Právě je 19 říj 2018 00:31

Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Všechny časy jsou v UTC + 1 hodina


Pravidla fóra


Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.



Odeslat nové téma Odpovědět na téma  [ Příspěvků: 14 ] 
Autor Zpráva
PříspěvekNapsal: 19 kvě 2018 08:15 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 07 říj 2006 17:56
Příspěvky: 94
ahoj,
ozývám se po nějaké opět po nějaké době..... :( nějak se mi poslední týden strašně seká comp :roll:

prosím profíky o kontrolu logu , moc děkuji
Rado

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2018-05-19 09:11:54
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 172 GB (36%) free of 477 GB
Total RAM: 4079 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:12:03, on 19.5.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17606)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE /EPT "EPLTarget\P0000000000000000" /M "L3050 Series"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE /EPT "EPLTarget\P0000000000000001" /M "L3050 Series"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE /EPT "EPLTarget\P0000000000000002" /M "L3050 Series"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(06) (EPSON_PM_RPCV4_06) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Heroes & Generals Service (HnGService) - Reto-Moto ApS - C:\Program Files (x86)\Heroes & Generals\live\hngservice.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: TrueKeyServiceHelper - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10228 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\EscSvc64.exe
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe"
"C:\Program Files\TrueKey\McTkSchedulerService.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-04bb024f-13b9-4cd1-948c-ec4ccce4a6f2 -SystemEventPortName:HostProcess-5ad9dd62-e049-4e50-bfe0-9d6ee2430902 -IoCancelEventPortName:HostProcess-6d93a771-e4cf-4ea2-8e06-b60f0ee56742 -NonStateChangingEventPortName:HostProcess-8c821a93-c248-4c74-928c-cb743b9b1685 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:59149159-40ee-45a3-aee9-85be7b14a2aa -DeviceGroupId:WpdFsGroup
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
C:\PROGRA~1\TrueKey\MC3D2D~1.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
AvastUI.exe /nogui
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
"C:\Windows\System32\spool\drivers\x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000000" /M "L3050 Series"
"C:\Windows\System32\spool\drivers\x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000001" /M "L3050 Series"
"C:\Windows\System32\spool\drivers\x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000002" /M "L3050 Series"
"C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4092.0.1404999215\1946651135" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" "C:\Users\Admin\AppData\LocalLow\Mozilla\Temp-{613a3956-8c05-4d28-b594-36adafab6871}" 4092 "\\.\pipe\gecko-crash-server-pipe.4092" 1176 gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4092.3.1823577457\523217944" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{613a3956-8c05-4d28-b594-36adafab6871}| -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4092 "\\.\pipe\gecko-crash-server-pipe.4092" 1284 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4092.12.964569753\1617500158" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{613a3956-8c05-4d28-b594-36adafab6871}| -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4092 "\\.\pipe\gecko-crash-server-pipe.4092" 1728 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4092.20.1286667997\2012414187" -childID 3 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{613a3956-8c05-4d28-b594-36adafab6871}| -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4092 "\\.\pipe\gecko-crash-server-pipe.4092" 2544 tab
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4092.27.1255786095\649240339" -childID 4 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{613a3956-8c05-4d28-b594-36adafab6871}| -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4092 "\\.\pipe\gecko-crash-server-pipe.4092" 864 tab
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4092.34.1291282449\166181431" -childID 5 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{613a3956-8c05-4d28-b594-36adafab6871}| -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4092 "\\.\pipe\gecko-crash-server-pipe.4092" 2892 tab
taskeng.exe {5C7EADC6-1FE6-4959-87E1-B7FCD9567B19}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

taskeng.exe {A98A44AB-038C-4BEC-8F42-020E62B5F9A9}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Admin\Desktop\RSITx64.exe"
taskhost.exe $(Arg0)
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\EPSON L3050 Series Update {2584AB98-4802-425E-A1E1-748945C59A64}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE /EXE:"{2584AB98-4802-425E-A1E1-748945C59A64}" /F:"Update"
C:\Windows\tasks\EPSON L3050 Series Update {30E340EF-E85B-4CCA-9919-35B8E566C305}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE /EXE:"{30E340EF-E85B-4CCA-9919-35B8E566C305}" /F:"Update"
C:\Windows\tasks\EPSON L3050 Series Update {6767D884-BE09-4DF8-A4AE-A61B2B4B71B4}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE /EXE:"{6767D884-BE09-4DF8-A4AE-A61B2B4B71B4}" /F:"Update"

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\is8dw8aj.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 29.0.0.171 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 29.0.0.171 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.20.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.20.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}]
True Key Helper - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25 1429728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-08-28 551848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-18 958328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31 471536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-28 212904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}]
True Key Helper - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25 1056992]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}]
E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27 238576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-18 820672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-05 59272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - True Key - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25 1429728]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31 471536]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - True Key - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25 1056992]
{201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27 238576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-11-18 13370472]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-10-29 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-10-29 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-10-29 416024]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-05-18 242904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"Google Update"=C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [2018-05-18 601680]
"EPLTarget\P0000000000000000"=C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [2014-11-14 417776]
"EPLTarget\P0000000000000001"=C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [2014-11-14 417776]
"EPLTarget\P0000000000000002"=C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [2014-11-14 417776]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2018-04-12 46214128]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2018-05-10 18334016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19 1160408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2011-10-29 392472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2011-10-29 167704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2011-10-29 416024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-11-18 13370472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-30 507776]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-30 507776]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"EEventManager"=C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2016-11-18 1151872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-10-21 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
"C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-05-18 08:26:50 ----D---- C:\Users\Admin\AppData\Roaming\AVAST Software
2018-05-18 08:12:19 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2018-05-18 08:12:19 ----A---- C:\Windows\system32\drivers\aswStm.sys
2018-05-18 08:12:18 ----A---- C:\Windows\system32\drivers\aswSP.sys
2018-05-18 08:12:18 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2018-05-18 08:12:18 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2018-05-18 08:12:17 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2018-05-18 08:12:17 ----A---- C:\Windows\system32\drivers\aswArPot.sys
2018-05-18 08:12:16 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2018-05-18 08:12:16 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2018-05-18 08:12:16 ----A---- C:\Windows\system32\drivers\aswbuniva.sys
2018-05-18 08:12:16 ----A---- C:\Windows\system32\drivers\aswbloga.sys
2018-05-18 08:12:15 ----A---- C:\Windows\system32\drivers\aswbidsha.sys
2018-05-18 08:12:14 ----A---- C:\Windows\system32\drivers\aswHdsKe.sys
2018-05-18 08:12:14 ----A---- C:\Windows\system32\drivers\aswbidsdrivera.sys
2018-05-18 08:11:20 ----A---- C:\Windows\system32\aswBoot.exe
2018-05-18 08:11:16 ----D---- C:\Program Files\Common Files\AVAST Software
2018-05-18 08:02:26 ----D---- C:\Program Files\AVAST Software
2018-05-08 19:53:14 ----A---- C:\Windows\system32\win32k.sys
2018-05-08 19:53:08 ----A---- C:\Windows\system32\wuaueng.dll
2018-05-08 19:53:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-05-08 19:53:05 ----A---- C:\Windows\system32\wucltux.dll
2018-05-08 19:53:04 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2018-05-08 19:53:04 ----A---- C:\Windows\system32\drivers\srv.sys
2018-05-08 19:53:02 ----A---- C:\Windows\system32\oleaut32.dll
2018-05-08 19:53:00 ----A---- C:\Windows\system32\drivers\srv2.sys
2018-05-08 19:53:00 ----A---- C:\Windows\system32\comsvcs.dll
2018-05-08 19:52:59 ----A---- C:\Windows\system32\winload.exe
2018-05-08 19:52:57 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2018-05-08 19:52:57 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2018-05-08 19:52:57 ----A---- C:\Windows\system32\rpcss.dll
2018-05-08 19:52:56 ----A---- C:\Windows\system32\drivers\srvnet.sys
2018-05-08 19:52:56 ----A---- C:\Windows\system32\clfs.sys
2018-05-08 19:52:55 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-05-08 19:52:55 ----A---- C:\Windows\system32\wudriver.dll
2018-05-08 19:52:55 ----A---- C:\Windows\system32\TSpkg.dll
2018-05-08 19:52:55 ----A---- C:\Windows\system32\srvsvc.dll
2018-05-08 19:52:55 ----A---- C:\Windows\system32\catsrvut.dll
2018-05-08 19:52:54 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2018-05-08 19:52:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-05-08 19:52:54 ----A---- C:\Windows\system32\itss.dll
2018-05-08 19:52:53 ----A---- C:\Windows\SYSWOW64\itss.dll
2018-05-08 19:52:50 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2018-05-08 19:52:48 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-05-08 19:52:48 ----A---- C:\Windows\system32\hal.dll
2018-05-08 19:51:44 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-05-08 19:51:43 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2018-05-08 19:51:43 ----A---- C:\Windows\SYSWOW64\itircl.dll
2018-05-08 19:51:42 ----A---- C:\Windows\system32\ntdll.dll
2018-05-08 19:51:39 ----A---- C:\Windows\system32\itircl.dll
2018-05-08 19:51:38 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\sscore.dll
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\ole32.dll
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\hhsetup.dll
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\hh.exe
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\wups2.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\wups.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\sscore.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\ole32.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\lsasrv.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\hhsetup.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\comcat.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\certcli.dll
2018-05-08 19:51:36 ----A---- C:\Windows\hh.exe
2018-05-08 19:51:35 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-05-08 19:51:35 ----A---- C:\Windows\SYSWOW64\comcat.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\wuwebv.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\wuapi.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\smss.exe
2018-05-08 19:51:35 ----A---- C:\Windows\system32\rpcrt4.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\kernel32.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\kerberos.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\drivers\videoprt.sys
2018-05-08 19:51:35 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-05-08 19:51:35 ----A---- C:\Windows\system32\advapi32.dll
2018-05-08 19:51:34 ----A---- C:\Windows\system32\schannel.dll
2018-05-08 19:51:34 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-05-08 19:51:33 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-05-08 19:51:33 ----A---- C:\Windows\system32\winsrv.dll
2018-05-08 19:51:33 ----A---- C:\Windows\system32\ncrypt.dll
2018-05-08 19:51:33 ----A---- C:\Windows\system32\msv1_0.dll
2018-05-08 19:51:33 ----A---- C:\Windows\system32\KernelBase.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\wuauclt.exe
2018-05-08 19:51:32 ----A---- C:\Windows\system32\wow64win.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\wow64.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\WinSetupUI.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\wdigest.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\sspisrv.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\sspicli.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\srcore.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\rpchttp.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\lsass.exe
2018-05-08 19:51:32 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-05-08 19:51:32 ----A---- C:\Windows\system32\drivers\appid.sys
2018-05-08 19:51:32 ----A---- C:\Windows\system32\csrsrv.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\cryptbase.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\conhost.exe
2018-05-08 19:51:32 ----A---- C:\Windows\system32\bcrypt.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\wups.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\oleres.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\wuapp.exe
2018-05-08 19:51:31 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\wow64cpu.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\srclient.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\secur32.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\rstrui.exe
2018-05-08 19:51:31 ----A---- C:\Windows\system32\oleres.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\ntvdm64.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\credssp.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\auditpol.exe
2018-05-08 19:51:31 ----A---- C:\Windows\system32\appidsvc.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-05-08 19:51:31 ----A---- C:\Windows\system32\appidapi.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-08 19:51:30 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-05-08 19:51:30 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-05-08 19:51:30 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-05-08 19:51:30 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-05-08 19:51:30 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\user.exe
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\tzres.dll
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\tzres.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\msobjs.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\msaudite.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\apisetschema.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\adtschema.dll
2018-05-03 09:42:34 ----D---- C:\Záloha ProFact

======List of files/folders modified in the last 1 month======

2018-05-19 09:11:58 ----D---- C:\Windows\Temp
2018-05-19 09:11:58 ----D---- C:\Program Files\trend micro
2018-05-19 09:11:51 ----D---- C:\Windows\Prefetch
2018-05-19 05:44:34 ----D---- C:\Windows\system32\config
2018-05-19 00:03:45 ----A---- C:\Windows\SYSWOW64\log.txt
2018-05-18 17:07:51 ----D---- C:\Program Files (x86)\ProFact
2018-05-18 16:34:09 ----D---- C:\Windows
2018-05-18 16:33:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-18 16:33:51 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-05-18 16:33:50 ----D---- C:\Windows\winsxs
2018-05-18 10:38:46 ----D---- C:\ProgramData\AVAST Software
2018-05-18 08:35:29 ----D---- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
2018-05-18 08:35:29 ----D---- C:\Program Files (x86)\TeamViewer
2018-05-18 08:34:51 ----D---- C:\Windows\Logs
2018-05-18 08:34:51 ----D---- C:\Windows\inf
2018-05-18 08:34:50 ----D---- C:\Windows\Minidump
2018-05-18 08:34:50 ----D---- C:\Windows\debug
2018-05-18 08:12:46 ----D---- C:\Windows\system32\Tasks
2018-05-18 08:12:19 ----D---- C:\Windows\system32\drivers
2018-05-18 08:11:20 ----D---- C:\Windows\System32
2018-05-18 08:11:16 ----D---- C:\Program Files\Common Files
2018-05-18 08:02:26 ----D---- C:\Program Files
2018-05-18 08:01:59 ----D---- C:\Program Files\CCleaner
2018-05-17 05:36:03 ----SHD---- C:\Windows\Installer
2018-05-17 05:31:03 ----RD---- C:\Program Files (x86)
2018-05-15 19:41:17 ----SHD---- C:\System Volume Information
2018-05-09 22:57:54 ----D---- C:\Windows\rescache
2018-05-09 09:51:27 ----D---- C:\Windows\Microsoft.NET
2018-05-09 09:47:16 ----RSD---- C:\Windows\assembly
2018-05-09 08:12:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-05-09 08:03:01 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-05-09 08:02:59 ----D---- C:\Windows\SysWOW64
2018-05-09 08:02:57 ----D---- C:\Windows\system32\drivers\en-US
2018-05-09 08:02:57 ----D---- C:\Windows\system32\cs-CZ
2018-05-09 08:02:56 ----D---- C:\Windows\system32\en-US
2018-05-09 08:02:53 ----D---- C:\Windows\AppPatch
2018-05-09 08:02:52 ----D---- C:\Windows\system32\Boot
2018-05-09 01:18:57 ----D---- C:\Windows\system32\MRT
2018-05-09 01:13:09 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-05-09 01:12:53 ----AC---- C:\Windows\system32\MRT.exe
2018-05-09 01:12:07 ----D---- C:\Windows\system32\catroot2
2018-05-09 01:09:15 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-05-08 19:58:47 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-05-08 19:58:37 ----D---- C:\Windows\system32\Macromed
2018-05-08 19:58:35 ----D---- C:\Windows\SYSWOW64\Macromed
2018-04-25 12:32:05 ----D---- C:\Program Files (x86)\Mozilla Thunderbird

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-05-18 85968]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-12-25 381440]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-05-18 234560]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-05-18 460520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-12-25 283064]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-08-12 231376]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-05-18 159120]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-03-29 11658752]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-03-29 581120]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-09-24 94208]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-08-17 57088]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-08-17 80384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-11-22 2955496]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-04-29 32768]
S3 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-05-18 196640]
S3 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-05-18 227504]
S3 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-05-18 199440]
S3 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-05-18 343752]
S3 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-05-18 57680]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-05-18 46968]
S3 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-05-18 111360]
S3 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-05-18 1027720]
S3 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-05-18 205976]
S3 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-05-18 381552]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-10-21 12310112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RHDISK_AMD64;RHDISK_AMD64; \??\F:\_rohos\RHDISK_AMD64.SYS []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 WSDScan;Podpora skenování WSD přes UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-03-29 241152]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-05-18 317280]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [2013-04-15 152640]
R2 EpsonScanSvc;Epson Scanner Service; C:\Windows\system32\EscSvc64.exe [2017-03-10 145224]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-01-08 66872]
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2018-03-01 10803440]
R2 TrueKey;Intel Security True Key; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2018-03-29 1001920]
R2 TrueKeyScheduler;Intel Security True Key Scheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [2018-03-29 16928]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-04 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-03 128608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-05-23 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-05-18 7620096]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11 144200]
S3 HnGService;Heroes & Generals Service; C:\Program Files (x86)\Heroes & Generals\live\hngservice.exe [2018-03-15 777000]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-05-18 194512]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TrueKeyServiceHelper;TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2018-03-29 87760]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-11 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-10-03 52832]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

-----------------EOF-----------------


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 19 kvě 2018 10:18 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 106206
Bydliště: Plzeň
Zdravím!
Spusťte tuto utilitu:

Citace:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 kvě 2018 07:50 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 07 říj 2006 17:56
Příspěvky: 94
dobrá ráno :)

tady výsledek.

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-18.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-21-2018
# Duration: 00:00:03
# OS: Windows 7 Professional
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\GotClip Downloader

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 kvě 2018 12:18 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 106206
Bydliště: Plzeň
Dejte nový log RSIT.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 kvě 2018 14:54 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 07 říj 2006 17:56
Příspěvky: 94
Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2018-05-21 15:53:48
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 171 GB (36%) free of 477 GB
Total RAM: 4079 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:53:54, on 21.5.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17606)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE /EPT "EPLTarget\P0000000000000000" /M "L3050 Series"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE /EPT "EPLTarget\P0000000000000001" /M "L3050 Series"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE /EPT "EPLTarget\P0000000000000002" /M "L3050 Series"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(06) (EPSON_PM_RPCV4_06) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Heroes & Generals Service (HnGService) - Reto-Moto ApS - C:\Program Files (x86)\Heroes & Generals\live\hngservice.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: TrueKeyServiceHelper - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10291 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
taskeng.exe {85FA48D6-FC65-402A-A38F-87F982DF1C5A}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\EscSvc64.exe
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe"
"C:\Program Files\TrueKey\McTkSchedulerService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ba60963f-1494-44f5-a7b0-fa574b5588ac -SystemEventPortName:HostProcess-1247b491-06d1-4bf3-a05a-adcbf2aa4449 -IoCancelEventPortName:HostProcess-83290bae-4ff4-4335-9e05-f4671f060f26 -NonStateChangingEventPortName:HostProcess-da8d1371-8b02-4ceb-a384-8480f2934375 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f97948fb-047f-47d7-b1dd-234a20f91998 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
C:\PROGRA~1\TrueKey\MC3D2D~1.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\System32\spool\drivers\x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000000" /M "L3050 Series"
"C:\Windows\System32\spool\drivers\x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000001" /M "L3050 Series"
"C:\Windows\System32\spool\drivers\x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000002" /M "L3050 Series"
"C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe"
taskeng.exe {F52A14EA-BECE-4BE8-99EA-859FB4236F7F}
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
AvastUI.exe /nogui
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:10.0 /MODE:2
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical

taskeng.exe {7E66BE12-5294-4128-8697-35AB2FDF7E31}
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Admin\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\EPSON L3050 Series Update {2584AB98-4802-425E-A1E1-748945C59A64}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE /EXE:"{2584AB98-4802-425E-A1E1-748945C59A64}" /F:"Update"
C:\Windows\tasks\EPSON L3050 Series Update {30E340EF-E85B-4CCA-9919-35B8E566C305}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE /EXE:"{30E340EF-E85B-4CCA-9919-35B8E566C305}" /F:"Update"
C:\Windows\tasks\EPSON L3050 Series Update {6767D884-BE09-4DF8-A4AE-A61B2B4B71B4}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE /EXE:"{6767D884-BE09-4DF8-A4AE-A61B2B4B71B4}" /F:"Update"

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\is8dw8aj.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 29.0.0.171 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 29.0.0.171 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.20.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.20.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}]
True Key Helper - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25 1429728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-08-28 551848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-18 958328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31 471536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-28 212904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}]
True Key Helper - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25 1056992]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}]
E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27 238576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-18 820672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-05 59272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - True Key - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25 1429728]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31 471536]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - True Key - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25 1056992]
{201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27 238576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-11-18 13370472]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-10-29 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-10-29 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-10-29 416024]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-05-18 242904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"Google Update"=C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [2018-05-18 601680]
"EPLTarget\P0000000000000000"=C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [2014-11-14 417776]
"EPLTarget\P0000000000000001"=C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [2014-11-14 417776]
"EPLTarget\P0000000000000002"=C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [2014-11-14 417776]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2018-04-12 46214128]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2018-05-10 18334016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19 1160408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2011-10-29 392472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2011-10-29 167704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2011-10-29 416024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-11-18 13370472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-30 507776]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-30 507776]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"EEventManager"=C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2016-11-18 1151872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-10-21 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
"C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-05-18 08:26:50 ----D---- C:\Users\Admin\AppData\Roaming\AVAST Software
2018-05-18 08:12:19 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2018-05-18 08:12:19 ----A---- C:\Windows\system32\drivers\aswStm.sys
2018-05-18 08:12:18 ----A---- C:\Windows\system32\drivers\aswSP.sys
2018-05-18 08:12:18 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2018-05-18 08:12:18 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2018-05-18 08:12:17 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2018-05-18 08:12:17 ----A---- C:\Windows\system32\drivers\aswArPot.sys
2018-05-18 08:12:16 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2018-05-18 08:12:16 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2018-05-18 08:12:16 ----A---- C:\Windows\system32\drivers\aswbuniva.sys
2018-05-18 08:12:16 ----A---- C:\Windows\system32\drivers\aswbloga.sys
2018-05-18 08:12:15 ----A---- C:\Windows\system32\drivers\aswbidsha.sys
2018-05-18 08:12:14 ----A---- C:\Windows\system32\drivers\aswHdsKe.sys
2018-05-18 08:12:14 ----A---- C:\Windows\system32\drivers\aswbidsdrivera.sys
2018-05-18 08:11:20 ----A---- C:\Windows\system32\aswBoot.exe
2018-05-18 08:11:16 ----D---- C:\Program Files\Common Files\AVAST Software
2018-05-18 08:02:26 ----D---- C:\Program Files\AVAST Software
2018-05-08 19:53:14 ----A---- C:\Windows\system32\win32k.sys
2018-05-08 19:53:08 ----A---- C:\Windows\system32\wuaueng.dll
2018-05-08 19:53:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-05-08 19:53:05 ----A---- C:\Windows\system32\wucltux.dll
2018-05-08 19:53:04 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2018-05-08 19:53:04 ----A---- C:\Windows\system32\drivers\srv.sys
2018-05-08 19:53:02 ----A---- C:\Windows\system32\oleaut32.dll
2018-05-08 19:53:00 ----A---- C:\Windows\system32\drivers\srv2.sys
2018-05-08 19:53:00 ----A---- C:\Windows\system32\comsvcs.dll
2018-05-08 19:52:59 ----A---- C:\Windows\system32\winload.exe
2018-05-08 19:52:57 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2018-05-08 19:52:57 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2018-05-08 19:52:57 ----A---- C:\Windows\system32\rpcss.dll
2018-05-08 19:52:56 ----A---- C:\Windows\system32\drivers\srvnet.sys
2018-05-08 19:52:56 ----A---- C:\Windows\system32\clfs.sys
2018-05-08 19:52:55 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-05-08 19:52:55 ----A---- C:\Windows\system32\wudriver.dll
2018-05-08 19:52:55 ----A---- C:\Windows\system32\TSpkg.dll
2018-05-08 19:52:55 ----A---- C:\Windows\system32\srvsvc.dll
2018-05-08 19:52:55 ----A---- C:\Windows\system32\catsrvut.dll
2018-05-08 19:52:54 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2018-05-08 19:52:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-05-08 19:52:54 ----A---- C:\Windows\system32\itss.dll
2018-05-08 19:52:53 ----A---- C:\Windows\SYSWOW64\itss.dll
2018-05-08 19:52:50 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2018-05-08 19:52:48 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-05-08 19:52:48 ----A---- C:\Windows\system32\hal.dll
2018-05-08 19:51:44 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-05-08 19:51:43 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2018-05-08 19:51:43 ----A---- C:\Windows\SYSWOW64\itircl.dll
2018-05-08 19:51:42 ----A---- C:\Windows\system32\ntdll.dll
2018-05-08 19:51:39 ----A---- C:\Windows\system32\itircl.dll
2018-05-08 19:51:38 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\sscore.dll
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\ole32.dll
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\hhsetup.dll
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\hh.exe
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\wups2.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\wups.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\sscore.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\ole32.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\lsasrv.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\hhsetup.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\comcat.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\certcli.dll
2018-05-08 19:51:36 ----A---- C:\Windows\hh.exe
2018-05-08 19:51:35 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-05-08 19:51:35 ----A---- C:\Windows\SYSWOW64\comcat.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\wuwebv.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\wuapi.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\smss.exe
2018-05-08 19:51:35 ----A---- C:\Windows\system32\rpcrt4.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\kernel32.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\kerberos.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\drivers\videoprt.sys
2018-05-08 19:51:35 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-05-08 19:51:35 ----A---- C:\Windows\system32\advapi32.dll
2018-05-08 19:51:34 ----A---- C:\Windows\system32\schannel.dll
2018-05-08 19:51:34 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-05-08 19:51:33 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-05-08 19:51:33 ----A---- C:\Windows\system32\winsrv.dll
2018-05-08 19:51:33 ----A---- C:\Windows\system32\ncrypt.dll
2018-05-08 19:51:33 ----A---- C:\Windows\system32\msv1_0.dll
2018-05-08 19:51:33 ----A---- C:\Windows\system32\KernelBase.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\wuauclt.exe
2018-05-08 19:51:32 ----A---- C:\Windows\system32\wow64win.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\wow64.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\WinSetupUI.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\wdigest.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\sspisrv.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\sspicli.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\srcore.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\rpchttp.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\lsass.exe
2018-05-08 19:51:32 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-05-08 19:51:32 ----A---- C:\Windows\system32\drivers\appid.sys
2018-05-08 19:51:32 ----A---- C:\Windows\system32\csrsrv.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\cryptbase.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\conhost.exe
2018-05-08 19:51:32 ----A---- C:\Windows\system32\bcrypt.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\wups.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\oleres.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\wuapp.exe
2018-05-08 19:51:31 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\wow64cpu.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\srclient.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\secur32.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\rstrui.exe
2018-05-08 19:51:31 ----A---- C:\Windows\system32\oleres.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\ntvdm64.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\credssp.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\auditpol.exe
2018-05-08 19:51:31 ----A---- C:\Windows\system32\appidsvc.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-05-08 19:51:31 ----A---- C:\Windows\system32\appidapi.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-08 19:51:30 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-05-08 19:51:30 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-05-08 19:51:30 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-05-08 19:51:30 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-05-08 19:51:30 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\user.exe
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\tzres.dll
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\tzres.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\msobjs.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\msaudite.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\apisetschema.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\adtschema.dll
2018-05-03 09:42:34 ----D---- C:\Záloha ProFact

======List of files/folders modified in the last 1 month======

2018-05-21 15:53:54 ----D---- C:\Windows\Prefetch
2018-05-21 15:53:51 ----D---- C:\Program Files\trend micro
2018-05-21 15:53:50 ----D---- C:\Windows\Temp
2018-05-21 15:52:27 ----D---- C:\Program Files (x86)\ProFact
2018-05-21 15:43:41 ----A---- C:\Windows\SYSWOW64\log.txt
2018-05-21 08:45:13 ----D---- C:\Windows\system32\Tasks
2018-05-21 08:43:01 ----D---- C:\Windows\system32\config
2018-05-21 08:42:19 ----D---- C:\AdwCleaner
2018-05-20 00:12:54 ----SHD---- C:\System Volume Information
2018-05-18 16:34:09 ----D---- C:\Windows
2018-05-18 16:33:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-18 16:33:51 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-05-18 16:33:50 ----D---- C:\Windows\winsxs
2018-05-18 10:38:46 ----D---- C:\ProgramData\AVAST Software
2018-05-18 08:35:29 ----D---- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
2018-05-18 08:35:29 ----D---- C:\Program Files (x86)\TeamViewer
2018-05-18 08:34:51 ----D---- C:\Windows\Logs
2018-05-18 08:34:51 ----D---- C:\Windows\inf
2018-05-18 08:34:50 ----D---- C:\Windows\Minidump
2018-05-18 08:34:50 ----D---- C:\Windows\debug
2018-05-18 08:12:19 ----D---- C:\Windows\system32\drivers
2018-05-18 08:11:20 ----D---- C:\Windows\System32
2018-05-18 08:11:16 ----D---- C:\Program Files\Common Files
2018-05-18 08:02:26 ----D---- C:\Program Files
2018-05-18 08:01:59 ----D---- C:\Program Files\CCleaner
2018-05-17 05:36:03 ----SHD---- C:\Windows\Installer
2018-05-17 05:31:03 ----RD---- C:\Program Files (x86)
2018-05-09 22:57:54 ----D---- C:\Windows\rescache
2018-05-09 09:51:27 ----D---- C:\Windows\Microsoft.NET
2018-05-09 09:47:16 ----RSD---- C:\Windows\assembly
2018-05-09 08:12:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-05-09 08:03:01 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-05-09 08:02:59 ----D---- C:\Windows\SysWOW64
2018-05-09 08:02:57 ----D---- C:\Windows\system32\drivers\en-US
2018-05-09 08:02:57 ----D---- C:\Windows\system32\cs-CZ
2018-05-09 08:02:56 ----D---- C:\Windows\system32\en-US
2018-05-09 08:02:53 ----D---- C:\Windows\AppPatch
2018-05-09 08:02:52 ----D---- C:\Windows\system32\Boot
2018-05-09 01:18:57 ----D---- C:\Windows\system32\MRT
2018-05-09 01:13:09 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-05-09 01:12:53 ----AC---- C:\Windows\system32\MRT.exe
2018-05-09 01:12:07 ----D---- C:\Windows\system32\catroot2
2018-05-09 01:09:15 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-05-08 19:58:47 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-05-08 19:58:37 ----D---- C:\Windows\system32\Macromed
2018-05-08 19:58:35 ----D---- C:\Windows\SYSWOW64\Macromed
2018-04-25 12:32:05 ----D---- C:\Program Files (x86)\Mozilla Thunderbird

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-05-18 85968]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-12-25 381440]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-05-18 234560]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-05-18 460520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-12-25 283064]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-08-12 231376]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-05-18 159120]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-03-29 11658752]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-03-29 581120]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-09-24 94208]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-08-17 57088]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-08-17 80384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-11-22 2955496]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;Podpora skenování WSD přes UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-04-29 32768]
S3 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-05-18 196640]
S3 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-05-18 227504]
S3 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-05-18 199440]
S3 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-05-18 343752]
S3 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-05-18 57680]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-05-18 46968]
S3 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-05-18 111360]
S3 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-05-18 1027720]
S3 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-05-18 205976]
S3 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-05-18 381552]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-10-21 12310112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RHDISK_AMD64;RHDISK_AMD64; \??\F:\_rohos\RHDISK_AMD64.SYS []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-03-29 241152]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-05-18 317280]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [2013-04-15 152640]
R2 EpsonScanSvc;Epson Scanner Service; C:\Windows\system32\EscSvc64.exe [2017-03-10 145224]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-01-08 66872]
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2018-03-01 10803440]
R2 TrueKey;Intel Security True Key; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2018-03-29 1001920]
R2 TrueKeyScheduler;Intel Security True Key Scheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [2018-03-29 16928]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-04 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-03 128608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-05-23 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-05-18 7620096]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11 144200]
S3 HnGService;Heroes & Generals Service; C:\Program Files (x86)\Heroes & Generals\live\hngservice.exe [2018-03-15 777000]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-05-18 194512]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TrueKeyServiceHelper;TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2018-03-29 87760]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-11 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-10-03 52832]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

-----------------EOF-----------------


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 kvě 2018 17:12 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 106206
Bydliště: Plzeň
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

Citace:
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]/64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]/64
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]


a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 kvě 2018 17:54 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 07 říj 2006 17:56
Příspěvky: 94
výpis z OTM

All processes killed
========== REGISTRY ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 129760739 bytes
->Temporary Internet Files folder emptied: 752931 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 389497348 bytes
->Google Chrome cache emptied: 33227508 bytes
->Flash cache emptied: 2177 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3021040 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 19682 bytes

Total Files Cleaned = 531,00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 05212018_184217

Files moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\_MEI16922\resources\fonts\Roboto-Black.ttf moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\resources\fonts\Roboto-BlackItalic.ttf moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\resources\fonts\Roboto-Bold.ttf moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\resources\fonts\Roboto-BoldItalic.ttf moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\resources\fonts\Roboto-Italic.ttf moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\resources\fonts\Roboto-Light.ttf moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\resources\fonts\Roboto-LightItalic.ttf moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\resources\fonts\Roboto-Medium.ttf moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\resources\fonts\Roboto-MediumItalic.ttf moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\resources\fonts\Roboto-Regular.ttf moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\resources\fonts\Roboto-Thin.ttf moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\resources\fonts\Roboto-ThinItalic.ttf moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\bz2.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\cello.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\common.time34.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\hashobjs_ext.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\msvcp90.dll moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\msvcr90.dll moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\PIL._imaging.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\pyexpat.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\pysqlite2._sqlite.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\python27.dll moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\pythoncom27.dll moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\pywintypes27.dll moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\select.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\thumbnails_ext.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\unicodedata.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\usb_ext.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32api.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32com.shell.shell.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32crypt.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32event.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32file.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32gui.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32inet.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32pdh.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32pipe.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32process.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32profile.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32security.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32ts.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\windows.conditional.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\windows.connectivity.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\windows.device_monitor.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\windows.volumes.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\windows.winwrap.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\windows._cacheinvalidation.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\wx._controls_.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\wx._core_.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\wx._gdi_.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\wx._html2.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\wx._misc_.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\wx._windows_.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\wxbase30u_net_vc90_x64.dll moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\wxbase30u_vc90_x64.dll moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\wxmsw30u_adv_vc90_x64.dll moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\wxmsw30u_core_vc90_x64.dll moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\wxmsw30u_html_vc90_x64.dll moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\wxmsw30u_webview_vc90_x64.dll moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\_ctypes.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\_elementtree.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\_hashlib.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\_multiprocessing.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\_psutil_windows.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\_socket.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\_ssl.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\_MEI16922\_yappi.pyd moved successfully.
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\startupCache\scriptCache-child-current.bin moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\startupCache\scriptCache-current.bin moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\startupCache\startupCache.8.little moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\OfflineCache\index.sqlite moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\cache2\entries\324606FDEC37BF91D84D740EC0C236BD422C32FA moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\cache2\entries\54D6F57036E9CB312A177E59BA4B3232F6CDF0D0 moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\cache2\entries\7CBE2DE348A96C740BA75FE933AD73DA90131C2F moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\cache2\entries\80E1606FEDC060F73F2E6188776A74A5A30794B4 moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\cache2\entries\8D31C279A7436BF708531E3198DD9CF4B7CFE773 moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\cache2\entries\A904D7E5E502BE82B64014093571436141854505 moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\cache2\entries\B1C70E39F90F6F5890F612D3A323D50C50290F4F moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\cache2\entries\C05B7A4C416BBE027ECA2657C7AD1BB205A44EDC moved successfully.
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\is8dw8aj.default\cache2\entries\CA20BE71CCF6BE3B1AA06593820C22A083B59BD8 moved successfully.
File move failed. C:\Windows\temp\_avast_\AvLock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 kvě 2018 17:55 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 07 říj 2006 17:56
Příspěvky: 94
výpis z RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2018-05-21 18:54:45
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 171 GB (36%) free of 477 GB
Total RAM: 4079 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:53, on 21.5.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17606)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE /EPT "EPLTarget\P0000000000000000" /M "L3050 Series"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE /EPT "EPLTarget\P0000000000000001" /M "L3050 Series"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE /EPT "EPLTarget\P0000000000000002" /M "L3050 Series"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(06) (EPSON_PM_RPCV4_06) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Heroes & Generals Service (HnGService) - Reto-Moto ApS - C:\Program Files (x86)\Heroes & Generals\live\hngservice.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: TrueKeyServiceHelper - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9926 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
taskeng.exe {1A3BA608-7169-4E74-BC3C-CD7285E06ACE}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\EscSvc64.exe
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe"
"C:\Program Files\TrueKey\McTkSchedulerService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
taskeng.exe {8E6BBE13-2842-4C25-9EF9-3A6DAD39D885}
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-39d2fbb3-49d1-47e4-9229-742ca8971c5c -SystemEventPortName:HostProcess-d43f2f13-b725-464f-b22c-c5285de7b9b6 -IoCancelEventPortName:HostProcess-b0b0ec66-d3d3-4142-a30a-84e651c4e60b -NonStateChangingEventPortName:HostProcess-4acde8f4-1c73-4250-9dc6-0fd30b7e3cef -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:041c0c3c-614b-49cf-bb72-c5ef473db719 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\System32\spool\drivers\x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000000" /M "L3050 Series"
"C:\Windows\System32\spool\drivers\x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000001" /M "L3050 Series"
"C:\Windows\System32\spool\drivers\x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000002" /M "L3050 Series"
"C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe"
AvastUI.exe /nogui
taskeng.exe {69247350-8A82-4176-981D-EBFE6B45F0E6}
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4640.0.1264038202\1772482564" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" "C:\Users\Admin\AppData\LocalLow\Mozilla\Temp-{613a3956-8c05-4d28-b594-36adafab6871}" 4640 "\\.\pipe\gecko-crash-server-pipe.4640" 1112 gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4640.3.572138880\331419717" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{613a3956-8c05-4d28-b594-36adafab6871}| -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4640 "\\.\pipe\gecko-crash-server-pipe.4640" 1596 tab
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4640.13.1662874075\308443624" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{613a3956-8c05-4d28-b594-36adafab6871}| -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4640 "\\.\pipe\gecko-crash-server-pipe.4640" 2308 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4640.20.514304248\2004560005" -childID 3 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{613a3956-8c05-4d28-b594-36adafab6871}| -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4640 "\\.\pipe\gecko-crash-server-pipe.4640" 2816 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4640.27.1149305314\999528316" -childID 4 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{613a3956-8c05-4d28-b594-36adafab6871}| -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4640 "\\.\pipe\gecko-crash-server-pipe.4640" 3376 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4640.34.74917448\470482558" -childID 5 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{613a3956-8c05-4d28-b594-36adafab6871}| -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4640 "\\.\pipe\gecko-crash-server-pipe.4640" 2792 tab
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-652216218-743393155-1199561642-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-652216218-743393155-1199561642-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\Admin\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\EPSON L3050 Series Update {2584AB98-4802-425E-A1E1-748945C59A64}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE /EXE:"{2584AB98-4802-425E-A1E1-748945C59A64}" /F:"Update"
C:\Windows\tasks\EPSON L3050 Series Update {30E340EF-E85B-4CCA-9919-35B8E566C305}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE /EXE:"{30E340EF-E85B-4CCA-9919-35B8E566C305}" /F:"Update"
C:\Windows\tasks\EPSON L3050 Series Update {6767D884-BE09-4DF8-A4AE-A61B2B4B71B4}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE /EXE:"{6767D884-BE09-4DF8-A4AE-A61B2B4B71B4}" /F:"Update"

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\is8dw8aj.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 29.0.0.171 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 29.0.0.171 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.20.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.20.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}]
True Key Helper - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25 1429728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-08-28 551848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-18 958328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31 471536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-28 212904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}]
True Key Helper - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25 1056992]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}]
E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27 238576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-18 820672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-05 59272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - True Key - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25 1056992]
{201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27 238576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-11-18 13370472]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-10-29 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-10-29 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-10-29 416024]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-05-18 242904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"Google Update"=C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [2018-05-18 601680]
"EPLTarget\P0000000000000000"=C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [2014-11-14 417776]
"EPLTarget\P0000000000000001"=C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [2014-11-14 417776]
"EPLTarget\P0000000000000002"=C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [2014-11-14 417776]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2018-04-12 46214128]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2018-05-10 18334016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19 1160408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2011-10-29 392472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2011-10-29 167704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2011-10-29 416024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-11-18 13370472]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"EEventManager"=C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2016-11-18 1151872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-10-21 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
"C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-05-18 08:26:50 ----D---- C:\Users\Admin\AppData\Roaming\AVAST Software
2018-05-18 08:12:19 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2018-05-18 08:12:19 ----A---- C:\Windows\system32\drivers\aswStm.sys
2018-05-18 08:12:18 ----A---- C:\Windows\system32\drivers\aswSP.sys
2018-05-18 08:12:18 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2018-05-18 08:12:18 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2018-05-18 08:12:17 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2018-05-18 08:12:17 ----A---- C:\Windows\system32\drivers\aswArPot.sys
2018-05-18 08:12:16 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2018-05-18 08:12:16 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2018-05-18 08:12:16 ----A---- C:\Windows\system32\drivers\aswbuniva.sys
2018-05-18 08:12:16 ----A---- C:\Windows\system32\drivers\aswbloga.sys
2018-05-18 08:12:15 ----A---- C:\Windows\system32\drivers\aswbidsha.sys
2018-05-18 08:12:14 ----A---- C:\Windows\system32\drivers\aswHdsKe.sys
2018-05-18 08:12:14 ----A---- C:\Windows\system32\drivers\aswbidsdrivera.sys
2018-05-18 08:11:20 ----A---- C:\Windows\system32\aswBoot.exe
2018-05-18 08:11:16 ----D---- C:\Program Files\Common Files\AVAST Software
2018-05-18 08:02:26 ----D---- C:\Program Files\AVAST Software
2018-05-08 19:53:14 ----A---- C:\Windows\system32\win32k.sys
2018-05-08 19:53:08 ----A---- C:\Windows\system32\wuaueng.dll
2018-05-08 19:53:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-05-08 19:53:05 ----A---- C:\Windows\system32\wucltux.dll
2018-05-08 19:53:04 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2018-05-08 19:53:04 ----A---- C:\Windows\system32\drivers\srv.sys
2018-05-08 19:53:02 ----A---- C:\Windows\system32\oleaut32.dll
2018-05-08 19:53:00 ----A---- C:\Windows\system32\drivers\srv2.sys
2018-05-08 19:53:00 ----A---- C:\Windows\system32\comsvcs.dll
2018-05-08 19:52:59 ----A---- C:\Windows\system32\winload.exe
2018-05-08 19:52:57 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2018-05-08 19:52:57 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2018-05-08 19:52:57 ----A---- C:\Windows\system32\rpcss.dll
2018-05-08 19:52:56 ----A---- C:\Windows\system32\drivers\srvnet.sys
2018-05-08 19:52:56 ----A---- C:\Windows\system32\clfs.sys
2018-05-08 19:52:55 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-05-08 19:52:55 ----A---- C:\Windows\system32\wudriver.dll
2018-05-08 19:52:55 ----A---- C:\Windows\system32\TSpkg.dll
2018-05-08 19:52:55 ----A---- C:\Windows\system32\srvsvc.dll
2018-05-08 19:52:55 ----A---- C:\Windows\system32\catsrvut.dll
2018-05-08 19:52:54 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2018-05-08 19:52:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-05-08 19:52:54 ----A---- C:\Windows\system32\itss.dll
2018-05-08 19:52:53 ----A---- C:\Windows\SYSWOW64\itss.dll
2018-05-08 19:52:50 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2018-05-08 19:52:48 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-05-08 19:52:48 ----A---- C:\Windows\system32\hal.dll
2018-05-08 19:51:44 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-05-08 19:51:43 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2018-05-08 19:51:43 ----A---- C:\Windows\SYSWOW64\itircl.dll
2018-05-08 19:51:42 ----A---- C:\Windows\system32\ntdll.dll
2018-05-08 19:51:39 ----A---- C:\Windows\system32\itircl.dll
2018-05-08 19:51:38 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\sscore.dll
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\ole32.dll
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\hhsetup.dll
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\hh.exe
2018-05-08 19:51:36 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\wups2.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\wups.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\sscore.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\ole32.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\lsasrv.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\hhsetup.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\comcat.dll
2018-05-08 19:51:36 ----A---- C:\Windows\system32\certcli.dll
2018-05-08 19:51:36 ----A---- C:\Windows\hh.exe
2018-05-08 19:51:35 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-05-08 19:51:35 ----A---- C:\Windows\SYSWOW64\comcat.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\wuwebv.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\wuapi.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\smss.exe
2018-05-08 19:51:35 ----A---- C:\Windows\system32\rpcrt4.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\kernel32.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\kerberos.dll
2018-05-08 19:51:35 ----A---- C:\Windows\system32\drivers\videoprt.sys
2018-05-08 19:51:35 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-05-08 19:51:35 ----A---- C:\Windows\system32\advapi32.dll
2018-05-08 19:51:34 ----A---- C:\Windows\system32\schannel.dll
2018-05-08 19:51:34 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-05-08 19:51:33 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-05-08 19:51:33 ----A---- C:\Windows\system32\winsrv.dll
2018-05-08 19:51:33 ----A---- C:\Windows\system32\ncrypt.dll
2018-05-08 19:51:33 ----A---- C:\Windows\system32\msv1_0.dll
2018-05-08 19:51:33 ----A---- C:\Windows\system32\KernelBase.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-05-08 19:51:32 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\wuauclt.exe
2018-05-08 19:51:32 ----A---- C:\Windows\system32\wow64win.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\wow64.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\WinSetupUI.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\wdigest.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\sspisrv.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\sspicli.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\srcore.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\rpchttp.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\lsass.exe
2018-05-08 19:51:32 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-05-08 19:51:32 ----A---- C:\Windows\system32\drivers\appid.sys
2018-05-08 19:51:32 ----A---- C:\Windows\system32\csrsrv.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\cryptbase.dll
2018-05-08 19:51:32 ----A---- C:\Windows\system32\conhost.exe
2018-05-08 19:51:32 ----A---- C:\Windows\system32\bcrypt.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\wups.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\oleres.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-05-08 19:51:31 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\wuapp.exe
2018-05-08 19:51:31 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\wow64cpu.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\srclient.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\secur32.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\rstrui.exe
2018-05-08 19:51:31 ----A---- C:\Windows\system32\oleres.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\ntvdm64.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\credssp.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\auditpol.exe
2018-05-08 19:51:31 ----A---- C:\Windows\system32\appidsvc.dll
2018-05-08 19:51:31 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-05-08 19:51:31 ----A---- C:\Windows\system32\appidapi.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-08 19:51:30 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-08 19:51:30 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-05-08 19:51:30 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-05-08 19:51:30 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-05-08 19:51:30 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-05-08 19:51:30 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\user.exe
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\tzres.dll
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-05-08 19:51:29 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\tzres.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\msobjs.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\msaudite.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\apisetschema.dll
2018-05-08 19:51:29 ----A---- C:\Windows\system32\adtschema.dll
2018-05-03 09:42:34 ----D---- C:\Záloha ProFact

======List of files/folders modified in the last 1 month======

2018-05-21 18:54:50 ----D---- C:\Program Files\trend micro
2018-05-21 18:54:43 ----D---- C:\Windows\Temp
2018-05-21 18:52:36 ----A---- C:\Windows\SYSWOW64\log.txt
2018-05-21 18:51:02 ----D---- C:\Windows\Prefetch
2018-05-21 18:48:17 ----D---- C:\Windows\system32\config
2018-05-21 18:47:48 ----D---- C:\Windows
2018-05-21 17:05:44 ----D---- C:\Program Files (x86)\TeamViewer
2018-05-21 15:52:27 ----D---- C:\Program Files (x86)\ProFact
2018-05-21 08:45:13 ----D---- C:\Windows\system32\Tasks
2018-05-21 08:42:19 ----D---- C:\AdwCleaner
2018-05-20 00:12:54 ----SHD---- C:\System Volume Information
2018-05-18 16:33:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-18 16:33:51 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-05-18 16:33:50 ----D---- C:\Windows\winsxs
2018-05-18 10:38:46 ----D---- C:\ProgramData\AVAST Software
2018-05-18 08:35:29 ----D---- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
2018-05-18 08:34:51 ----D---- C:\Windows\Logs
2018-05-18 08:34:51 ----D---- C:\Windows\inf
2018-05-18 08:34:50 ----D---- C:\Windows\Minidump
2018-05-18 08:34:50 ----D---- C:\Windows\debug
2018-05-18 08:12:19 ----D---- C:\Windows\system32\drivers
2018-05-18 08:11:20 ----D---- C:\Windows\System32
2018-05-18 08:11:16 ----D---- C:\Program Files\Common Files
2018-05-18 08:02:26 ----D---- C:\Program Files
2018-05-18 08:01:59 ----D---- C:\Program Files\CCleaner
2018-05-17 05:36:03 ----SHD---- C:\Windows\Installer
2018-05-17 05:31:03 ----RD---- C:\Program Files (x86)
2018-05-09 22:57:54 ----D---- C:\Windows\rescache
2018-05-09 09:51:27 ----D---- C:\Windows\Microsoft.NET
2018-05-09 09:47:16 ----RSD---- C:\Windows\assembly
2018-05-09 08:12:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-05-09 08:03:01 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-05-09 08:02:59 ----D---- C:\Windows\SysWOW64
2018-05-09 08:02:57 ----D---- C:\Windows\system32\drivers\en-US
2018-05-09 08:02:57 ----D---- C:\Windows\system32\cs-CZ
2018-05-09 08:02:56 ----D---- C:\Windows\system32\en-US
2018-05-09 08:02:53 ----D---- C:\Windows\AppPatch
2018-05-09 08:02:52 ----D---- C:\Windows\system32\Boot
2018-05-09 01:18:57 ----D---- C:\Windows\system32\MRT
2018-05-09 01:13:09 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-05-09 01:12:53 ----AC---- C:\Windows\system32\MRT.exe
2018-05-09 01:12:07 ----D---- C:\Windows\system32\catroot2
2018-05-09 01:09:15 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-05-08 19:58:47 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-05-08 19:58:37 ----D---- C:\Windows\system32\Macromed
2018-05-08 19:58:35 ----D---- C:\Windows\SYSWOW64\Macromed
2018-04-25 12:32:05 ----D---- C:\Program Files (x86)\Mozilla Thunderbird

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-05-18 85968]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-12-25 381440]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-05-18 234560]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-05-18 460520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-12-25 283064]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-08-12 231376]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-05-18 159120]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-03-29 11658752]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-03-29 581120]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-09-24 94208]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-08-17 57088]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-08-17 80384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-11-22 2955496]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;Podpora skenování WSD přes UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-04-29 32768]
S3 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-05-18 196640]
S3 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-05-18 227504]
S3 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-05-18 199440]
S3 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-05-18 343752]
S3 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-05-18 57680]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-05-18 46968]
S3 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-05-18 111360]
S3 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-05-18 1027720]
S3 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-05-18 205976]
S3 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-05-18 381552]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-10-21 12310112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RHDISK_AMD64;RHDISK_AMD64; \??\F:\_rohos\RHDISK_AMD64.SYS []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-03-29 241152]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-05-18 317280]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [2013-04-15 152640]
R2 EpsonScanSvc;Epson Scanner Service; C:\Windows\system32\EscSvc64.exe [2017-03-10 145224]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-01-08 66872]
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2018-03-01 10803440]
R2 TrueKey;Intel Security True Key; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2018-03-29 1001920]
R2 TrueKeyScheduler;Intel Security True Key Scheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [2018-03-29 16928]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-04 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-03 128608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-05-23 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-05-18 7620096]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11 144200]
S3 HnGService;Heroes & Generals Service; C:\Program Files (x86)\Heroes & Generals\live\hngservice.exe [2018-03-15 777000]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-05-18 194512]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TrueKeyServiceHelper;TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2018-03-29 87760]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-11 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-10-03 52832]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

-----------------EOF-----------------


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 kvě 2018 17:58 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 07 říj 2006 17:56
Příspěvky: 94
Když jsem před scanem vypínal Microsoft security essentials tak jsem si vsiml ze v karantene byl nějaký trojan, tak jsem ho smáznul.
Navíc se mi s něčím tady jak koukám instaloval free avast antivirus..... kterej mám ponechat prosím?
nebo nějaký jiný typ na AV?

Děkuji
RK.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 kvě 2018 18:03 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 106206
Bydliště: Plzeň
V takovém případě musí být MSSE automaticky vypnut. Já bych si určitě ponechal Avast.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 kvě 2018 18:08 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 07 říj 2006 17:56
Příspěvky: 94
MSSE jsem odinstaloval...
Logy byly OK?


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 kvě 2018 18:56 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 106206
Bydliště: Plzeň
Po smazání jsou OK.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 kvě 2018 19:07 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 07 říj 2006 17:56
Příspěvky: 94
mockrát děkuji..
za opět super pomoc jsem poslal malej příspěvek na provoz fora....

Ještě jednou díky a zas třebas někdy :)

RK.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 kvě 2018 19:52 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 106206
Bydliště: Plzeň
Za příspěvek děkujeme a vy nemáte zač! :)

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
Zobrazit příspěvky za předchozí:  Seřadit podle  
Odeslat nové téma Odpovědět na téma  [ Příspěvků: 14 ] 

Všechny časy jsou v UTC + 1 hodina


Kdo je online

Uživatelé procházející toto fórum: Žádní registrovaní uživatelé


Nemůžete zakládat nová témata v tomto fóru
Nemůžete odpovídat v tomto fóru
Nemůžete upravovat své příspěvky v tomto fóru
Nemůžete mazat své příspěvky v tomto fóru
Nemůžete přikládat soubory v tomto fóru

Hledat:
Přejít na:  
cron
Založeno na phpBB® Forum Software © phpBB Group
Český překlad – phpBB.cz
Přispějete na provoz fóra?
>