-03-31 20:20:40 ----D---- C:\Windows\system32\drivers
2018-03-31 09:22:16 ----D---- C:\Users\xxx\AppData\Roaming\fxgen
2018-03-23 19:39:16 ----D---- C:\Users\xxx\AppData\Roaming\uTorrent
2018-03-23 19:37:59 ----D---- C:\Program Files\Smart Application Controller
2018-03-23 19:37:32 ----D---- C:\ProgramData
2018-03-23 19:37:04 ----D---- C:\Program Files\Mail.Ru
2018-03-23 19:36:19 ----D---- C:\Program Files\hMailServer
2018-03-23 19:35:56 ----D---- C:\Program Files\Google
2018-03-23 19:23:46 ----D---- C:\Program Files\McAfee
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2017-08-15 157416]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2017-08-15 276736]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2017-08-15 50384]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-08-15 70840]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-08-15 296312]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-01-02 320120]
R0 videX32;videX32; C:\Windows\system32\DRIVERS\videX32.sys [2010-02-11 13976]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2017-08-15 267008]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-08-15 39752]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-08-15 99536]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-08-24 774320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-08-15 496976]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-08-24 123928]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-08-15 147688]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2015-11-05 117760]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2014-03-18 77080]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 mfesapsn;McAfee Process Start Notification Service; \??\C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [2017-02-14 88448]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2016-12-25 5198336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-08-15 42824]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 DFX11_1;DFX Audio Enhancer 11.1; C:\Windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-14 44032]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys []
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2017-03-30 4397056]
S3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-04-09 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-04-09 11104]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinRing0_1_2_0;WinRing0_1_2_0; C:\Windows\system32\drivers\WinRing0_1_2_0.sys []
S3 WinUsb;CMCC USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2018-03-19 472856]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2015-01-10 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2015-01-10 103736]
R2 pSP2clnt;pSP2clnt; C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe [2016-06-05 406016]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WinSMTPService;Windows SMTP Service; C:\Program Files\WinSMTPServer\Windows SMTP Server\Service\WinSMTPServer.exe [2010-05-10 37888]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2017-08-15 5815840]
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-08-15 263312]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-07-14 107192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 MlmDm;MlmDm; C:\Program Files\MLM downline manager\Files\database\bin\mlmdmbase.exe MlmDm []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10 272384]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-07-14 47288]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-04-13 647680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-10-14 104960]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-06 1343400]
S4 AppHostSvc;Pomocná služba hostitele aplikace; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 W3SVC;Služba Publikování na webu; C:\Windows\system32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vir se znovu objeví při zapnutí PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir se znovu objeví při zapnutí PC
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir se znovu objeví při zapnutí PC
Nejde mi to vůbec stáhnout. Operu i Chrom mi to po kliknutí na odkaz hned zavře. :/
Ikdyž to otevřu na nové kartě, tak to stránku načte, ale když chci na ni přejít, tak to prohlížeč taky zavře.
Po vyhledání utility na netu , to po kliknutí na odkaz u Stahuj.cz taky prohlížeč zavřelo, jako by se to bránilo stažení utility. :DD ludra. Co s tím?
Ikdyž to otevřu na nové kartě, tak to stránku načte, ale když chci na ni přejít, tak to prohlížeč taky zavře.
Po vyhledání utility na netu , to po kliknutí na odkaz u Stahuj.cz taky prohlížeč zavřelo, jako by se to bránilo stažení utility. :DD ludra. Co s tím?
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir se znovu objeví při zapnutí PC
OK. Zkuste to v nouzovém režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir se znovu objeví při zapnutí PC
Udělal jsem to špatně. Omlouvám se.
Dal jsem skenování, a objevil se log. Ten jsem nezavíral, ale říkal jsem si, že log budete chtít až po smazání, a on zmizel.
Špatně jsem si to přečetl, a teď mi to zase po mazání nejde spustit, abych vytvořil LOG nový. Omlouvám se.
Dal jsem skenování, a objevil se log. Ten jsem nezavíral, ale říkal jsem si, že log budete chtít až po smazání, a on zmizel.
Špatně jsem si to přečetl, a teď mi to zase po mazání nejde spustit, abych vytvořil LOG nový. Omlouvám se.
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir se znovu objeví při zapnutí PC
Nejde spustit systém?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir se znovu objeví při zapnutí PC
Ne, system běží, ale ADWCleaner nejde spustit, abych vám vytvořil aspoň nový log. System se zdá v pořádku. Jen jsem trochu zmatkoval s tím nouzovým režimem, a pokazil ten log co by se vám hodil. :/
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir se znovu objeví při zapnutí PC
OK. Dejme tomu, že bylo vše smazáno. Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir se znovu objeví při zapnutí PC
Dodávám tedy LOG. 
Logfile of random's system information tool 1.10 (written by random/random)
Run by xxx at 2018-04-10 19:12:12
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1 GB (2%) free of 52 GB
Total RAM: 3070 MB (36% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:13:30, on 10.4.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18838)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\conhost.exe
C:\Windows\Explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets\terminal.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Roaming\Tickmill MT4 Client Terminal\terminal.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\xxx\Downloads\RSIT.exe
C:\Program Files\trend micro\xxx.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=811141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0000000000
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\xxx\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll
O2 - BHO: (no name) - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - (no file)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [BingSvc] C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\xxx\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Skype for Desktop] C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
O4 - HKCU\..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - Global Startup: blink.lnk = C:\Windows\blink.exe
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra 'Tools' menuitem: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: MlmDm - Unknown owner - C:\Program Files\MLM downline manager\Files\database\bin\mlmdmbase.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: pSP2clnt - Unknown owner - C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8792 bytes
======Scheduled tasks folder======
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\GoToMeeting\8625\g2mupdate.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\GoToMeeting\8625\g2mupload.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]
Pagealicious
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-10-05 473664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-15 774440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}]
Search@Mail.Ru - C:\Users\xxx\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2018-03-12 1584856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11 1246600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2018-03-19 167480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-05 187968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-08-15 213832]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2017-03-12 352648]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2017-03-30 16463360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2017-07-21 587288]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"=C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-13 144008]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-03-03 7348440]
"cz.seznam.software.autoupdate"=C:\Users\xxx\AppData\Roaming\Seznam.cz\szninstall.exe -c []
"cz.seznam.software.szndesktop"=C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2018-03-27 109808]
"Skype for Desktop"=C:\Program Files\Microsoft\Skype for Desktop\Skype.exe []
"Web Companion"=C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
blink.lnk - C:\Windows\blink.exe
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"vidc.tscc"=C:\Windows\system32\tsccvid.dll
"vidc.tsc2"=C:\Windows\system32\tsc2_codec32.dll
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 month======
2018-04-10 19:12:12 ----D---- C:\rsit
2018-04-10 17:17:15 ----A---- C:\Windows\ntbtlog.txt
2018-04-08 14:23:02 ----ASH---- C:\pagefile.sys
2018-04-08 07:41:33 ----SHD---- C:\Config.Msi
2018-04-07 08:13:56 ----D---- C:\Program Files\Rozpisy pro loterie 2.05
2018-04-06 18:21:32 ----D---- C:\Program Files\Rozpisy pro Sportku - free verze 107
2018-04-06 18:15:02 ----D---- C:\Program Files\Rozpisy pro loterie 3.01
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmsckn.dll
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmorenu.dll
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmocod.dll
2018-04-06 18:14:38 ----D---- C:\Program Files\Rozpisy pro Šťastných10 (KENO10) - free verze
2018-03-31 15:15:38 ----A---- C:\Windows\system32\aswBoot.exe
======List of files/folders modified in the last 1 month======
2018-04-10 19:12:34 ----D---- C:\Windows\temp
2018-04-10 19:12:21 ----D---- C:\Program Files\trend micro
2018-04-10 18:37:13 ----SHD---- C:\Windows\Installer
2018-04-10 18:11:08 ----D---- C:\Users\xxx\AppData\Roaming\Tickmill MT4 Client Terminal
2018-04-10 18:01:53 ----D---- C:\AdwCleaner
2018-04-10 17:39:39 ----D---- C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets
2018-04-10 17:35:38 ----D---- C:\Windows\Prefetch
2018-04-10 17:26:44 ----D---- C:\Windows\inf
2018-04-10 17:26:44 ----AD---- C:\Windows\System32
2018-04-10 17:26:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-04-10 17:17:15 ----D---- C:\Windows
2018-04-10 13:59:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2018-04-10 13:59:09 ----D---- C:\Windows\system32\Macromed
2018-04-10 05:23:58 ----D---- C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets 1
2018-04-10 01:02:50 ----D---- C:\Windows\Minidump
2018-04-09 12:59:52 ----D---- C:\Users\xxx\AppData\Roaming\RoboForex - MetaTrader 4
2018-04-08 16:46:29 ----D---- C:\Users\xxx\AppData\Roaming\Telegram Desktop
2018-04-08 08:21:31 ----D---- C:\Windows\Tasks
2018-04-07 12:33:00 ----RD---- C:\Program Files
2018-04-07 12:33:00 ----D---- C:\Users\xxx\AppData\Roaming\MetaQuotes
2018-04-06 18:21:26 ----A---- C:\Windows\GPInstall.exe
2018-04-05 13:46:03 ----D---- C:\Users\xxx\AppData\Roaming\Seznam.cz
2018-04-02 20:27:53 ----D---- C:\Program Files\Opera
2018-03-31 20:37:13 ----D---- C:\Windows\system32\Tasks
2018-03-31 20:20:40 ----D---- C:\Windows\system32\drivers
2018-03-31 09:22:16 ----D---- C:\Users\xxx\AppData\Roaming\fxgen
2018-03-23 19:39:16 ----D---- C:\Users\xxx\AppData\Roaming\uTorrent
2018-03-23 19:37:59 ----D---- C:\Program Files\Smart Application Controller
2018-03-23 19:37:32 ----D---- C:\ProgramData
2018-03-23 19:37:04 ----D---- C:\Program Files\Mail.Ru
2018-03-23 19:36:19 ----D---- C:\Program Files\hMailServer
2018-03-23 19:35:56 ----D---- C:\Program Files\Google
2018-03-23 19:23:46 ----D---- C:\Program Files\McAfee
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2017-08-15 157416]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2017-08-15 276736]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2017-08-15 50384]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-08-15 70840]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-08-15 296312]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-01-02 320120]
R0 videX32;videX32; C:\Windows\system32\DRIVERS\videX32.sys [2010-02-11 13976]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2017-08-15 267008]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-08-15 39752]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-08-15 99536]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-08-24 774320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-08-15 496976]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-08-24 123928]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-08-15 147688]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2015-11-05 117760]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2014-03-18 77080]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 mfesapsn;McAfee Process Start Notification Service; \??\C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [2017-02-14 88448]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2016-12-25 5198336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-08-15 42824]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 DFX11_1;DFX Audio Enhancer 11.1; C:\Windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-14 44032]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys []
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2017-03-30 4397056]
S3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-04-09 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-04-09 11104]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinRing0_1_2_0;WinRing0_1_2_0; C:\Windows\system32\drivers\WinRing0_1_2_0.sys []
S3 WinUsb;CMCC USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-08-15 263312]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2018-03-19 472856]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2015-01-10 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2015-01-10 103736]
R2 pSP2clnt;pSP2clnt; C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe [2016-06-05 406016]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WinSMTPService;Windows SMTP Service; C:\Program Files\WinSMTPServer\Windows SMTP Server\Service\WinSMTPServer.exe [2010-05-10 37888]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2017-08-15 5815840]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-07-14 107192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 MlmDm;MlmDm; C:\Program Files\MLM downline manager\Files\database\bin\mlmdmbase.exe MlmDm []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10 272384]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-07-14 47288]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-04-13 647680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-10-14 104960]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-06 1343400]
S4 AppHostSvc;Pomocná služba hostitele aplikace; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 W3SVC;Služba Publikování na webu; C:\Windows\system32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by xxx at 2018-04-10 19:12:12
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1 GB (2%) free of 52 GB
Total RAM: 3070 MB (36% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:13:30, on 10.4.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18838)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\conhost.exe
C:\Windows\Explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets\terminal.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Roaming\Tickmill MT4 Client Terminal\terminal.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\xxx\Downloads\RSIT.exe
C:\Program Files\trend micro\xxx.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=811141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0000000000
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\xxx\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll
O2 - BHO: (no name) - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - (no file)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [BingSvc] C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\xxx\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Skype for Desktop] C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
O4 - HKCU\..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - Global Startup: blink.lnk = C:\Windows\blink.exe
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra 'Tools' menuitem: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: MlmDm - Unknown owner - C:\Program Files\MLM downline manager\Files\database\bin\mlmdmbase.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: pSP2clnt - Unknown owner - C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8792 bytes
======Scheduled tasks folder======
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\GoToMeeting\8625\g2mupdate.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\GoToMeeting\8625\g2mupload.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]
Pagealicious
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-10-05 473664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-15 774440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}]
Search@Mail.Ru - C:\Users\xxx\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2018-03-12 1584856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11 1246600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2018-03-19 167480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-05 187968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-08-15 213832]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2017-03-12 352648]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2017-03-30 16463360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2017-07-21 587288]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"=C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-13 144008]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-03-03 7348440]
"cz.seznam.software.autoupdate"=C:\Users\xxx\AppData\Roaming\Seznam.cz\szninstall.exe -c []
"cz.seznam.software.szndesktop"=C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2018-03-27 109808]
"Skype for Desktop"=C:\Program Files\Microsoft\Skype for Desktop\Skype.exe []
"Web Companion"=C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
blink.lnk - C:\Windows\blink.exe
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"vidc.tscc"=C:\Windows\system32\tsccvid.dll
"vidc.tsc2"=C:\Windows\system32\tsc2_codec32.dll
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 month======
2018-04-10 19:12:12 ----D---- C:\rsit
2018-04-10 17:17:15 ----A---- C:\Windows\ntbtlog.txt
2018-04-08 14:23:02 ----ASH---- C:\pagefile.sys
2018-04-08 07:41:33 ----SHD---- C:\Config.Msi
2018-04-07 08:13:56 ----D---- C:\Program Files\Rozpisy pro loterie 2.05
2018-04-06 18:21:32 ----D---- C:\Program Files\Rozpisy pro Sportku - free verze 107
2018-04-06 18:15:02 ----D---- C:\Program Files\Rozpisy pro loterie 3.01
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmsckn.dll
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmorenu.dll
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmocod.dll
2018-04-06 18:14:38 ----D---- C:\Program Files\Rozpisy pro Šťastných10 (KENO10) - free verze
2018-03-31 15:15:38 ----A---- C:\Windows\system32\aswBoot.exe
======List of files/folders modified in the last 1 month======
2018-04-10 19:12:34 ----D---- C:\Windows\temp
2018-04-10 19:12:21 ----D---- C:\Program Files\trend micro
2018-04-10 18:37:13 ----SHD---- C:\Windows\Installer
2018-04-10 18:11:08 ----D---- C:\Users\xxx\AppData\Roaming\Tickmill MT4 Client Terminal
2018-04-10 18:01:53 ----D---- C:\AdwCleaner
2018-04-10 17:39:39 ----D---- C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets
2018-04-10 17:35:38 ----D---- C:\Windows\Prefetch
2018-04-10 17:26:44 ----D---- C:\Windows\inf
2018-04-10 17:26:44 ----AD---- C:\Windows\System32
2018-04-10 17:26:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-04-10 17:17:15 ----D---- C:\Windows
2018-04-10 13:59:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2018-04-10 13:59:09 ----D---- C:\Windows\system32\Macromed
2018-04-10 05:23:58 ----D---- C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets 1
2018-04-10 01:02:50 ----D---- C:\Windows\Minidump
2018-04-09 12:59:52 ----D---- C:\Users\xxx\AppData\Roaming\RoboForex - MetaTrader 4
2018-04-08 16:46:29 ----D---- C:\Users\xxx\AppData\Roaming\Telegram Desktop
2018-04-08 08:21:31 ----D---- C:\Windows\Tasks
2018-04-07 12:33:00 ----RD---- C:\Program Files
2018-04-07 12:33:00 ----D---- C:\Users\xxx\AppData\Roaming\MetaQuotes
2018-04-06 18:21:26 ----A---- C:\Windows\GPInstall.exe
2018-04-05 13:46:03 ----D---- C:\Users\xxx\AppData\Roaming\Seznam.cz
2018-04-02 20:27:53 ----D---- C:\Program Files\Opera
2018-03-31 20:37:13 ----D---- C:\Windows\system32\Tasks
2018-03-31 20:20:40 ----D---- C:\Windows\system32\drivers
2018-03-31 09:22:16 ----D---- C:\Users\xxx\AppData\Roaming\fxgen
2018-03-23 19:39:16 ----D---- C:\Users\xxx\AppData\Roaming\uTorrent
2018-03-23 19:37:59 ----D---- C:\Program Files\Smart Application Controller
2018-03-23 19:37:32 ----D---- C:\ProgramData
2018-03-23 19:37:04 ----D---- C:\Program Files\Mail.Ru
2018-03-23 19:36:19 ----D---- C:\Program Files\hMailServer
2018-03-23 19:35:56 ----D---- C:\Program Files\Google
2018-03-23 19:23:46 ----D---- C:\Program Files\McAfee
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2017-08-15 157416]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2017-08-15 276736]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2017-08-15 50384]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-08-15 70840]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-08-15 296312]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-01-02 320120]
R0 videX32;videX32; C:\Windows\system32\DRIVERS\videX32.sys [2010-02-11 13976]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2017-08-15 267008]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-08-15 39752]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-08-15 99536]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-08-24 774320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-08-15 496976]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-08-24 123928]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-08-15 147688]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2015-11-05 117760]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2014-03-18 77080]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 mfesapsn;McAfee Process Start Notification Service; \??\C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [2017-02-14 88448]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2016-12-25 5198336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-08-15 42824]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 DFX11_1;DFX Audio Enhancer 11.1; C:\Windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-14 44032]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys []
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2017-03-30 4397056]
S3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-04-09 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-04-09 11104]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinRing0_1_2_0;WinRing0_1_2_0; C:\Windows\system32\drivers\WinRing0_1_2_0.sys []
S3 WinUsb;CMCC USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-08-15 263312]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2018-03-19 472856]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2015-01-10 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2015-01-10 103736]
R2 pSP2clnt;pSP2clnt; C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe [2016-06-05 406016]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WinSMTPService;Windows SMTP Service; C:\Program Files\WinSMTPServer\Windows SMTP Server\Service\WinSMTPServer.exe [2010-05-10 37888]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2017-08-15 5815840]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-07-14 107192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 MlmDm;MlmDm; C:\Program Files\MLM downline manager\Files\database\bin\mlmdmbase.exe MlmDm []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10 272384]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-07-14 47288]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-04-13 647680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-10-14 104960]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-06 1343400]
S4 AppHostSvc;Pomocná služba hostitele aplikace; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 W3SVC;Služba Publikování na webu; C:\Windows\system32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Re: Vir se znovu objeví při zapnutí PC
Můžu se ještě zeptat co je to za chybové hlášení to "000000F4" ? Já jsem dohledal na netu že jde o cosi kritického a zároveň o jaký si viry. https://www.0x000000f4.com/
Můžu kdyžtak z tech stránek stáhnout software a otestovat to? je to bezpečné? Děkuji
Můžu kdyžtak z tech stránek stáhnout software a otestovat to? je to bezpečné? Děkuji
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir se znovu objeví při zapnutí PC
Pokud vám padl systém do modré smrti (BSOD), může to být hw, nebo sw chba (většinou). Pokud se tak stalo, otevřte adresář c:\windows\minidump, jeho obsah zabalte do zipu a přiložte k vašemu příštímu postu. Teď k logu (mimochodem máte příliš málo volného místa na systémovém disku):
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\Users\xxx\AppData\Local\Mail.Ru
C:\Program Files\Skype\Toolbars
C:\Users\xxx\AppData\Local\Microsoft\BingSvc
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]
Pagealicious
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"=-
"Web Companion"=-
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir se znovu objeví při zapnutí PC
No s tím místem na disku... kdybych mohl nějak promazat starší aktualizace, tak by to bylo lepší, ale nechci moc do toho zasahovat.. :/
Jen se zeptám, to vyskakování a načítání oken v prohlížeči nežádoucíma stránkama,... pomůžete mi s tím, abych se toho zbavil? Už mne to štve. každou chvilku (cca 30-40 minut) se to otevře a načítá stránky.
Přikládám LOG a SOUBOR 7zip.
Logfile of random's system information tool 1.10 (written by random/random)
Run by xxx at 2018-04-11 05:06:50
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1 GB (2%) free of 52 GB
Total RAM: 3070 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:07:29, on 11.4.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18838)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\taskhost.exe
C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\xxx\Downloads\RSIT.exe
C:\Program Files\trend micro\xxx.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=811141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0000000000
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\xxx\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 - BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll
O2 - BHO: (no name) - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - (no file)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [BingSvc] C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\xxx\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Skype for Desktop] C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
O4 - HKCU\..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - Global Startup: blink.lnk = C:\Windows\blink.exe
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra 'Tools' menuitem: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: MlmDm - Unknown owner - C:\Program Files\MLM downline manager\Files\database\bin\mlmdmbase.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: pSP2clnt - Unknown owner - C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8103 bytes
======Scheduled tasks folder======
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\GoToMeeting\8625\g2mupdate.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\GoToMeeting\8625\g2mupload.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-10-05 473664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-15 774440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}]
Search@Mail.Ru - C:\Users\xxx\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2018-03-19 167480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-05 187968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-08-15 213832]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2017-03-12 352648]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2017-03-30 16463360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2017-07-21 587288]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"=C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe []
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-03-03 7348440]
"cz.seznam.software.autoupdate"=C:\Users\xxx\AppData\Roaming\Seznam.cz\szninstall.exe -c []
"cz.seznam.software.szndesktop"=C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2018-03-27 109808]
"Skype for Desktop"=C:\Program Files\Microsoft\Skype for Desktop\Skype.exe []
"Web Companion"=C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
blink.lnk - C:\Windows\blink.exe
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"vidc.tscc"=C:\Windows\system32\tsccvid.dll
"vidc.tsc2"=C:\Windows\system32\tsc2_codec32.dll
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 month======
2018-04-11 05:06:50 ----D---- C:\rsit
2018-04-10 20:33:02 ----D---- C:\_OTM
2018-04-10 17:17:15 ----A---- C:\Windows\ntbtlog.txt
2018-04-08 14:23:02 ----ASH---- C:\pagefile.sys
2018-04-08 07:41:33 ----SHD---- C:\Config.Msi
2018-04-07 08:13:56 ----D---- C:\Program Files\Rozpisy pro loterie 2.05
2018-04-06 18:21:32 ----D---- C:\Program Files\Rozpisy pro Sportku - free verze 107
2018-04-06 18:15:02 ----D---- C:\Program Files\Rozpisy pro loterie 3.01
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmsckn.dll
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmorenu.dll
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmocod.dll
2018-04-06 18:14:38 ----D---- C:\Program Files\Rozpisy pro Šťastných10 (KENO10) - free verze
2018-03-31 15:15:38 ----A---- C:\Windows\system32\aswBoot.exe
======List of files/folders modified in the last 1 month======
2018-04-11 05:06:52 ----D---- C:\Program Files\trend micro
2018-04-11 05:06:37 ----D---- C:\Windows\Prefetch
2018-04-11 05:03:04 ----D---- C:\Windows\temp
2018-04-10 21:57:09 ----SHD---- C:\Windows\Installer
2018-04-10 20:33:06 ----RD---- C:\Program Files\Skype
2018-04-10 20:30:44 ----D---- C:\Windows\Minidump
2018-04-10 19:43:15 ----D---- C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets 1
2018-04-10 18:11:08 ----D---- C:\Users\xxx\AppData\Roaming\Tickmill MT4 Client Terminal
2018-04-10 18:01:53 ----D---- C:\AdwCleaner
2018-04-10 17:39:39 ----D---- C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets
2018-04-10 17:26:44 ----D---- C:\Windows\inf
2018-04-10 17:26:44 ----AD---- C:\Windows\System32
2018-04-10 17:26:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-04-10 17:17:15 ----D---- C:\Windows
2018-04-10 13:59:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2018-04-10 13:59:09 ----D---- C:\Windows\system32\Macromed
2018-04-09 12:59:52 ----D---- C:\Users\xxx\AppData\Roaming\RoboForex - MetaTrader 4
2018-04-08 16:46:29 ----D---- C:\Users\xxx\AppData\Roaming\Telegram Desktop
2018-04-08 08:21:31 ----D---- C:\Windows\Tasks
2018-04-07 12:33:00 ----RD---- C:\Program Files
2018-04-07 12:33:00 ----D---- C:\Users\xxx\AppData\Roaming\MetaQuotes
2018-04-06 18:21:26 ----A---- C:\Windows\GPInstall.exe
2018-04-05 13:46:03 ----D---- C:\Users\xxx\AppData\Roaming\Seznam.cz
2018-04-02 20:27:53 ----D---- C:\Program Files\Opera
2018-03-31 20:37:13 ----D---- C:\Windows\system32\Tasks
2018-03-31 20:20:40 ----D---- C:\Windows\system32\drivers
2018-03-31 09:22:16 ----D---- C:\Users\xxx\AppData\Roaming\fxgen
2018-03-23 19:39:16 ----D---- C:\Users\xxx\AppData\Roaming\uTorrent
2018-03-23 19:37:59 ----D---- C:\Program Files\Smart Application Controller
2018-03-23 19:37:32 ----D---- C:\ProgramData
2018-03-23 19:37:04 ----D---- C:\Program Files\Mail.Ru
2018-03-23 19:36:19 ----D---- C:\Program Files\hMailServer
2018-03-23 19:35:56 ----D---- C:\Program Files\Google
2018-03-23 19:23:46 ----D---- C:\Program Files\McAfee
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2017-08-15 157416]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2017-08-15 276736]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2017-08-15 50384]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-08-15 70840]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-08-15 296312]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-01-02 320120]
R0 videX32;videX32; C:\Windows\system32\DRIVERS\videX32.sys [2010-02-11 13976]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2017-08-15 267008]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-08-15 39752]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-08-15 99536]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-08-24 774320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-08-15 496976]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-08-24 123928]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-08-15 147688]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2015-11-05 117760]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2014-03-18 77080]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 mfesapsn;McAfee Process Start Notification Service; \??\C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [2017-02-14 88448]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2016-12-25 5198336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-08-15 42824]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 DFX11_1;DFX Audio Enhancer 11.1; C:\Windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-14 44032]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys []
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2017-03-30 4397056]
S3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-04-09 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-04-09 11104]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinRing0_1_2_0;WinRing0_1_2_0; C:\Windows\system32\drivers\WinRing0_1_2_0.sys []
S3 WinUsb;CMCC USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-08-15 263312]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2018-03-19 472856]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2015-01-10 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2015-01-10 103736]
R2 pSP2clnt;pSP2clnt; C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe [2016-06-05 406016]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WinSMTPService;Windows SMTP Service; C:\Program Files\WinSMTPServer\Windows SMTP Server\Service\WinSMTPServer.exe [2010-05-10 37888]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2017-08-15 5815840]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-07-14 107192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 MlmDm;MlmDm; C:\Program Files\MLM downline manager\Files\database\bin\mlmdmbase.exe MlmDm []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10 272384]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-07-14 47288]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-04-13 647680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-10-14 104960]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-06 1343400]
S4 AppHostSvc;Pomocná služba hostitele aplikace; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 W3SVC;Služba Publikování na webu; C:\Windows\system32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Jen se zeptám, to vyskakování a načítání oken v prohlížeči nežádoucíma stránkama,... pomůžete mi s tím, abych se toho zbavil? Už mne to štve. každou chvilku (cca 30-40 minut) se to otevře a načítá stránky.
Přikládám LOG a SOUBOR 7zip.
Logfile of random's system information tool 1.10 (written by random/random)
Run by xxx at 2018-04-11 05:06:50
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1 GB (2%) free of 52 GB
Total RAM: 3070 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:07:29, on 11.4.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18838)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\taskhost.exe
C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\xxx\Downloads\RSIT.exe
C:\Program Files\trend micro\xxx.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=811141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0000000000
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\xxx\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 - BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll
O2 - BHO: (no name) - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - (no file)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [BingSvc] C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\xxx\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Skype for Desktop] C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
O4 - HKCU\..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - Global Startup: blink.lnk = C:\Windows\blink.exe
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra 'Tools' menuitem: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: MlmDm - Unknown owner - C:\Program Files\MLM downline manager\Files\database\bin\mlmdmbase.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: pSP2clnt - Unknown owner - C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8103 bytes
======Scheduled tasks folder======
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\GoToMeeting\8625\g2mupdate.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job - C:\Users\xxx\AppData\Local\GoToMeeting\8625\g2mupload.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-10-05 473664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-15 774440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}]
Search@Mail.Ru - C:\Users\xxx\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2018-03-19 167480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-05 187968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-08-15 213832]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2017-03-12 352648]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2017-03-30 16463360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2017-07-21 587288]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"=C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe []
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-03-03 7348440]
"cz.seznam.software.autoupdate"=C:\Users\xxx\AppData\Roaming\Seznam.cz\szninstall.exe -c []
"cz.seznam.software.szndesktop"=C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2018-03-27 109808]
"Skype for Desktop"=C:\Program Files\Microsoft\Skype for Desktop\Skype.exe []
"Web Companion"=C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
blink.lnk - C:\Windows\blink.exe
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"vidc.tscc"=C:\Windows\system32\tsccvid.dll
"vidc.tsc2"=C:\Windows\system32\tsc2_codec32.dll
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 month======
2018-04-11 05:06:50 ----D---- C:\rsit
2018-04-10 20:33:02 ----D---- C:\_OTM
2018-04-10 17:17:15 ----A---- C:\Windows\ntbtlog.txt
2018-04-08 14:23:02 ----ASH---- C:\pagefile.sys
2018-04-08 07:41:33 ----SHD---- C:\Config.Msi
2018-04-07 08:13:56 ----D---- C:\Program Files\Rozpisy pro loterie 2.05
2018-04-06 18:21:32 ----D---- C:\Program Files\Rozpisy pro Sportku - free verze 107
2018-04-06 18:15:02 ----D---- C:\Program Files\Rozpisy pro loterie 3.01
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmsckn.dll
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmorenu.dll
2018-04-06 18:14:40 ----A---- C:\Windows\system32\Nmocod.dll
2018-04-06 18:14:38 ----D---- C:\Program Files\Rozpisy pro Šťastných10 (KENO10) - free verze
2018-03-31 15:15:38 ----A---- C:\Windows\system32\aswBoot.exe
======List of files/folders modified in the last 1 month======
2018-04-11 05:06:52 ----D---- C:\Program Files\trend micro
2018-04-11 05:06:37 ----D---- C:\Windows\Prefetch
2018-04-11 05:03:04 ----D---- C:\Windows\temp
2018-04-10 21:57:09 ----SHD---- C:\Windows\Installer
2018-04-10 20:33:06 ----RD---- C:\Program Files\Skype
2018-04-10 20:30:44 ----D---- C:\Windows\Minidump
2018-04-10 19:43:15 ----D---- C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets 1
2018-04-10 18:11:08 ----D---- C:\Users\xxx\AppData\Roaming\Tickmill MT4 Client Terminal
2018-04-10 18:01:53 ----D---- C:\AdwCleaner
2018-04-10 17:39:39 ----D---- C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets
2018-04-10 17:26:44 ----D---- C:\Windows\inf
2018-04-10 17:26:44 ----AD---- C:\Windows\System32
2018-04-10 17:26:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-04-10 17:17:15 ----D---- C:\Windows
2018-04-10 13:59:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2018-04-10 13:59:09 ----D---- C:\Windows\system32\Macromed
2018-04-09 12:59:52 ----D---- C:\Users\xxx\AppData\Roaming\RoboForex - MetaTrader 4
2018-04-08 16:46:29 ----D---- C:\Users\xxx\AppData\Roaming\Telegram Desktop
2018-04-08 08:21:31 ----D---- C:\Windows\Tasks
2018-04-07 12:33:00 ----RD---- C:\Program Files
2018-04-07 12:33:00 ----D---- C:\Users\xxx\AppData\Roaming\MetaQuotes
2018-04-06 18:21:26 ----A---- C:\Windows\GPInstall.exe
2018-04-05 13:46:03 ----D---- C:\Users\xxx\AppData\Roaming\Seznam.cz
2018-04-02 20:27:53 ----D---- C:\Program Files\Opera
2018-03-31 20:37:13 ----D---- C:\Windows\system32\Tasks
2018-03-31 20:20:40 ----D---- C:\Windows\system32\drivers
2018-03-31 09:22:16 ----D---- C:\Users\xxx\AppData\Roaming\fxgen
2018-03-23 19:39:16 ----D---- C:\Users\xxx\AppData\Roaming\uTorrent
2018-03-23 19:37:59 ----D---- C:\Program Files\Smart Application Controller
2018-03-23 19:37:32 ----D---- C:\ProgramData
2018-03-23 19:37:04 ----D---- C:\Program Files\Mail.Ru
2018-03-23 19:36:19 ----D---- C:\Program Files\hMailServer
2018-03-23 19:35:56 ----D---- C:\Program Files\Google
2018-03-23 19:23:46 ----D---- C:\Program Files\McAfee
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2017-08-15 157416]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2017-08-15 276736]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2017-08-15 50384]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-08-15 70840]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-08-15 296312]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-01-02 320120]
R0 videX32;videX32; C:\Windows\system32\DRIVERS\videX32.sys [2010-02-11 13976]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2017-08-15 267008]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-08-15 39752]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-08-15 99536]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-08-24 774320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-08-15 496976]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-08-24 123928]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-08-15 147688]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2015-11-05 117760]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2014-03-18 77080]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 mfesapsn;McAfee Process Start Notification Service; \??\C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [2017-02-14 88448]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2016-12-25 5198336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-08-15 42824]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 DFX11_1;DFX Audio Enhancer 11.1; C:\Windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-14 44032]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys []
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2017-03-30 4397056]
S3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-04-09 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-04-09 11104]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinRing0_1_2_0;WinRing0_1_2_0; C:\Windows\system32\drivers\WinRing0_1_2_0.sys []
S3 WinUsb;CMCC USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-08-15 263312]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2018-03-19 472856]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2015-01-10 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2015-01-10 103736]
R2 pSP2clnt;pSP2clnt; C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe [2016-06-05 406016]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WinSMTPService;Windows SMTP Service; C:\Program Files\WinSMTPServer\Windows SMTP Server\Service\WinSMTPServer.exe [2010-05-10 37888]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2017-08-15 5815840]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-07-14 107192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 MlmDm;MlmDm; C:\Program Files\MLM downline manager\Files\database\bin\mlmdmbase.exe MlmDm []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10 272384]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-07-14 47288]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-04-13 647680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-10-14 104960]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-06 1343400]
S4 AppHostSvc;Pomocná služba hostitele aplikace; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 W3SVC;Služba Publikování na webu; C:\Windows\system32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
- Přílohy
-
- Minidump.7z
- (93 bajtů) Staženo 78 x
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir se znovu objeví při zapnutí PC
Aktualizace neprmažete, ty jsou nataženy v systému, zbyl po nich jen odinstalační soubor. Spíše přesuňte některá svá data na jiné úložiště, příp. odinstalujte nepoužívané aplikace. 52GB pro systémový disk v dnešní době je opravdu málo.
Jinak dvouklikem na soubor C:\Program Files\trend micro\xxx.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
Jinak dvouklikem na soubor C:\Program Files\trend micro\xxx.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=811141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\xxx\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 - BHO: (no name) - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - (no file)
O9 - Extra button: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O9 - Extra 'Tools' menuitem: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - (no file)
O15 - Trusted Zone: http://*.webcompanion.com
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir se znovu objeví při zapnutí PC
Hotovo, provedeno... Myslíte že to už bude dobré?
Příště nebudu chodit na ruská fóra
A utorentu se taky vyhnu.
Příště nebudu chodit na ruská fóra
A utorentu se taky vyhnu.-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir se znovu objeví při zapnutí PC
Ruským webům se pokud možno vyhýbejte. Většina je jich útočných. Torrenty také nesou bezpečné (některá zahraniční antivirová fóra vám dokonce odmítnou čištění PC, pokud zjistí torrentového klienta v systému). Myslím, že by to již mělo být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?